Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Social engineering and the use of persuasion to commit cyber fraud
Cyber Security: A Peer-Reviewed Journal,
6
(2),
102-110
(2022)
Abstract
The use of social engineering in cyberattacks has increased in recognition. The gap in understanding is how the various aspects of psychology influence the outcome of social engineering attacks. In this paper Cialdini’s principles of persuasion are discussed in conjunction with neuroscience. Additional insights are introduced, including how biases function within the structure of a business e-mail compromise (BEC) e-mail and what part the persuasion principles play in the structure of the e-mail and the requests. Additional context is provided with examples to clarify the concepts of the various topics discussed. Previous research has focused on isolated disciplines of psychology and its use in phishing attacks. This singular focus has failed to address the various nuances which take place with a social engineering attack. Referencing Cialdini’s extensive work in persuasion as well as social hierarchies and the role of physiology in decision making allows for additional insights to be explored. This unique perspective will offer a more holistic understanding of the aspects that influence decisions a person makes when targeted by a social engineering attack.
Keywords: social engineering; BEC; cognitive biases; persuasion; psychology; neuroscience
The full article is available to subscribers to the journal.
Author's Biography
Lance Wantenaar is a cyber security analyst focusing on financial crimes and fraud. Twenty years working in IT and cyber security has allowed him to develop a deep understanding of technology with experience in incident response and fraud investigations. He has earned a number of industry qualifications, including CISSP and SANS GCIH and GCFE (expired). He has an intense interest in psychology, neuroscience, cognitive psychology and physiology to understand how people make decisions. He specialises in social engineering to understand how psychology is used in cyberattacks and fraud. Lance’s podcast allows him to interview a range of psychologists, neuroscientists, business coaches and diverse thinkers to understand the dynamics of decision making. His guests cover a wide variety of topics from emotional intelligence, flow states, scientific research and artificial intelligence (AI) to storytelling, autism and dyslexia. The diverse views and insights allow for deeper understanding into how people think and what influences their decisions. Lance has spoken at cyber security conferences on social engineering and psychology and business e-mail compromise (BEC) fraud and what makes them successful.
