Print Email Facebook Twitter On the anatomy of social engineering attacks Title On the anatomy of social engineering attacks: A literature-based dissection of successful attacks Author Bullée, Jan Willem Hendrik (University of Twente) Montoya, Lorena (University of Twente) Pieters, W. (TU Delft Safety and Security Science) Junger, M. (University of Twente) Hartel, P.H. (TU Delft Cyber Security) Date 2018 Abstract The aim of this study was to explore the extent to which persuasion principles are used in successful social engineering attacks. Seventy-four scenarios were extracted from 4 books on social engineering (written by social engineers) and analysed. Each scenario was split into attack steps, containing single interactions between offender and target. For each attack step, persuasion principles were identified. The main findings are that (a) persuasion principles are often used in social engineering attacks, (b) authority (1 of the 6 persuasion principles) is used considerably more often than others, and (c) single-principle attack steps occur more often than multiple-principle ones. The social engineers identified in the scenarios more often used persuasion principles compared to other social influences. The scenario analysis illustrates how to exploit the human element in security. The findings support the view that security mechanisms should include not only technical but also social countermeasures. Subject DeceptionInformation securityLiterature studyPersuasionSocial engineering To reference this document use: http://resolver.tudelft.nl/uuid:6c4dd1d7-2bc1-4770-b8cb-d52360532b72 DOI https://doi.org/10.1002/jip.1482 ISSN 1544-4759 Source Journal of Investigative Psychology and Offender Profiling, 20-45 Part of collection Institutional Repository Document type journal article Rights © 2018 Jan Willem Hendrik Bullée, Lorena Montoya, W. Pieters, M. Junger, P.H. Hartel Files PDF Bull_e_et_al_2017_Journal ... filing.pdf 2.1 MB Close viewer /islandora/object/uuid:6c4dd1d7-2bc1-4770-b8cb-d52360532b72/datastream/OBJ/view