A Survey on the Principles of Persuasion as a Social Engineering Strategy in Phishing
Kalam Khadka, Abu Barkat Ullah, Wanli Ma, Elisa Martinez Marroquin
TL;DR
This survey reviews how persuasion principles are employed in phishing attacks, especially spear phishing, emphasizing the need for further research to understand and counteract these social engineering strategies.
Contribution
It systematically summarizes current knowledge on persuasion in phishing and identifies gaps, highlighting the importance of understanding these tactics for better defense.
Findings
Spear phishing is highly effective due to targeted message customization.
Persuasion principles like social proof and authority are commonly exploited.
There is a significant research gap in understanding persuasion's impact in phishing.
Abstract
Research shows that phishing emails often utilize persuasion techniques, such as social proof, liking, consistency, authority, scarcity, and reciprocity to gain trust to obtain sensitive information or maliciously infect devices. The link between principles of persuasion and social engineering attacks, particularly in phishing email attacks, is an important topic in cyber security as they are the common and effective method used by cybercriminals to obtain sensitive information or access computer systems. This survey paper concluded that spear phishing, a targeted form of phishing, has been found to be specifically effective as attackers can tailor their messages to the specific characteristics, interests, and vulnerabilities of their targets. Understanding the uses of the principles of persuasion in spear phishing is key to the effective defence against it and eventually its…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.