Understanding Susceptibility to Social Engineering Attacks Through Online Privacy Behaviors

Glaris Lancia Raja Arul (11794286)

19 December 2021

<p>Human-based social engineering attacks continue to grow in popularity, with increasing numbers of cases reported yearly. This can be accredited to the ease with which common social engineering attacks can be launched, and the abundance of information available online that attackers can use against their targets. Current mitigative strategies and awareness trainings against social engineering attacks incorporate an understanding of the major factors that influence individual susceptibility to social engineering attacks. These strategies emphasize an engagement in secure behaviors and practices, especially with respect to identifying the key indicators in any form of communication or situation that can classify it as a social engineering attack. There is also an emphasis on restricting the amount of information that individuals should share about themselves in workplace settings. However, these approaches do not comprehensively consider the different intrinsic motivations that individuals develop to engage in the protective behaviors necessary to assure their safety against social engineering attacks, regardless of environment. Individual attitudes and behaviors about online privacy could hold the key to defending oneself by way of restricting unwarranted access to associated information online. Psychological traits and attitudes developed in response to the perception of social engineering as a threat could act as motivators for engaging in privacy protective behaviors, which in turn could affect the extent to which an individual can protect themselves from social engineering attacks. This thesis investigates the role of privacy protective behaviors in impacting an individual’s susceptibility to social engineering attacks and the impacts of specific privacy factors as motivating antecedents to engagement in privacy protective behaviors.</p>

Online Privacy

Social Engineering

Privacy Behaviors

Affect and Online Privacy Concerns

Castano, David Charles

01 April 2015

The purpose of this study was to investigate the influence of affect on privacy concerns and privacy behaviors. A considerable amount of research in the information systems field argues that privacy concerns, usually conceptualized as an evaluation of privacy risks, influence privacy behaviors. However, recent theoretical work shows that affect, a pre-cognitive evaluation, has a significant effect on preferences and choices in risky situations. Affect is contrasted with cognitive issues in privacy decision making and the role of affective versus cognitive-consequentialist factors is reviewed in privacy context. A causal model was developed to address how affect influences privacy concerns and privacy behaviors. The model of privacy risk proposed in this model argues that affect (or “feelings”) influences privacy behaviors directly as well as thru privacy concerns. To test the model, subjects were recruited using Mechanical Turk and paid for their participation. Affect, the key construct in this research, was measured using a word association technique as well as methods developed in the implicit attitudes research. Well-known scales were used to measure privacy concerns and behavioral intentions. Data was collected from subjects using a pretested privacy scenario. Data analysis suggests that, in line with published IS research, privacy concerns affect privacy behaviors. Affect has no impact on privacy concerns nor on privacy behaviors at the traditional 5% level of significance, though it is significant at the 10% level of significance. Improving the instruments used to measure affect, use of a large sample size to detect small effect sizes and more control over the instrument administration instead of an online survey are suggested for future research.

Information technology

Affect

Behavioral Intentions

Feeling

Implicit Attitudes

Privacy Behaviors

Privacy Concerns

Computer Sciences

Databases and Information Systems

Psychology