TY - GEN
T1 - A Survey on the Principles of Persuasion as a Social Engineering Strategy in Phishing
AU - Khadka, Kalam
AU - Ullah, Abu Barkat
AU - Ma, Wanli
AU - Marroquin, Elisa Martinez
AU - Alem, Yibeltal
N1 - Publisher Copyright:
© 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - Research shows that phishing emails often utilize persuasion techniques, such as social proof, liking, consistency, authority, scarcity, and reciprocity to gain trust to obtain sensitive information or maliciously infect devices. The link between principles of persuasion and social engineering attacks, particularly in phishing email attacks, is an important topic in cyber security as they are the common and effective method used by cybercriminals to obtain sensitive information or access computer systems. This survey paper concluded that spear phishing, a targeted form of phishing, has been found to be specifically effective as attackers can tailor their messages to the specific characteristics, interests, and vulnerabilities of their targets. Understanding the uses of the principles of persuasion in spear phishing is key to the effective defence against it and eventually its elimination. This survey paper systematically summarizes and presents the current state of the art in understanding the use of principles of persuasion in phishing. Through a systematic review of the existing literature, this survey paper identifies a significant gap in the understanding of the impact of principles of persuasion as a social engineering strategy in phishing attacks and highlights the need for further research in this area.
AB - Research shows that phishing emails often utilize persuasion techniques, such as social proof, liking, consistency, authority, scarcity, and reciprocity to gain trust to obtain sensitive information or maliciously infect devices. The link between principles of persuasion and social engineering attacks, particularly in phishing email attacks, is an important topic in cyber security as they are the common and effective method used by cybercriminals to obtain sensitive information or access computer systems. This survey paper concluded that spear phishing, a targeted form of phishing, has been found to be specifically effective as attackers can tailor their messages to the specific characteristics, interests, and vulnerabilities of their targets. Understanding the uses of the principles of persuasion in spear phishing is key to the effective defence against it and eventually its elimination. This survey paper systematically summarizes and presents the current state of the art in understanding the use of principles of persuasion in phishing. Through a systematic review of the existing literature, this survey paper identifies a significant gap in the understanding of the impact of principles of persuasion as a social engineering strategy in phishing attacks and highlights the need for further research in this area.
KW - Cyber Security
KW - Persuasion Principles
KW - Phishing Email
KW - Social Engineering
UR - http://www.scopus.com/inward/record.url?scp=85195447622&partnerID=8YFLogxK
UR - https://ieeexplore.ieee.org/xpl/conhome/10538469/proceeding
UR - https://hpcn.exeter.ac.uk/trustcom2023/
U2 - 10.1109/TrustCom60117.2023.00222
DO - 10.1109/TrustCom60117.2023.00222
M3 - Conference contribution
AN - SCOPUS:85195447622
T3 - Proceedings - 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom/BigDataSE/CSE/EUC/iSCI 2023
SP - 1631
EP - 1638
BT - Proceedings - 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom/BigDataSE/CSE/EUC/iSCI 2023
A2 - Susilo, Willy
A2 - Min, Geyong
A2 - Hu, Jia
A2 - Alam Bhuiyan, Md Zakirul
A2 - Chen, Xing
A2 - Wang, Guojun
PB - IEEE, Institute of Electrical and Electronics Engineers
T2 - 22nd IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2023
Y2 - 1 November 2023 through 3 November 2023
ER -