| Summary: | This paper aims to explore the psychological principles of influence that underlie Social Engineering (SE) techniques in cybersecurity scams and frauds. SE techniques, namely phishing, baiting, tailgating, shoulder surfing, dumpster diving, waterholing, and Reverse Social Engineering (RSE), as well as social psychology influence principles, namely reciprocity, scarcity, authority, liking, commitment and consistency, and social proof, are described. When influence principles were analysed and mapped against SE techniques, results showed that the use of authority was most frequently adopted. This could be because different types of use of authority mechanisms provide avenues for harnessing authority and influence principles. Moreover, several obedience factors were found to be associated with influence principles, which may lay the foundation for authority. Commitment and consistency was the next most frequently employed influence principle, and this may be because it draws on the theory of cognitive dissonance which is the central mechanism of decision-making and persuasion. Internal and external sources of pressure, as well as the potential costs incurred by individuals and the institutional or organisational bodies they may represent, enhance the effectiveness of commitment and consistency. On the other hand, the prospect of long-term investment of time and effort may temper its adoption relative to authority. Of all the SE techniques reviewed, shoulder surfing was not found to be associated with any influence principle. In essence, the use of influence tactics in SE is akin to old wine in a new bottle: deploying age-old influence principles to manipulate people under the guise of new mediums.
|
|---|