Suspicious minds: Psychological techniques correlated with online phishing attacks

Abstract

Phishing remains a pervasive threat to information security, leveraging human psychology to manipulate individuals into disclosing sensitive information or performing actions against their best interests. This study presents a comprehensive taxonomy and analysis of psychological techniques utilized in social engineering, introducing novel metrics such as Absolute Compliance Increase Rate (ACR), Relative Compliance Increase Rate (RCR), and Comprehensive Compliance Increase Rate (CCR) to quantify their effectiveness. Our methodology involved a systematic review of existing literature and empirical data from psychological experiments to evaluate and compare the effectiveness of various techniques, including Authority, Commitment & Consistency, Reciprocity, and Group Pressure. The findings indicate that the Majority Size technique, measured by CCR, is particularly potent in scenarios with low initial compliance rates, while Authority, Commitment & Consistency, and Reciprocity also demonstrate high effectiveness. These insights enhance the understanding of the mechanics of social engineering techniques, enabling the development of more effective countermeasures against social engineering attacks.