On the anatomy of social engineering attacks: A literature-based dissection of successful attacks

Jan-Willem Bullée (Corresponding Author), Lorena Montoya, Wolter Pieters, Marianne Junger, Pieter Hartel

Research output: Contribution to journalArticleAcademicpeer-review

41 Citations (Scopus)
308 Downloads (Pure)

Abstract

The aim of this studywas to explore the extent towhich persuasion principles are used in successful social engineering attacks. Seventy-four scenarioswere extracted from 4 books on social engineering (written by social engineers) and analysed. Each scenariowas split into attack steps, containing single interactions between offender and target. For each attack step, persuasion principles were identified. The main findings are that (a) persuasion principles are often used in social engineering attacks, (b) authority (1 of the 6 persuasion principles) is used considerably more often than others, and (c) single-principle attack steps occur more often than multiple-principle ones. The social engineers identified in the scenarios more often used persuasion principles compared to other social influences. The scenario analysis illustrates how to exploit the human element in security. The findings support the view that security mechanisms should include not only technical but also social countermeasures.
Original languageEnglish
Pages (from-to)20-45
Number of pages26
JournalJournal of Investigative Psychology and Offender Profiling
Volume15
Issue number1
Early online date14 Jul 2017
DOIs
Publication statusPublished - Jan 2018

Keywords

  • UT-Hybrid-D
  • Information Security
  • Literature study
  • Persuasion
  • Social Engineering
  • Deception

Fingerprint

Dive into the research topics of 'On the anatomy of social engineering attacks: A literature-based dissection of successful attacks'. Together they form a unique fingerprint.

Cite this