Priming and warnings are not effective to prevent social engineering attacks

Research output: Contribution to journalArticleAcademicpeer-review

42 Citations (Scopus)
1 Downloads (Pure)

Abstract

Humans tend to trust each other and to easily disclose personal information. This makes them vulnerable to social engineering attacks. The present study investigated the effectiveness of two interventions that aim to protect users against social engineering attacks, namely priming through cues to raise awareness about the dangers of social engineering cyber-attacks and warnings against the disclosure of personal information. A sample of visitors of the shopping district of a medium-sized town in the Netherlands was studied. Disclosure was measured by asking subjects for their email address, 9 digits from their 18 digit bank account number, and for those who previously shopped online, what they had purchased and in which web shop. Relatively high disclosure rates were found: 79.1% of the subjects filled in their email address, and 43.5% provided bank account information. Among the online shoppers, 89.8% of the subjects filled in the type of product(s) they purchased and 91.4% filled in the name of the online shop where they did these purchases. Multivariate analysis showed that neither priming questions, nor a warning influenced the degree of disclosure. Indications of an adverse effect of the warning were found. The implications of these findings are discussed.
Original languageEnglish
Pages (from-to)75-87
Number of pages13
JournalComputers in human behavior
Volume66
DOIs
Publication statusPublished - 2017

Keywords

  • Disclosure of personal information
  • Prevention
  • Priming
  • IR-101311
  • Social Engineering
  • EC Grant Agreement nr.: FP7/318003
  • METIS-317975
  • Phishing
  • Warning
  • EWI-27214
  • EC Grant Agreement nr.: FP7/2007-2013

Fingerprint Dive into the research topics of 'Priming and warnings are not effective to prevent social engineering attacks'. Together they form a unique fingerprint.

Cite this