Principles of persuasion in social engineering and their use in phishing

Ana Ferreira; Lynne Coventry; Gabriele Lenzini

doi:10.1007/978-3-319-20376-8_4

Principles of persuasion in social engineering and their use in phishing

Ana Ferreira^*
, Lynne Coventry
, Gabriele Lenzini

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

96 Citations (Scopus)

Abstract

Research on marketing and deception has identified principles of persuasion that influence human decisions. However, this research is scattered: it focuses on specific contexts and produces different taxonomies. In regard to frauds and scams, three taxonomies are often referred in the literature: Cialdini’s principles of influence, Gragg’s psychological triggers, and Stajano et al. principles of scams. It is unclear whether these relate but clearly some of their principles seem overlapping whereas others look complementary. We propose a way to connect those principles and present a merged and reviewed list for them. Then, we analyse various phishing emails and show that our principles are used therein in specific combinations. Our analysis of phishing is based on peer review and further research is needed to make it automatic, but the approach we follow, together with principles we propose, can be applied more consistently and more comprehensively than the original taxonomies.

Original language	English
Title of host publication	Human Aspects of Information Security, Privacy and Trust
Subtitle of host publication	Third International Conference, HAS 2015 Held as Part of HCI International 2015, Los Angeles, CA, USA, August 2-7, 2015, Proceedings
Editors	Theo Tryfonas, Ioannis Askoxylakis
Place of Publication	Cham
Publisher	Springer
Pages	36-47
Number of pages	12
ISBN (Electronic)	9783319203768
ISBN (Print)	9783319203751
DOIs	https://doi.org/10.1007/978-3-319-20376-8_4
Publication status	Published - 21 Jul 2015
Externally published	Yes
Event	3rd International Conference on Human Aspects of Information Security, Privacy and Trust, Held as Part of 17th International Conference on Human-Computer Interaction, HCI International 2015 - Los Angeles, United States Duration: 2 Aug 2015 → 7 Aug 2015 Conference number: 3rd

Publication series

Name	Lecture Notes in Computer Science (LNISA)
Publisher	Springer
Volume	9190
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	3rd International Conference on Human Aspects of Information Security, Privacy and Trust, Held as Part of 17th International Conference on Human-Computer Interaction, HCI International 2015
Abbreviated title	HAS 2015
Country/Territory	United States
City	Los Angeles
Period	2/08/15 → 7/08/15

Keywords

Social engineering
Principles of persuasion
Phishing emails

Access to Document

10.1007/978-3-319-20376-8_4

Cite this

Ferreira, A., Coventry, L., & Lenzini, G. (2015). Principles of persuasion in social engineering and their use in phishing. In T. Tryfonas, & I. Askoxylakis (Eds.), Human Aspects of Information Security, Privacy and Trust: Third International Conference, HAS 2015 Held as Part of HCI International 2015, Los Angeles, CA, USA, August 2-7, 2015, Proceedings (pp. 36-47). (Lecture Notes in Computer Science (LNISA); Vol. 9190). Springer. https://doi.org/10.1007/978-3-319-20376-8_4

Ferreira, Ana ; Coventry, Lynne ; Lenzini, Gabriele. / Principles of persuasion in social engineering and their use in phishing. Human Aspects of Information Security, Privacy and Trust: Third International Conference, HAS 2015 Held as Part of HCI International 2015, Los Angeles, CA, USA, August 2-7, 2015, Proceedings. editor / Theo Tryfonas ; Ioannis Askoxylakis. Cham : Springer, 2015. pp. 36-47 (Lecture Notes in Computer Science (LNISA)).

@inproceedings{840c64a256d14575b7d41f6d3540f357,

title = "Principles of persuasion in social engineering and their use in phishing",

abstract = "Research on marketing and deception has identified principles of persuasion that influence human decisions. However, this research is scattered: it focuses on specific contexts and produces different taxonomies. In regard to frauds and scams, three taxonomies are often referred in the literature: Cialdini{\textquoteright}s principles of influence, Gragg{\textquoteright}s psychological triggers, and Stajano et al. principles of scams. It is unclear whether these relate but clearly some of their principles seem overlapping whereas others look complementary. We propose a way to connect those principles and present a merged and reviewed list for them. Then, we analyse various phishing emails and show that our principles are used therein in specific combinations. Our analysis of phishing is based on peer review and further research is needed to make it automatic, but the approach we follow, together with principles we propose, can be applied more consistently and more comprehensively than the original taxonomies.",

author = "Ana Ferreira and Lynne Coventry and Gabriele Lenzini",

note = "Funding Information: G. Lenzini—This research is supported by FNR Luxembourg, project I2R-APS-PFN-11STAS. Publisher Copyright: {\textcopyright} Springer International Publishing Switzerland 2015.; 3rd International Conference on Human Aspects of Information Security, Privacy and Trust, Held as Part of 17th International Conference on Human-Computer Interaction, HCI International 2015, HAS 2015 ; Conference date: 02-08-2015 Through 07-08-2015",

year = "2015",

month = jul,

day = "21",

doi = "10.1007/978-3-319-20376-8\_4",

language = "English",

isbn = "9783319203751",

series = "Lecture Notes in Computer Science (LNISA)",

publisher = "Springer",

pages = "36--47",

editor = "Theo Tryfonas and Ioannis Askoxylakis",

booktitle = "Human Aspects of Information Security, Privacy and Trust",

}

Ferreira, A, Coventry, L & Lenzini, G 2015, Principles of persuasion in social engineering and their use in phishing. in T Tryfonas & I Askoxylakis (eds), Human Aspects of Information Security, Privacy and Trust: Third International Conference, HAS 2015 Held as Part of HCI International 2015, Los Angeles, CA, USA, August 2-7, 2015, Proceedings. Lecture Notes in Computer Science (LNISA), vol. 9190, Springer, Cham, pp. 36-47, 3rd International Conference on Human Aspects of Information Security, Privacy and Trust, Held as Part of 17th International Conference on Human-Computer Interaction, HCI International 2015, Los Angeles, California, United States, 2/08/15. https://doi.org/10.1007/978-3-319-20376-8_4

Principles of persuasion in social engineering and their use in phishing. / Ferreira, Ana; Coventry, Lynne; Lenzini, Gabriele.
Human Aspects of Information Security, Privacy and Trust: Third International Conference, HAS 2015 Held as Part of HCI International 2015, Los Angeles, CA, USA, August 2-7, 2015, Proceedings. ed. / Theo Tryfonas; Ioannis Askoxylakis. Cham: Springer, 2015. p. 36-47 (Lecture Notes in Computer Science (LNISA); Vol. 9190).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Principles of persuasion in social engineering and their use in phishing

AU - Ferreira, Ana

AU - Coventry, Lynne

AU - Lenzini, Gabriele

N1 - Conference code: 3rd

PY - 2015/7/21

Y1 - 2015/7/21

N2 - Research on marketing and deception has identified principles of persuasion that influence human decisions. However, this research is scattered: it focuses on specific contexts and produces different taxonomies. In regard to frauds and scams, three taxonomies are often referred in the literature: Cialdini’s principles of influence, Gragg’s psychological triggers, and Stajano et al. principles of scams. It is unclear whether these relate but clearly some of their principles seem overlapping whereas others look complementary. We propose a way to connect those principles and present a merged and reviewed list for them. Then, we analyse various phishing emails and show that our principles are used therein in specific combinations. Our analysis of phishing is based on peer review and further research is needed to make it automatic, but the approach we follow, together with principles we propose, can be applied more consistently and more comprehensively than the original taxonomies.

AB - Research on marketing and deception has identified principles of persuasion that influence human decisions. However, this research is scattered: it focuses on specific contexts and produces different taxonomies. In regard to frauds and scams, three taxonomies are often referred in the literature: Cialdini’s principles of influence, Gragg’s psychological triggers, and Stajano et al. principles of scams. It is unclear whether these relate but clearly some of their principles seem overlapping whereas others look complementary. We propose a way to connect those principles and present a merged and reviewed list for them. Then, we analyse various phishing emails and show that our principles are used therein in specific combinations. Our analysis of phishing is based on peer review and further research is needed to make it automatic, but the approach we follow, together with principles we propose, can be applied more consistently and more comprehensively than the original taxonomies.

U2 - 10.1007/978-3-319-20376-8_4

DO - 10.1007/978-3-319-20376-8_4

M3 - Conference contribution

AN - SCOPUS:84944031269

SN - 9783319203751

T3 - Lecture Notes in Computer Science (LNISA)

SP - 36

EP - 47

BT - Human Aspects of Information Security, Privacy and Trust

A2 - Tryfonas, Theo

A2 - Askoxylakis, Ioannis

PB - Springer

CY - Cham

T2 - 3rd International Conference on Human Aspects of Information Security, Privacy and Trust, Held as Part of 17th International Conference on Human-Computer Interaction, HCI International 2015

Y2 - 2 August 2015 through 7 August 2015

ER -

Ferreira A, Coventry L, Lenzini G. Principles of persuasion in social engineering and their use in phishing. In Tryfonas T, Askoxylakis I, editors, Human Aspects of Information Security, Privacy and Trust: Third International Conference, HAS 2015 Held as Part of HCI International 2015, Los Angeles, CA, USA, August 2-7, 2015, Proceedings. Cham: Springer. 2015. p. 36-47. (Lecture Notes in Computer Science (LNISA)). Epub 2015 Jan 1. doi: 10.1007/978-3-319-20376-8_4

Principles of persuasion in social engineering and their use in phishing

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this