No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Abstract
For over half a century researchers have scientifically studied persuasion and influence. The corpus of this research resulted in established theories and practices that are effectively used in a myriad of contexts where human relationships and factors are paramount. This chapter first explores traditional psychological influence concepts and techniques that are implemented across a broad spectrum of contexts, such as business, advertising, and political and military campaigns. The chapter then examines these principles through the lens of cyber attacks,where these precepts can be maliciously leveraged by cyber attackers to manipulate victims through elaborate deception narratives based upon exploiting heuristic cues to persuade and gain compliance. Finally the chapter looks at hoax viruses, scareware, “tech support scams,” and ransomware campaigns and the manner in which psychological influence strategies are weaponized in these attacks.
... The attack uses human emotions to manipulate the user into installing malicious software. The steps involved in a scareware attack can be seen in Figure 4 [29]. It can be seen (in Figure 4) that hackers use pop-up-based alerts on different sites to engage the target. ...
... The visual representation of the scareware (e.g., a pop-up or a scan report) meritoriously presents a credible and trustworthy application. Most forms of scareware malware adopt color schemes, font styles, and logos that are similar to known brands of antivirus or software products, e.g., Microsoft, Norton antivirus, etc. [29]. ...
As cybersecurity strategies become more robust and challenging, cybercriminals are mutating cyberattacks to be more evasive. Recent studies have highlighted the use of social engineering by criminals to exploit the human factor in an organization’s security architecture. Social engineering attacks exploit specific human attributes and psychology to bypass technical security measures for malicious acts. Social engineering is becoming a pervasive approach used for compromising individuals and organizations (is relatively more convenient to compromise a human compared to discovering a vulnerability in the security system). Social engineering-based cyberattacks are extremely difficult to counter as they do not follow specific patterns or approaches for conducting an attack, making them highly effective, efficient, easy, and obscure approaches for compromising any organization. To counter such attacks, a better understanding of the attack tactics is highly essential. Hence, this paper provides an in-depth analysis of the approaches used to conduct social engineering-based cyberattacks. This study discusses human vulnerabilities employed by criminals in recent security breaches. Further, the paper highlights the existing approaches, including machine learning-based methods, to counter social engineering-based cyberattacks.
... Parrot Security OS [18] is an additional Linux distribution crafted by the Parrot project, aimed at delivering a robust and privacy-centric platform for individuals interested in security, development, and research. It shares a comparable focus with Kali Linux, as it strives to offer an effective and potent environment for various hacking endeavors. ...
This in-depth review article examines social engineering attacks and their implementation through the Kali Linux operating system, delving into the background and significance of social engineering in cybersecurity, the predominant tools and techniques employed in these attacks, and real-world case studies demonstrating their effectiveness. In addition, ethical considerations that should be taken into account when using social engineering attacks are covered, along with potential countermeasures that can be implemented to minimize the chance of successful attacks. By highlighting these risks and methods for mitigating them, this article offers invaluable guidance to individuals and organizations wanting to enhance their cybersecurity measures.
A persistent question in the deception literature has been the extent to which nonverbal behaviors can reliably distinguish between truth and deception. It has been argued that deception instigates cognitive load and arousal that are betrayed through visible nonverbal indicators. Yet, empirical evidence has often failed to find statistically significant or strong relationships. Given that interpersonal message production is characterized by a high degree of simultaneous and serial patterning among multiple behaviors, it may be that patterns of behaviors are more diagnostic of veracity. Or it may be that the theorized linkage between internal states of arousal, cognitive taxation, and efforts to control behavior and nonverbal behaviors are wrong. The current investigation addressed these possibilities by applying a software program called THEME to analyze the patterns of kinesic movements (adaptor gestures, illustrator gestures, and speaker and listener head movements) rated by trained coders for participants in a mock crime experiment. Our multifaceted analysis revealed that the quantity and quality of patterns distinguish truths from untruths. Quantitative and qualitative analyses conducted by case and condition revealed high variability in the types and complexities of patterns that were produced and differences between truthful and deceptive respondents questioned about a theft. Patterns incorporating adaptors and illustrator gestures were correlated in counterintuitive ways with arousal, cognitive load, and behavioral control, and qualitative analyses produced unique insights into truthful and untruthful communication.
In these two studies, we examined whether the inferences people make about likable and dislikable targets align with the predictions of balance theory. We hypothesized that people exhibit a liking-similarity effect by perceiving greater similarity with a likable person than a dislikable person. To test this hypothesis, we manipulated the likability of a target person and then assessed participants' perceptions of similarity to that target person. In both studies, people rated likable others as more similar to themselves than dislikable others across a variety of domains (e.g., attitudes, personality characteristics, behaviors). In Study 2, individual differences in self-concept clarity, self-esteem, and preference for consistency moderated the liking-similarity effect.
This investigation examined how computer-mediated communication (CMC) partners exchange personal information in initial interactions, focusing on the effects of communication channels on self-disclosure, question-asking, and uncertainty reduction. 158 unacquainted individuals (79 males and 79 females, aged 17-24 yrs) met either face-to-face or via CMC. Computer-mediated interactants exhibited a greater proportion of more direct and intimate uncertainty reduction behaviors than unmediated participants did, and demonstrated significantly greater gains in attributional confidence over the course of the conversations. The use of direct strategies by mediated interactants resulted in judgments of greater conversational effectiveness by partners. Results illuminate some microstructures previously asserted but unverified within social information processing theory (J. B. Walther, 1992), and extend uncertainty reduction theory (C. R. Berger and R. J. Calabrese, 1975) to CMC interaction. (PsycINFO Database Record (c) 2012 APA, all rights reserved)
This study involved an experiment of the effects of time and communication channel—asynchronous computer conferencing versus face-to-face meetings—on relational communication in groups. Prior research on the relational aspects of computer-mediated communication has suggested strong depersonalizing effects of the medium due to the absence of nonverbal cues. Past research is criticized for failing to incorporate temporal and developmental perspectives on information processing and relational development. In this study, data were collected from 96 subjects assigned to computer conferencing or face-to-face zero-history groups of 3, who completed three tasks over several weeks’time. Results showed that computer-mediated groups increased in several relational dimensions to more positive levels and that these subsequent levels approximated those of face-to-face groups. Boundaries on the predominant theories of computer-mediated communication are recommended, and principles from uncertainty reduction and social penetration are discussed.
Internet crime, including fraud and spread of malicious software, is a pervasive and costly global issue. Many of these crimes occur not because of technology failure but because of the human element. People can easily be manipulated through social engineering – the use of psychological tactics to influence individuals to assist in their own victimization. We employ a social influence framework, drawing upon ideas from Robert Cialdini, to understand the nature of social engineering techniques and why they are successful in exploiting unsuspecting individuals. Specifically, we discuss how social engineers misuse six pervasive weapons of influence – Liking, Authority, Scarcity, Social Proof, Reciprocity, and Commitment and Consistency – in order to effectively influence individuals to take the initial steps toward their exploitation. We conclude with a discussion of the precautions individuals can take to resist malicious influence attempts online.
This study examined the effects of synchrony and the number of cues on the person perception process in computer-mediated communication. One hundred and forty-two participants in groups of three or four engaged in collaboration over five weeks to develop oral reports, using alternate versions of communication systems or meeting face-to-face. Consistent with the hyperpersonal model, those using low cue media felt their partners were more credible, and reported more social attraction, less uncertainty, and more involvement in the interaction than those using high cue media. People interacting with synchronous media felt increased social attraction, self-reported involvement, and certainty. They also felt that their conversations were more effective, although this effect appeared mainly in low cue groups. Results of an exploratory path analysis suggest that future research should focus on causal chains rather than direct effects, and that intervening variables (such as involvement) may be central to our understanding of the effects of communication technology systems.