Principles of persuasion in social engineering and their use in phishing

Ana Ferreira; Lynne Coventry; Gabriele Lenzini

doi:10.1007/978-3-319-20376-8_4

Principles of persuasion in social engineering and their use in phishing

Ana Ferreira, Lynne Coventry, Gabriele Lenzini

School of Psychology

Research output: Chapter in Book/Report/Conference proceeding › Chapter › peer-review

96 Citations (Scopus)

Abstract

Research on marketing and deception has identified principles of persuasion that influence human decisions. However, this research is scattered: it focuses on specific contexts and produces different taxonomies. In regard to frauds and scams, three taxonomies are often referred in the literature: Cialdini’s principles of influence, Gragg’s psychological triggers, and Stajano et al. principles of scams. It is unclear whether these relate but clearly some of their principles seem overlapping whereas others look complementary. We propose a way to connect those principles and present a merged and reviewed list for them. Then, we analyse various phishing emails and show that our principles are used therein in specific combinations. Our analysis of phishing is based on peer review and further research is needed to make it automatic, but the approach we follow, together with principles we propose, can be applied more consistently and more comprehensively than the original taxonomies.

Original language	English
Title of host publication	Human Aspects of Information Security, Privacy, and Trust
Editors	Theo Tryfonas, Ioannis Askoxylakis
Place of Publication	London
Publisher	Springer
Pages	36-47
Number of pages	230
Volume	9190
ISBN (Print)	9783319203751
DOIs	https://doi.org/10.1007/978-3-319-20376-8_4
Publication status	Published - 21 Jul 2015

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
ISSN (Electronic)	0302-9743

Keywords

social engineering

Access to Document

10.1007/978-3-319-20376-8_4

Cite this

@inbook{211cf0639b96442aaa7911d26cece3c9,

title = "Principles of persuasion in social engineering and their use in phishing",

abstract = "Research on marketing and deception has identified principles of persuasion that influence human decisions. However, this research is scattered: it focuses on specific contexts and produces different taxonomies. In regard to frauds and scams, three taxonomies are often referred in the literature: Cialdini{\textquoteright}s principles of influence, Gragg{\textquoteright}s psychological triggers, and Stajano et al. principles of scams. It is unclear whether these relate but clearly some of their principles seem overlapping whereas others look complementary. We propose a way to connect those principles and present a merged and reviewed list for them. Then, we analyse various phishing emails and show that our principles are used therein in specific combinations. Our analysis of phishing is based on peer review and further research is needed to make it automatic, but the approach we follow, together with principles we propose, can be applied more consistently and more comprehensively than the original taxonomies.",

keywords = "social engineering",

author = "Ana Ferreira and Lynne Coventry and Gabriele Lenzini",

year = "2015",

month = jul,

day = "21",

doi = "10.1007/978-3-319-20376-8\_4",

language = "English",

isbn = "9783319203751",

volume = "9190",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "36--47",

editor = "Theo Tryfonas and Ioannis Askoxylakis",

booktitle = "Human Aspects of Information Security, Privacy, and Trust",

address = "Germany",

}

Principles of persuasion in social engineering and their use in phishing. / Ferreira, Ana; Coventry, Lynne; Lenzini, Gabriele.
Human Aspects of Information Security, Privacy, and Trust. ed. / Theo Tryfonas; Ioannis Askoxylakis. Vol. 9190 London: Springer, 2015. p. 36-47 (Lecture Notes in Computer Science).

Research output: Chapter in Book/Report/Conference proceeding › Chapter › peer-review

TY - CHAP

T1 - Principles of persuasion in social engineering and their use in phishing

AU - Ferreira, Ana

AU - Coventry, Lynne

AU - Lenzini, Gabriele

PY - 2015/7/21

Y1 - 2015/7/21

N2 - Research on marketing and deception has identified principles of persuasion that influence human decisions. However, this research is scattered: it focuses on specific contexts and produces different taxonomies. In regard to frauds and scams, three taxonomies are often referred in the literature: Cialdini’s principles of influence, Gragg’s psychological triggers, and Stajano et al. principles of scams. It is unclear whether these relate but clearly some of their principles seem overlapping whereas others look complementary. We propose a way to connect those principles and present a merged and reviewed list for them. Then, we analyse various phishing emails and show that our principles are used therein in specific combinations. Our analysis of phishing is based on peer review and further research is needed to make it automatic, but the approach we follow, together with principles we propose, can be applied more consistently and more comprehensively than the original taxonomies.

AB - Research on marketing and deception has identified principles of persuasion that influence human decisions. However, this research is scattered: it focuses on specific contexts and produces different taxonomies. In regard to frauds and scams, three taxonomies are often referred in the literature: Cialdini’s principles of influence, Gragg’s psychological triggers, and Stajano et al. principles of scams. It is unclear whether these relate but clearly some of their principles seem overlapping whereas others look complementary. We propose a way to connect those principles and present a merged and reviewed list for them. Then, we analyse various phishing emails and show that our principles are used therein in specific combinations. Our analysis of phishing is based on peer review and further research is needed to make it automatic, but the approach we follow, together with principles we propose, can be applied more consistently and more comprehensively than the original taxonomies.

KW - social engineering

UR - https://www.scopus.com/pages/publications/84944031269

U2 - 10.1007/978-3-319-20376-8_4

DO - 10.1007/978-3-319-20376-8_4

M3 - Chapter

SN - 9783319203751

VL - 9190

T3 - Lecture Notes in Computer Science

SP - 36

EP - 47

BT - Human Aspects of Information Security, Privacy, and Trust

A2 - Tryfonas, Theo

A2 - Askoxylakis, Ioannis

PB - Springer

CY - London

ER -

Principles of persuasion in social engineering and their use in phishing

Abstract

Publication series

Keywords

Access to Document

Other files and links

Fingerprint

Cite this