Priming and warnings are not effective to prevent social engineering attacks

Priming and warnings are not effective to prevent social engineering attacks

Humans tend to trust each other and to easily disclose personal information. This makes them vulnerable to social engineering attacks. The present study investigated the effectiveness of two interventions that aim to protect users against social engineering attacks, namely priming through cues to ra...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Computers in human behavior 2017-01, Vol.66, p.75-87
Hauptverfasser: Junger, M., Montoya, L., Overink, F.-J.
Format: Artikel
Sprache:eng
Schlagworte:
Cues
Cybersecurity
Digits
Disclosure
Disclosure of personal information
Multivariate analysis
Network security
Personal information
Phishing
prevention
Priming
Social engineering
Social networks
Studies
Warning
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 87
container_issue
container_start_page 75
container_title Computers in human behavior
container_volume 66
creator Junger, M.
Montoya, L.
Overink, F.-J.
description Humans tend to trust each other and to easily disclose personal information. This makes them vulnerable to social engineering attacks. The present study investigated the effectiveness of two interventions that aim to protect users against social engineering attacks, namely priming through cues to raise awareness about the dangers of social engineering cyber-attacks and warnings against the disclosure of personal information. A sample of visitors of the shopping district of a medium-sized town in the Netherlands was studied. Disclosure was measured by asking subjects for their email address, 9 digits from their 18 digit bank account number, and for those who previously shopped online, what they had purchased and in which web shop. Relatively high disclosure rates were found: 79.1% of the subjects filled in their email address, and 43.5% provided bank account information. Among the online shoppers, 89.8% of the subjects filled in the type of product(s) they purchased and 91.4% filled in the name of the online shop where they did these purchases. Multivariate analysis showed that neither priming questions, nor a warning influenced the degree of disclosure. Indications of an adverse effect of the warning were found. The implications of these findings are discussed. •Shoppers easily provide personal identifiable information (PII).•Priming or a warning do not influence the degree of disclosure.•A warning, paradoxically, may even increase disclosure.•Users need to be educated about what constitutes sensitive PII.•Testing interventions is important to avoid possible adverse effects.
doi_str_mv 10.1016/j.chb.2016.09.012
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_1932190976</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S0747563216306392</els_id><sourcerecordid>1932190976</sourcerecordid><originalsourceid>FETCH-LOGICAL-c368t-72026e62d23af000d3bc9a28946ef317bdd6df2b3d8cba319d761960068f26403</originalsourceid><addsrcrecordid>eNp9kDtPAzEQhC0EEiHwA-gsUd_hR2KfRYUiXlIkKKC2fPY6-Ai-YJsg_j0OoabaKWZ2Zz-EzilpKaHicmjta9-yKluiWkLZAZrQTvJGCsUO0YTImWzmgrNjdJLzQAiZz4mYoOVTCu8hrrCJDn-ZFKvO2CTAcSwYvAdbwhZwGfEmwRZiwXm0wawxxFWIAOk3XIqxb_kUHXmzznD2N6fo5fbmeXHfLB_vHhbXy8Zy0ZVGMsIECOYYN742cby3yrBOzQR4TmXvnHCe9dx1tjecKicFVYIQ0XkmZoRP0cV-7yaNH5-Qix7GzxTrSU0VZ1QRJUV10b3LpjHnBF5v6q8mfWtK9A6aHnSFpnfQNFG6QquZq30Gav1tgKSzDRAtuJAqCe3G8E_6B_MmdBY</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1932190976</pqid></control><display><type>article</type><title>Priming and warnings are not effective to prevent social engineering attacks</title><source>Access via ScienceDirect (Elsevier)</source><creator>Junger, M. ; Montoya, L. ; Overink, F.-J.</creator><creatorcontrib>Junger, M. ; Montoya, L. ; Overink, F.-J.</creatorcontrib><description>Humans tend to trust each other and to easily disclose personal information. This makes them vulnerable to social engineering attacks. The present study investigated the effectiveness of two interventions that aim to protect users against social engineering attacks, namely priming through cues to raise awareness about the dangers of social engineering cyber-attacks and warnings against the disclosure of personal information. A sample of visitors of the shopping district of a medium-sized town in the Netherlands was studied. Disclosure was measured by asking subjects for their email address, 9 digits from their 18 digit bank account number, and for those who previously shopped online, what they had purchased and in which web shop. Relatively high disclosure rates were found: 79.1% of the subjects filled in their email address, and 43.5% provided bank account information. Among the online shoppers, 89.8% of the subjects filled in the type of product(s) they purchased and 91.4% filled in the name of the online shop where they did these purchases. Multivariate analysis showed that neither priming questions, nor a warning influenced the degree of disclosure. Indications of an adverse effect of the warning were found. The implications of these findings are discussed. •Shoppers easily provide personal identifiable information (PII).•Priming or a warning do not influence the degree of disclosure.•A warning, paradoxically, may even increase disclosure.•Users need to be educated about what constitutes sensitive PII.•Testing interventions is important to avoid possible adverse effects.</description><identifier>ISSN: 0747-5632</identifier><identifier>EISSN: 1873-7692</identifier><identifier>DOI: 10.1016/j.chb.2016.09.012</identifier><language>eng</language><publisher>Elmsford: Elsevier Ltd</publisher><subject>Cues ; Cybersecurity ; Digits ; Disclosure ; Disclosure of personal information ; Multivariate analysis ; Network security ; Personal information ; Phishing ; prevention ; Priming ; Social engineering ; Social networks ; Studies ; Warning</subject><ispartof>Computers in human behavior, 2017-01, Vol.66, p.75-87</ispartof><rights>2016</rights><rights>Copyright Elsevier Science Ltd. Jan 2017</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c368t-72026e62d23af000d3bc9a28946ef317bdd6df2b3d8cba319d761960068f26403</citedby><cites>FETCH-LOGICAL-c368t-72026e62d23af000d3bc9a28946ef317bdd6df2b3d8cba319d761960068f26403</cites><orcidid>0000-0002-9515-9860</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://dx.doi.org/10.1016/j.chb.2016.09.012$$EHTML$$P50$$Gelsevier$$H</linktohtml><link.rule.ids>315,781,785,3551,27929,27930,46000</link.rule.ids></links><search><creatorcontrib>Junger, M.</creatorcontrib><creatorcontrib>Montoya, L.</creatorcontrib><creatorcontrib>Overink, F.-J.</creatorcontrib><title>Priming and warnings are not effective to prevent social engineering attacks</title><title>Computers in human behavior</title><description>Humans tend to trust each other and to easily disclose personal information. This makes them vulnerable to social engineering attacks. The present study investigated the effectiveness of two interventions that aim to protect users against social engineering attacks, namely priming through cues to raise awareness about the dangers of social engineering cyber-attacks and warnings against the disclosure of personal information. A sample of visitors of the shopping district of a medium-sized town in the Netherlands was studied. Disclosure was measured by asking subjects for their email address, 9 digits from their 18 digit bank account number, and for those who previously shopped online, what they had purchased and in which web shop. Relatively high disclosure rates were found: 79.1% of the subjects filled in their email address, and 43.5% provided bank account information. Among the online shoppers, 89.8% of the subjects filled in the type of product(s) they purchased and 91.4% filled in the name of the online shop where they did these purchases. Multivariate analysis showed that neither priming questions, nor a warning influenced the degree of disclosure. Indications of an adverse effect of the warning were found. The implications of these findings are discussed. •Shoppers easily provide personal identifiable information (PII).•Priming or a warning do not influence the degree of disclosure.•A warning, paradoxically, may even increase disclosure.•Users need to be educated about what constitutes sensitive PII.•Testing interventions is important to avoid possible adverse effects.</description><subject>Cues</subject><subject>Cybersecurity</subject><subject>Digits</subject><subject>Disclosure</subject><subject>Disclosure of personal information</subject><subject>Multivariate analysis</subject><subject>Network security</subject><subject>Personal information</subject><subject>Phishing</subject><subject>prevention</subject><subject>Priming</subject><subject>Social engineering</subject><subject>Social networks</subject><subject>Studies</subject><subject>Warning</subject><issn>0747-5632</issn><issn>1873-7692</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2017</creationdate><recordtype>article</recordtype><recordid>eNp9kDtPAzEQhC0EEiHwA-gsUd_hR2KfRYUiXlIkKKC2fPY6-Ai-YJsg_j0OoabaKWZ2Zz-EzilpKaHicmjta9-yKluiWkLZAZrQTvJGCsUO0YTImWzmgrNjdJLzQAiZz4mYoOVTCu8hrrCJDn-ZFKvO2CTAcSwYvAdbwhZwGfEmwRZiwXm0wawxxFWIAOk3XIqxb_kUHXmzznD2N6fo5fbmeXHfLB_vHhbXy8Zy0ZVGMsIECOYYN742cby3yrBOzQR4TmXvnHCe9dx1tjecKicFVYIQ0XkmZoRP0cV-7yaNH5-Qix7GzxTrSU0VZ1QRJUV10b3LpjHnBF5v6q8mfWtK9A6aHnSFpnfQNFG6QquZq30Gav1tgKSzDRAtuJAqCe3G8E_6B_MmdBY</recordid><startdate>201701</startdate><enddate>201701</enddate><creator>Junger, M.</creator><creator>Montoya, L.</creator><creator>Overink, F.-J.</creator><general>Elsevier Ltd</general><general>Elsevier Science Ltd</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><orcidid>https://orcid.org/0000-0002-9515-9860</orcidid></search><sort><creationdate>201701</creationdate><title>Priming and warnings are not effective to prevent social engineering attacks</title><author>Junger, M. ; Montoya, L. ; Overink, F.-J.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c368t-72026e62d23af000d3bc9a28946ef317bdd6df2b3d8cba319d761960068f26403</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2017</creationdate><topic>Cues</topic><topic>Cybersecurity</topic><topic>Digits</topic><topic>Disclosure</topic><topic>Disclosure of personal information</topic><topic>Multivariate analysis</topic><topic>Network security</topic><topic>Personal information</topic><topic>Phishing</topic><topic>prevention</topic><topic>Priming</topic><topic>Social engineering</topic><topic>Social networks</topic><topic>Studies</topic><topic>Warning</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Junger, M.</creatorcontrib><creatorcontrib>Montoya, L.</creatorcontrib><creatorcontrib>Overink, F.-J.</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Computers in human behavior</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Junger, M.</au><au>Montoya, L.</au><au>Overink, F.-J.</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Priming and warnings are not effective to prevent social engineering attacks</atitle><jtitle>Computers in human behavior</jtitle><date>2017-01</date><risdate>2017</risdate><volume>66</volume><spage>75</spage><epage>87</epage><pages>75-87</pages><issn>0747-5632</issn><eissn>1873-7692</eissn><abstract>Humans tend to trust each other and to easily disclose personal information. This makes them vulnerable to social engineering attacks. The present study investigated the effectiveness of two interventions that aim to protect users against social engineering attacks, namely priming through cues to raise awareness about the dangers of social engineering cyber-attacks and warnings against the disclosure of personal information. A sample of visitors of the shopping district of a medium-sized town in the Netherlands was studied. Disclosure was measured by asking subjects for their email address, 9 digits from their 18 digit bank account number, and for those who previously shopped online, what they had purchased and in which web shop. Relatively high disclosure rates were found: 79.1% of the subjects filled in their email address, and 43.5% provided bank account information. Among the online shoppers, 89.8% of the subjects filled in the type of product(s) they purchased and 91.4% filled in the name of the online shop where they did these purchases. Multivariate analysis showed that neither priming questions, nor a warning influenced the degree of disclosure. Indications of an adverse effect of the warning were found. The implications of these findings are discussed. •Shoppers easily provide personal identifiable information (PII).•Priming or a warning do not influence the degree of disclosure.•A warning, paradoxically, may even increase disclosure.•Users need to be educated about what constitutes sensitive PII.•Testing interventions is important to avoid possible adverse effects.</abstract><cop>Elmsford</cop><pub>Elsevier Ltd</pub><doi>10.1016/j.chb.2016.09.012</doi><tpages>13</tpages><orcidid>https://orcid.org/0000-0002-9515-9860</orcidid><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 0747-5632
ispartof Computers in human behavior, 2017-01, Vol.66, p.75-87
issn 0747-5632
1873-7692
language eng
recordid cdi_proquest_journals_1932190976
source Access via ScienceDirect (Elsevier)
subjects Cues
Cybersecurity
Digits
Disclosure
Disclosure of personal information
Multivariate analysis
Network security
Personal information
Phishing
prevention
Priming
Social engineering
Social networks
Studies
Warning
title Priming and warnings are not effective to prevent social engineering attacks
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-12T12%3A45%3A28IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Priming%20and%20warnings%20are%20not%20effective%20to%20prevent%20social%20engineering%20attacks&rft.jtitle=Computers%20in%20human%20behavior&rft.au=Junger,%20M.&rft.date=2017-01&rft.volume=66&rft.spage=75&rft.epage=87&rft.pages=75-87&rft.issn=0747-5632&rft.eissn=1873-7692&rft_id=info:doi/10.1016/j.chb.2016.09.012&rft_dat=%3Cproquest_cross%3E1932190976%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=1932190976&rft_id=info:pmid/&rft_els_id=S0747563216306392&rfr_iscdi=true