A Survey on the Principles of Persuasion as a Social Engineering Strategy in Phishing

Kalam Khadka, Abu Barkat Ullah, Wanli Ma, Elisa Martinez Marroquin, Yibeltal Alem

Research output: A Conference proceeding or a Chapter in BookConference contributionpeer-review

Abstract

Research shows that phishing emails often utilize persuasion techniques, such as social proof, liking, consistency, authority, scarcity, and reciprocity to gain trust to obtain sensitive information or maliciously infect devices. The link between principles of persuasion and social engineering attacks, particularly in phishing email attacks, is an important topic in cyber security as they are the common and effective method used by cybercriminals to obtain sensitive information or access computer systems. This survey paper concluded that spear phishing, a targeted form of phishing, has been found to be specifically effective as attackers can tailor their messages to the specific characteristics, interests, and vulnerabilities of their targets. Understanding the uses of the principles of persuasion in spear phishing is key to the effective defence against it and eventually its elimination. This survey paper systematically summarizes and presents the current state of the art in understanding the use of principles of persuasion in phishing. Through a systematic review of the existing literature, this survey paper identifies a significant gap in the understanding of the impact of principles of persuasion as a social engineering strategy in phishing attacks and highlights the need for further research in this area.

Original languageEnglish
Title of host publicationProceedings - 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom/BigDataSE/CSE/EUC/iSCI 2023
EditorsWilly Susilo, Geyong Min, Jia Hu, Md Zakirul Alam Bhuiyan, Xing Chen, Guojun Wang
PublisherIEEE, Institute of Electrical and Electronics Engineers
Pages1631-1638
Number of pages8
ISBN (Electronic)9798350381993
DOIs
Publication statusPublished - 2023
Event22nd IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2023 - Exeter, United Kingdom
Duration: 1 Nov 20233 Nov 2023

Publication series

NameProceedings - 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom/BigDataSE/CSE/EUC/iSCI 2023

Conference

Conference22nd IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2023
Country/TerritoryUnited Kingdom
CityExeter
Period1/11/233/11/23

Cite this