Con en s lis s a ailable a ScienceDi ec
Compu e s in Human Beha io Repo s
jou nal homepage: www.sciencedi ec .com/jou nal/compu e s-in-human-beha io - epo s
Full leng h a icle
Suspicious minds: Psychological echniques co ela ed wi h online phishing
a acks
Ioannis S ylianou a,b,∗, Panagio is Boun akas a, Apos olis Za as a, Ch is os Xenakis a,b
aUni e si y o Pi aeus, G eece
bInQbi Inno a ions SRL, Romania
A R T I C L E I N F O
Keywo ds:
Cybe secu i y
Social enginee ing
Psychological echniques
Beha io al psychology
Pe suasion
Compliance
A B S T R A C T
Phishing emains a pe asi e h ea o in o ma ion secu i y, le e aging human psychology o manipula e
indi iduals in o disclosing sensi i e in o ma ion o pe o ming ac ions agains hei bes in e es s. This s udy
p esen s a comp ehensi e axonomy and analysis o psychological echniques u ilized in social enginee ing,
in oducing no el me ics such as Absolu e Compliance Inc ease Ra e (ACR), Rela i e Compliance Inc ease Ra e
(RCR), and Comp ehensi e Compliance Inc ease Ra e (CCR) o quan i y hei e ec i eness. Ou me hodology
in ol ed a sys ema ic e iew o exis ing li e a u e and empi ical da a om psychological expe imen s o
e alua e and compa e he e ec i eness o a ious echniques, including Au ho i y, Commi men & Consis ency,
Recip oci y, and G oup P essu e. The indings indica e ha he Majo i y Size echnique, measu ed by
CCR, is pa icula ly po en in scena ios wi h low ini ial compliance a es, while Au ho i y, Commi men &
Consis ency, and Recip oci y also demons a e high e ec i eness. These insigh s enhance he unde s anding o
he mechanics o social enginee ing echniques, enabling he de elopmen o mo e e ec i e coun e measu es
agains social enginee ing a acks.
1. In oduc ion
The digi al age has made i inc easingly easy o pe pe a o s o
access as amoun s o in o ma ion a hei inge ips. Ne e heless, i
is no he shee olume o in o ma ion and, equen ly, nei he he di -
icul y o implemen ing secu i y coun e measu es ha pose he g a es
h ea ; ins ead, i is he capaci y o manipula e human pe cep ion which
s ands as a o midable challenge. The mos no able social enginee ing
a acks ely hea ily on human psychology. As such, unde s anding he
sub le ies o human cogni ion becomes as essen ial as mas e ing he
in icacies o he digi al ealm. I is one hing o c ack a code o
bypass a i ewall, bu con incing a human mind o willingly gi e up
in o ma ion is a es amen o he po ency o psychology in he hands o
a skilled manipula o . Howe e , while he h ea emains conside able,
he esponse is agmen ed and o en misdi ec ed. The ocus o mos
cybe secu i y measu es emains hea ily skewed owa ds echnology,
o en a he expense o unde s anding he human elemen . Thus, he e
is an u gen need o ecalib a e his ocus, blending echnological
o i ica ions wi h a deep di e in o human psychology o be e p o ec
agains eme ging ulne abili ies.
This s udy ma ks a s ep owa ds ha goal. Speci ically, i s p ima y
objec i es a e o (𝑖) de elop a comp ehensi e axonomy o echniques
∗Co espondence o: Ka aoli & Dimi iou 80, Pi aeus 185 34, G eece.
E-mail add esses: [email p o ec ed] (I. S ylianou), [email p o ec ed] (C. Xenakis).
employed in phishing a acks, (𝑖𝑖) apply he newly p oposed me -
ics in oduced he ein o quan i y and compa e he e ec i eness o
hese echniques, and (𝑖𝑖𝑖) analyze hei implemen a ion in high-p o ile,
eal-wo ld a acks.
Mos decisions people make a e handled by hei unconscious,
e en mo e so in online con ex s (Muscanell, Guadagno, & Mu phy,
2014; Newell & Shanks, 2014). In his manusc ip , we use he noun
unconscious (and i s adjec i al coun e pa nonconscious) o deno e he
au oma ic, Sys em 1 men al p ocesses ha occu wi hou delibe a e
awa eness o in en (Kahneman, 2011); p ocesses whose igge ing
s imuli a e consciously pe cei ed bu whose in luence on hough and
beha io emains ou side he indi idual’s awa eness (Ba gh & Mo sella,
2008). The nonconscious p ocesses, being unable o be pe cei ed and
analyzed by de ini ion, a e suscep ible o c ea ing a alse pe cep ion,
he e o e a ec ing he subjec ’s decisions (S eele & Mo awski, 2002).
By eeding nonconscious p ocesses p ope s imuli, one can manipula e
an indi idual’s pe cep ion and ul ima ely hei decisions (Dijks e huis,
Smi h, an Baa en, & Wigboldus, 2005; Kiesel e al., 2006).
Acco ding o he wo ld- enowned hacke and social enginee Ke in
Mi nick, social enginee ing e ol es a ound he adep use o in luence
and pe suasion o decei e indi iduals, con incing hem ha he social
enginee is someone else (Mi nick & Simon, 2003). Social enginee ing
h ps://doi.o g/10.1016/j.chb .2025.100694
Recei ed 30 July 2024; Recei ed in e ised o m 11 May 2025; Accep ed 11 May 2025
Compu e s in Human Beha io Repo s 19 (2025) 100694
A ailable online 27 May 2025
2451-9588/© 2025 Published by Else ie L d. This is an open access a icle unde he CC BY-NC-ND license ( h p://c ea i ecommons.o g/licenses/by-nc-nd/4.0/ ).
I. S ylianou e al.
Fig. 1. Flowcha o he i e a i e esea ch me hodology.
hea ily a ge s he nonconscious mind, aiming o al e he ic ims’
pe cep ion and ul ima ely manipula e hei decisions wi hou hei
awa eness. As mo e a ack ec o s o social enginee ing a e disco -
e ed, pa icula ly in online en i onmen s (K ombholz, Hobel, Hube ,
& Weippl, 2015), he e is a g owing ecogni ion o he need o del e
deepe in o he psychological dimensions o secu i y (En ici, Ancilli, &
Lioy, 2010; Schneie , 2015). This ecogni ion unde sco es he necessi y
o u he esea ch in his domain, as cu en unde s anding emains
supe icial and agmen ed ac oss exis ing li e a u e (Mon añez, Golob,
& Xu, 2020).
Examining his o y’s mos signi ican social enginee ing a acks is
c ucial o comp ehending hei cons i uen elemen s. Upon sc u iniz-
ing hese p ominen examples, i becomes e iden ha hey all hea ily
le e age psychological ac ics o achie e hei objec i es (En ici e al.,
2010; Schneie , 2015). To ackle his issue, his a icle o e s a esh
pe spec i e on online social enginee ing a acks by employing insigh s
om psychology. The chosen app oach in ol es a h ee old me hodol-
ogy designed o add ess he esea ch objec i es comp ehensi ely: (𝑖) a
ho ough axonomy o psychological echniques ha a e agmen ed
h oughou he li e a u e, (𝑖𝑖) no el me ics o quan i a i ely e alua e
echnique e ec i eness, and (𝑖𝑖𝑖) a eal-wo ld inciden case analy-
sis. These componen s collec i ely in es iga e compliance-enhancing
psychological echniques, e alua e hei applica ion in online social
enginee ing a acks, and empi ically compa e hei e ec i eness o
academic and p ac i ione needs. Fig. 1 illus a es he i e a i e me hod-
ology employed in his esea ch. Taxonomy de elopmen , me ics c e-
a ion, and eal-wo ld alida ion wo k oge he h ough eedback loops
o e ine he amewo k con inuously. This i e a i e app oach mi o s
con inuous in eg a ion and con inuous deploymen (CI/CD) cycles, en-
su ing obus and adap i e esul s. To he bes o ou knowledge, no
p io s udy has ocused on in es iga ing and applying con empo a y
psychological ac ics in social enginee ing a acks, no has any sough
o compa e he e icacy o es ablished echniques. This in e disciplina y
app oach is poised o enhance ou unde s anding o online social
enginee ing a acks by amalgama ing insigh s om bo h disciplines.
In summa y, unde s anding he psychological echniques used in
phishing is c ucial, as hese echniques o m he co e o phishing
a acks by signi ican ly enhancing he e ec i eness o decep ion. This
obse a ion is ein o ced by he eal-wo ld inciden s analyzed in his
s udy, which elied hea ily on such psychological echniques. Cu -
en ly, knowledge a he in e sec ion o cybe secu i y and psychology
is supe icial and agmen ed ac oss he li e a u e. Exis ing esea ch has
no su icien ly examined how psychological p inciples can be applied
wi hin in o ma ion secu i y, no has i assessed hei impac on he suc-
cess o cybe a acks. Wi h he con inuous p oli e a ion o a ack ec o s
in online en i onmen s (K ombholz e al., 2015) and a p e ailing ocus
on echnical coun e measu es, he cu en s a e o esea ch ails o p o-
ide an adequa e de ense agains phishing (En ici e al., 2010; Schneie ,
2015). Jus as isk managemen p inciples sugges add essing he mos
se e e isks i s , i is necessa y o iden i y and p io i ize he mos
e ec i e decep i e echniques. Since no sui able me ics p e iously
exis ed, his s udy in oduces new me ics o cha ac e ize and ank
hese echniques by hei e ec i eness unde a ious ci cums ances
discussed in Sec ion 5, he eby allowing o an assessmen o hei
ela i e se e i y.
In e ms o p ac ical implica ions and po en ial applica ions, his
esea ch o e s cybe secu i y p o essionals a comp ehensi e oolki o
psychological echniques, each e alua ed o i s e ec i eness ac oss
di e en asks. Newly eme ging echniques can be igo ously mea-
su ed and compa ed agains es ablished me hods using he p oposed
amewo k. By e alua ing and compa ing eme ging me hods using his
amewo k, p ac i ione s can op imize aining and imp o e de ec ion
solu ions le e aging Na u al Language P ocessing (NLP) and LLMs.
This app oach enables he inco po a ion o psychological echniques
in o S a e-o - he-a (SOTA) phishing de ec ion, ul ima ely inc easing
accu acy.
O e all, his a icle makes he ollowing con ibu ions:
•A ho ough, comp ehensi e axonomy o psychological
echniques co ela ed wi h online social enginee ing a acks is
in oduced.
•An analysis o eal-wo ld applica ions by iden i ica ion and dis-
cussion o he implemen a ion o psychological echniques in he
mos p ominen eal-li e a acks.
•No el me ics o e alua e he e ec i eness o psychological ech-
niques in a sys ema ic and s anda dized way. Using hese me ics,
an e ec i eness compa ison o exis ing echniques ac oss a ying
ini ial compliance ci cums ances has been pe o med. This ap-
p oach no only enables a obus assessmen o newly eme ging
echniques bu also e eals c i ical insigh s in o each echnique’s
e ec i eness unde di e en compliance scena ios, as well as i s
compa a i e e icacy ela i e o o he s. The esul s we e alida ed
h ough compa ison wi h p e ious li e a u e (Bullée, Mon oya,
Pie e s, Junge , & Ha el, 2018).
•Fu u e esea ch di ec ions ha e been iden i ied and analyzed
o d i e much-needed esea ch in he c oss-disciplina y ield o
cybe secu i y and psychology.
Compu e s in Human Beha io Repo s 19 (2025) 100694
2
I. S ylianou e al.
The emainde o his a icle is o ganized as ollows. Sec ion 2
p o ides a b ie o e iew o ela ed esea ch and iden i ies i s limi-
a ions. Sec ion 3 del es in o he analysis o psychological echniques.
Sec ion 4 explo es he applica ion o hese echniques in speci ic online
social enginee ing a acks. Thei e ec i eness is hen compa ed in
Sec ion 5. Sec ion 6 discusses he indings, esea ch limi a ions and
u u e esea ch di ec ions. Finally, Sec ion 7 o e s concluding ema ks.
2. Rela ed wo k
Va ious ela ed wo ks, spanning om 1952 o he p esen , ha e
been examined in his esea ch, as summa ized in Table 1. The li e a-
u e e iew was conduc ed using a me hodical app oach o iden i y and
compile all ele an wo ks on compliance and con o mi y ac oss mul-
iple domains. Sea ches we e pe o med p ima ily on Google Schola
and o he academic da abases (e.g. ACM Digi al Lib a y, ScienceDi-
ec , IEEE Xplo e, Sp inge Link, a Xi ), employing a b oad ange o
keywo ds, including bu no limi ed o compliance, con o mi y, pe -
suasion, decep ion, social enginee ing, phishing, ma ke ing psychology,
beha io al psychology, and social psychology. No empo al limi s we e
imposed. Speci ically, we included only English-language wo ks and
p io i ized pee - e iewed jou nal a icles, con e ence p oceedings, and
academic books. Empi ical s udies we e equi ed o p esen o iginal
da a on compliance/con o mi y phenomena; pu ely heo e ical o opin-
ion pieces wi hou empi ical suppo we e excluded. The e iewed
ma e ials include jou nal a icles, books, con e ence pape s, and aca-
demic and non-academic sou ces. Inclusi eness se ed as he p ima y
selec ion c i e ion, aiming o inco po a e e e y documen ed echnique
and s udy ela ed o compliance and con o mi y phenomena po en-
ially applicable in online con ex s. C oss- e e encing and snowballing
echniques ensu ed comp ehensi eness, and e e ences om key pa-
pe s we e examined. This inal collec ion o li e a u e embodies an
in e disciplina y a ay o s udies d awn om ields such as psychology,
cybe secu i y, and ma ke ing. This sec ion highligh s he mos ele an
and signi ican wo ks o iden i y exis ing gaps and emphasize he
unique con ibu ions o his esea ch.
In Bullée e al. (2018), he au ho s analyze and dissec social engi-
nee ing a acks ound in li e a u e wo ks such as books o no els. The
s udy ca ego izes echniques based on Cialdini’s p inciples (Cialdini,
1984) and depic s he p ocedu es used on each a ack s ep in a ee
o m. Howe e , a limi a ion o his wo k is ha he analysis is no
based on human pa icipan s and is limi ed o he speci ic echniques
desc ibed in Cialdini’s wo k.
Ano he s udy specializing in In e ne scams (Muscanell e al., 2014)
is also based on Cialdini’s p inciples (Cialdini, 1984). Fo each p inci-
ple, he s udy analyses why indi iduals all ic im o In e ne scams.
Ne e heless, i does no inco po a e any up- o-da e echniques o
p esen any da a om psychological expe imen s ha depic he e ec-
i eness o di e en echniques.
In K ombholz e al. (2015), a axonomy o known social enginee ing
a acks is made based on he ype o he a ack, he channel h ough
which i is ca ied, and he ope a o o he a ack. The s udy also
p o ides an o e iew o a ack ec o s and a discussion o eal-wo ld
inciden s. E en so, in his s udy, he psychological dimension is no con-
side ed, and no p ecau ions o p e en o mi iga e social enginee ing
a acks a e p oposed.
S udies om he ma ke ing ield analyze how he consume can be
manipula ed and how he unconscious in luences hei decision-making
p ocess espec i ely (Dijks e huis e al., 2005; Newell & Shanks, 2014).
None heless, hose s udies a e un ela ed o social enginee ing and
ocus speci ically on he consume ’s psychology and he unconscious,
espec i ely.
Ano he s udy analyzes how psychological dimensions ha e been
aken in o conside a ion in he ecen li e a u e on in o ma ion secu-
i y (En ici e al., 2010). The s udy concludes ha ‘‘i is ha d o say
ha he psychological dimension o IT secu i y may be conside ed nowa-
days a ield o esea ch’’. The s udy poin s ou ha he psychological
dimension is usually omi ed in in o ma ion secu i y and, he e o e,
highligh s he impo ance o in es iga ing he psychological dimension
o secu i y o a oid i being he weakes link ha allows he chain o
secu i y o b eak. This s udy ema ks on he lack o a en ion gi en
o he psychological dimension wi hou discussing any psychological
echniques.
In Fe ei a and Teles (2019), he au ho s s udy a sample o 194
phishing emails da ed 2008–2017 o iden i y pe suasion p inciples
and p esen a me hod o de ine a ool o au oma ed iden i ica ion o
p inciples o human pe suasion. This esea ch is based on NLP and does
no analyze he echniques psychologically o gauge hei e ec i eness.
Simila ly, in S ojnic, Va salan, and A achchilage (2021), he au ho s
s udy phishing emails using NLP, opic modeling and clus e ing. The e
is a compa ison be ween phishing and egula emails as well as opic
wo ds de ined based on G agg’s psychological igge s (G agg, 2003).
This a icle does no s udy he psychological echniques, bu a he he
emails based on a subse o he echniques.
To summa ize, exis ing wo k ocuses on speci ic pe suasion ech-
niques, mos ly om a psychological s andpoin . Un o una ely, exis ing
esea ch lacks in es iga ion in o how hose echniques can be applied
in he in o ma ion secu i y ield and ails o compa e he echniques
based on e ec i eness. In o de o add ess hose limi a ions, his s udy
includes a me a-analysis o psychological echniques based on empi ical
da a, compa es he e ec i eness o he echniques using new me ics
de ined in his a icle, and examines how he echniques can be used
in online social enginee ing a acks.
3. Taxonomy o psychological echniques
A sys ema ic e iew and empi ical analysis o se e al psychological
echniques sca e ed h oughou he li e a u e p o ides a sel -con ained
summa y o each echnique, i s ca ego y, and empi ical da a om
pas expe imen s. The echniques included in his s udy ep esen a
comp ehensi e collec ion o all compliance and con o mi y echniques
iden i ied ac oss di e en sub-domains o psychology, including beha -
io al, social, and ma ke ing psychology. Apa om he psychological
domains ha we e deemed pe inen o social enginee ing, no addi-
ional selec i e c i e ia we e applied, ensu ing he axonomy cap u es
he ull ange o documen ed app oaches. The esul s o he expe i-
men s ha e been o ma ed in o ables and igu es ha a e easy o
comp ehend, p o iding a dense and compac isualiza ion o each ech-
nique’s empi ical ou comes and e ec i eness. This app oach acili a es
a deepe in es iga ion in o how hese echniques can be deployed in
social enginee ing a acks (Sec ion 4) and suppo s hei subsequen
compa ison (Sec ion 5). The axonomy is depic ed in Fig. 2 and u he
elabo a ed in his sec ion.
3.1. Gende , cul u e, and indi idual cha ac e is ics
This sec ion examines he in luences o gende , cul u e, and indi-
idual cha ac e is ics on con o mi y and pe suasion. We explo e how
di e en gende s eac wi hin di e en con ex s and analyze indi idual
ai s such as sel -es eem, age, and a ilia ion, o unde s and hei
impac on pe suasi e ou comes. This analysis aims o highligh he
complex in e play be ween pe sonal and socie al ac o s ha shape
beha io al esponses and in luence echniques in human in e ac ions.
3.1.1. Gende and cul u e
The ole o gende in con o mi y has been in es iga ed in se e al
s udies (Ab oshan, De os, Poels, & Lae mans, 2021; Coope , 1979;
Eagly, 1978; Eagly, Wood, & Fishbaugh, 1981). The e is a di e ence
ega ding he con o mi y o men and women, whe e based on p e ious
esea ch (Ab oshan e al., 2021; Bond & Smi h, 1996; Coope , 1979),
women a e mo e likely o con o m han men, howe e he scena io
Compu e s in Human Beha io Repo s 19 (2025) 100694
3
I. S ylianou e al.
Table 1
O e iew o he e iewed li e a u e.
Type Ti le Yea Domain
Jou nal A icle G oup o ces in he modi ica ion and dis o ion o judgmen s 1952 Psychology
Jou nal A icle Opinions and social p essu e 1955 Psychology
Jou nal A icle S udies o independence and con o mi y: I. A mino i y o one agains a unanimous majo i y 1956 Psychology
Jou nal A icle Compliance, iden i ica ion, and in e naliza ion h ee p ocesses o a i ude change 1958 Psychology
Jou nal A icle Compliance wi hou p essu e: The oo -in- he-doo echnique 1966 Psychology
Jou nal A icle No e on he d awing powe o c owds o di e en size 1969 Psychology
Book Social Psychology 1969 Psychology
Book Social in luence, con o mi y bias, and he s udy o ac i e mino i ies 1972 Psychology
Miscellaneous Obedience o au ho i y: An expe imen al iew 1974 Psychology
Jou nal A icle Recip ocal concessions p ocedu e o inducing compliance: The doo -in- he- ace echnique 1975 Psychology
Jou nal A icle E ec s o Physical A ac i eness, Sex and Sex-Role on T ai A ibu ions 1977 Psychology
Jou nal A icle Low-ball p ocedu e o p oducing compliance: Commi men hen cos 1978 Psychology
Jou nal A icle Sex di e ences in in luenceabili y 1978 Psychology
Jou nal A icle The mindlessness o os ensibly hough ul ac ion: The ole o placebic in o ma ion in in e pe sonal in e ac ion 1978 Psychology
Book The jigsaw class oom 1978 Psychology
Jou nal A icle S a is ically combining independen s udies: A me a-analysis o sex di e ences in con o mi y esea ch 1979 Psychology
Miscellaneous The E ec s o O e Head Mo emen s on Pe suasion: Compa ibili y and Incompa ibili y o Responses 1980 Psychology
Jou nal A icle Sex di e ences in con o mi y: Su eillance by he g oup as a de e minan o male noncon o mi y 1981 Psychology
Jou nal A icle Sex o esea che s and sex- yped communica ions as de e minan s o sex di e ences in in luenceabili y: a me a-analysis o
social in luence s udies
1981 Psychology
Jou nal A icle The Pe cep ion o And ogyny and Physical A ac i eness 1983 Psychology
Book In luence: The psychology o pe suasion 1984 Psychology
Jou nal A icle Inc easing compliance by imp o ing he deal: The ha ’s-no -all echnique 1986 Psychology
Book The obbe s ca e expe imen : In e g oup con lic and coope a ion.[O ig. pub. as In e g oup con lic and g oup ela ions] 1988 Psychology
Jou nal A icle The A ac i eness o Gende -Typed T ai s a Di e en Rela ionship Le els: And ogynous Cha ac e is ics May Be Desi able
a e all
1994 Psychology
Jou nal A icle Cul u e and con o mi y: A me a-analysis o s udies using Asch’s (1952b, 1956) line judgmen ask 1996 Psychology
Jou nal A icle In luence o pe suade gende e sus gende o a ge on he selec ion o compliance-gaining s a egies 1996 Psychology
Jou nal A icle The chameleon e ec : The pe cep ion–beha io link and social in e ac ion 1999 Psychology
Jou nal A icle Implici cogni ion and he social unconscious 2002 Psychology
Book The a o decep ion: Con olling he human elemen o secu i y 2003 Cybe secu i y
Jou nal A icle The chameleon e ec as social glue: E idence o he e olu iona y signi icance o nonconscious mimic y 2003 Psychology
Jou nal A icle A mul i-le el de ense agains social enginee ing 2003 Cybe secu i y
Jou nal A icle The Unconscious Consume : E ec s o En i onmen on Consume Beha io 2005 Psychology
Jou nal A icle Unconscious manipula ion o ee choice in humans 2006 Psychology
Jou nal A icle Going along e sus going alone: when undamen al mo i es acili a e s a egic (non) con o mi y 2006 Psychology
Book In luence: The psychology o pe suasion 2007 Psychology
Jou nal A icle Social enginee ing: Exploi ing he weakes links 2008 Cybe secu i y
Miscellaneous Obedience o au ho i y 2009 Psychology
Jou nal A icle Pe suasi e sys ems design: Key issues, p ocess model, and sys em ea u es 2009 Psychology
Con e ence Pape A psychological app oach o in o ma ion echnology secu i y 2010 Cybe secu i y
Jou nal A icle Pee in luence: neu al mechanisms unde lying in-g oup con o mi y 2013 Psychology
Jou nal A icle Weapons o In luence Misused: A Social In luence Analysis o Why People Fall P ey o In e ne Scams 2014 In e disciplina y
Jou nal A icle Unconscious in luences on decision making: A c i ical e iew 2014 Psychology
Jou nal A icle Ad anced social enginee ing a acks 2015 Cybe secu i y
Book Sec e s & Lies: digi al secu i y in a ne wo ked wo ld 2015 Cybe secu i y
Con e ence Pape Managing Social Enginee ing A acks-Conside ing Human Fac o s and Secu i y In es men 2015 Cybe secu i y
Jou nal A icle E ec s o G oup P essu e Upon he Modi ica ion and Dis o ion o Judgmen s 2016 Psychology
Miscellaneous Aus ian Ae onau ics Company Loses O e €42 Million o BEC Scam. 2016 Cybe secu i y
Jou nal A icle On he ana omy o social enginee ing a acks-A li e a u e-based dissec ion o success ul a acks 2017 In e disciplina y
Jou nal A icle The In luence o he A a a on Online Pe cep ions o An h opomo phism, And ogyny, C edibili y, Homophily, and A ac ion 2017 Psychology
Jou nal A icle Social enginee ing in cybe secu i y: The e olu ion o a concep 2018 Cybe secu i y
Jou nal A icle Hacking he human: The p e alence pa adox in cybe secu i y 2018 In e disciplina y
Jou nal A icle Vi uous human hacking: The e hics o social enginee ing in pene a ion- es ing 2019 Cybe secu i y
Jou nal A icle The In luence o Age, Gende , and Cogni i e Abili y on he Suscep ibili y o Pe suasi e S a egies 2019 Psychology
Jou nal A icle Social enginee ing a acks: A su ey 2019 Cybe secu i y
Miscellaneous Li huanian Man Sen enced To 5 Yea s In P ison Fo The O O e $120 Million In F audulen Business Email Comp omise
Scheme
2019 Cybe secu i y
Jou nal A icle Pe suasion: How phishing emails can in luence use s and bypass secu i y measu es 2019 In e disciplina y
Jou nal A icle G oup Con o mi y in Social Ne wo ks 2019 Psychology
Jou nal A icle Human cogni ion h ough he lens o social enginee ing cybe a acks 2020 In e disciplina y
Miscellaneous Analysis and Usage o Pene a ion Tes ing Tools 2021 Cybe secu i y
Miscellaneous 7 o he bigges phishing scams o All ime 2021 Cybe secu i y
Jou nal A icle Phishing email s a egies: Unde s anding cybe c iminals’ s a egies o c a ing phishing emails 2021 Cybe secu i y
Jou nal A icle Phishing Happens Beyond Technology: The E ec s o Human Beha io s and Demog aphics on Each S ep o a Phishing P ocess 2021 In e disciplina y
Book P inciples o Social Psychology-1s In e na ional H5P Edi ion 2022 Psychology
Miscellaneous S anley Milg am Shock Expe imen : Summa y, Resul s, & E hics 2022 Psychology
Miscellaneous 5 o he mos expensi e phishing scams in his o y 2022 Cybe secu i y
Miscellaneous O ice 365 phishing a ack impe sona es he US Depa men o Labo 2022 Cybe secu i y
Miscellaneous Obedience To Au ho i y In Psychology 2023 Psychology
Miscellaneous Wha is con o mi y? 2023 Psychology
Miscellaneous The milg am shock expe imen 2023 Psychology
Miscellaneous Robbe s Ca e Expe imen | Realis ic Con lic Theo y 2023 Psychology
Miscellaneous 5 wo s whaling a acks: Whale phishing 2023 Cybe secu i y
Miscellaneous 15 examples o eal social enginee ing a acks 2023 Cybe secu i y
Compu e s in Human Beha io Repo s 19 (2025) 100694
4
I. S ylianou e al.
Fig. 2. Analysis and axonomy o psychological echniques ee o con en s.
a hand is an impo an ac o . Mo e speci ically, some esea ch has
ound ha women a e mo e likely o con o m o g oup no ms and
expec a ions han men, especially when i comes o ma e s o social
e ique e and appea ance, while men may be mo e likely o con o m
o g oup no ms and expec a ions in si ua ions whe e he e is a clea
hie a chy, o a need o asse dominance (Jhangiani & Ta y, 2022).
Howe e , he cul u al se ing o he su eys has been no ed o be
signi ican ly ela ed o con o mi y (Bond & Smi h, 1996). No ably, con-
o mi y was g ea e in mo e collec i is han in indi idualis coun ies.
Fac o s such as socializa ion, expec a ions, and powe dynamics play
an essen ial ole. I is in e es ing o no e ha men a e less likely o
con o m when hey a e obse ed (Eagly, 1978; Eagly e al., 1981),
possibly o be compa ible wi h hei socie al ole as independen and
con iden , o o y o in luence he es o he g oup (Eagly e al.,
1981). La e s udies ha e shown ha men esis con o mi y in o de
o demons a e hei quali y as ma es when hey a e being pe suaded
a e ha ing oman ic hough s and sexual a ac ion (G iske icius,
Golds ein, Mo ensen, Cialdini, & Ken ick, 2006).
Aside om ha , he e has been e idence o show ha di e en
echniques a e mo e e ec i e when used agains di e en gende s (Ab-
dullahi, Oyibo, O ji, & Kawu, 2019) and ha he combina ion o sexes
o he pe suade and pe suadee is also impo an (He zog & Scudde ,
1996). Abdullahi e al. (2019) conclude ha males a e mo e likely o
be suscep ible o social lea ning,1 while emales a e mo e likely o be
suscep ible o ewa d2 and us wo hiness.3 All de ini ions o social
lea ning, ewa d and us wo hiness a e based on Oinas-Kukkonen and
1A pe suasi e s a egy ha allows a use o obse e he beha io s o o he s
in he hope ha hey will be in luenced in one way o he o he o beha e in
a simila way.
2O e ing incen i es o use s o pe o ming a a ge beha io .
3The s a egy o mo i a e use s o adop and/o use a sys em by enhancing
hei pe cei ed us in he sys em and he se ices i o e s.
Ha jumaa (2009). Acco ding o He zog and Scudde ’s esea ch (He -
zog & Scudde , 1996), men use impe sonal commi men s and expe ise
o pe suade women while hey p e e punishing and expe ise in some
cases o ha e o he men con o m. On he o he hand, women end
o use mainly impe sonal and some imes pe sonal commi men s when
pe suading men, while hey shi o a combina ion o mos ly expe ise
accompanied by pe sonal commi men s and ewa ds o pe suade o he
women. To he bes o ou knowledge, based on he li e a u e e iewed
o da e he e ha e been no u he s udies ha expand upon o upda e
he indings o gende combina ions in pe suasion.
He zog and Scudde ’s s udy (He zog & Scudde , 1996) included
120 s uden s (46 males and 76 emales) who we e asked o w i e in
de ail abou he mos ecen ins ance in which hey had o pe suade
someone else o comply. The expe imen showed ha pe suade - a ge
gende pai ings a ec compliance a es. Speci ic sui abili y me ics o
di e en app oaches o di e en gende combina ions can be ound in
he s udy.
3.1.2. Indi idual cha ac e is ics
The cha ac e is ics o he pe son being pe suaded a ec he success
a e o he pe suasion mechanism and in u n he e icacy o he social
enginee ing a acks. The ollowing indi idual cha ac e is ics ma e
when pe suading someone (Jhangiani & Ta y, 2022):
Sel -es eem: Lowe sel -es eem c ea es a highe need o belong, which
in u n inc eases he need o app o al, hus inc easing con o mi y.
Age: People below 40 a e mo e likely o be in luenced.
A ilia ion: People a ilia ed wi h he g oup c ea ing con o mi y a e
likelie o con o m.
I is impo an o no e ha he e ec o a pe son’s indi idual
cha ac e is ics on con o mi y is less ele an han ha o social a i-
ables. Inc easing he unanimi y o he numbe o he g oup has mo e
signi ican e ec s on he compliance a e.
3.1.3. And ogyny
And ogynous people a e o en pe cei ed mo e a o ably han a-
di ionally sex- yped o sex- e e sed oles acco ding o se e al s ud-
ies (G een & Ken ick, 1994; Jackson, 1983; Majo & Deaux, 1977;
Nowak & Rauh, 2017). And ogyny seems o ha e a g ea e posi i e
impac o women, who we e e alua ed highe in all dimensions,
han i does o and ogynous men, who we e a ed less asse i e and
masculine (Majo & Deaux, 1977), al hough he indings o G een
and Ken ick (1994) show simila a o abili y o and ogynous male
and emale a ge s compa ed o hei adi ionally gende - yped4 oles.
G een and Ken ick’s expe imen included ou gende - ype combina-
ions (i.e., and ogynous, masculine, eminine, and undi e en ia ed) and
wo a iables (i.e., ins umen ali y—consis ing o ai s such as being
independen , ac i e, compe i i e, decisi e, ne e gi ing up, supe io ,
s anding up well unde p essu e, sel -con iden and exp essi eness—
consis ing o ai s such as being emo ional, de o ed o o he s, gen le,
kind, awa e o eelings o o he s, unde s anding, help ul, wa m). The
di e en combina ions can be ound in Table 2.
Pa icipan s, consis ing o 135 emales and 86 males, comple ed a
Pe sonal A ibu es Ques ionnai e (PAQ) o each o he ou gende -
ype combina ions. Subsequen ly, hey we e ins uc ed o assess he
a ac i eness o he depic ed indi iduals using a scale anging om
1 o 9. This p ocess was epea ed, wi h pa icipan s p o iding in o ma-
ion ega ding he indi iduals’ ins umen ali y o exp essi eness ai s
while wi hholding any con adic o y de ails om he ques ionnai e.
The indings e ealed a p e e ence o a ge s exhibi ing high in-
s umen ali y and high exp essi eness. Female pa icipan s anked
4Beha io s, ai s, and social oles commonly associa ed wi h a speci ic
gende in socie y, o en pe pe ua ed h ough cul u al no ms and socializa ion
p ocesses.
Compu e s in Human Beha io Repo s 19 (2025) 100694
5
I. S ylianou e al.
Table 2
Le el o ins umen ali y and exp essi eness o di e en
ype o people (s symbol is used o high and sym-
bol o low).
P o ile Ins umen ali y Exp essi eness
And ogynous s s
Masculine s
Feminine s
Undi e en ia ed
Table 3
Resul s o he and ogyny expe imen .
Ins umen ali y Exp essi eness
Low High Low High
Male 4.55 6.68 3.61 7.25
Female 2.6 6.81 3.01 7.16
Fig. 3. And ogyny as a de e minan in in luenceabili y (G een & Ken ick, 1994).
males wi h high exp essi eness and low ins umen ali y as hei second
choice, con a y o he expec ed p e e ence o gende - yped males wi h
high ins umen ali y and low exp essi eness. Fig. 3 p o ides a isual
summa y o he expe imen ’s esul s included in Table 3, wi h he 𝑦-axis
deno ing pa icipan s’ a ings o he desi abili y o indi iduals ac oss
di e en gende ypes.
3.1.4. A a a s
People o en ep esen hemsel es online in oday’s socie y. An h o-
pomo phic a a a s we e iewed as mo e a ac i e and c edible (Nowak
& Rauh, 2017). Feminine a a a s we e epo ed o be mo e a ac i e
compa ed o masculine a a a s. Wi h many social enginee ing a acks
occu ing online, such as phishing a acks pe o med ia social media
o messaging pla o ms, he a a a o choice o he a acke could play
a ole in he pe o mance o he a ack.
3.2. G oups
People’s in e ac ion in g oup se ings has been obse ed o hea ily
a ec hei easoning. People end o con o m when imposed wi h
he p essu e o a g oup’s opinion (Asch, 1952, 1956, 2016). This
has also been obse ed in online se ings, as seen in he esea ch
o Mo ison and Naumo (2019). Fu he s udies ha e used unc ional
Fig. 4. G oup size as a de e minan in in luenceabili y (Asch, 1955).
magne ic esonance imaging ( MRI) echnology o explo e he un-
de lying mechanisms ha cause his beha io , which con i med his
obse a ion (S allen, Smid s, & San ey, 2013). Solomon Asch’s expe -
imen s ocused on jus ha . The pa icipan was placed in a g oup
and was asked o ma ch he leng h o each gi en line o any o h ee
possible answe s. The e we e 18 ials, 12 o which we e c i ical (whe e
he g oup ga e a unanimous e oneous answe ). E e yone else in he
g oup ga e a con adic ing—while ob iously inco ec —answe . Asch’s
s udy included 50 male pa icipan s in he C i ical/Expe imen al g oup
and 37 male pa icipan s in he con ol g oup. The esul s o he
Expe imen al G oup we e he ollowing:
•Ne e con o med: 26%
•Con o med on a leas one ial: 74%
•Always con o med: 5%
•A e age con o mi y: 32% o he c i ical ials (192 e o s on 600
ials)
•All e o s o he c i ical g oup we e owa ds he es ima ion o he
majo i y
•Con ol g oup e o a e: 1 pe son made 1 e o ; 1 pe son made 2
e o s. The e we e a o al o 3 e o s in 37 ⋅12 = 564 ials (0.54%
e o a e)
Fu he expe imen s (Asch, 1956) conduc ed by Asch, such as e-
la ed expe imen s on d awing he a en ion o passe sby Milg am,
Bickman, and Be kowi z (1969), show ha he op imal g oup size
(wi hou including he a ge o he expe imen ) is h ee o i e indi-
iduals as shown in Fig. 4. The g oup’s unanimi y is highly signi ican ;
he p esence o an ‘‘ally’’ in he g oup (who always answe ed co ec ly)
d as ically d ops he le els o con o mi y as illus a ed in Fig. 5.
3.3. Placebic and eal in o ma ion
Th ee di e en expe imen s we e conduc ed o es he mind ulness
and consciousness o he pa icipan s’ social beha io by ecei ing
di e en communica ions wi h he ollowing p ope ies (Lange , Blank,
& Chanowi z, 1978):
•Seman ically sensible o no
•S uc u ally consis en wi h p e ious expe ience o no
•Reques ing an e o ul esponse o no
Compu e s in Human Beha io Repo s 19 (2025) 100694
6
I. S ylianou e al.
Fig. 5. G oup unanimi y as a de e minan in in luenceabili y (Asch, 1955).
Table 4
Resul s o he xe ox copying machine expe imen .
Reques Placebic Real
Small (5 pages) 60% (9/15) 93% (14/15) 94% (15/16)
La ge (20 pages) 24% (6/15) 24% (6/15) 42% (10/24)
In he ollowing sec ions, we analyze hese expe imen s o gain
insigh s ega ding placebic in o ma ion, cong ui y, and eques ed e o
in pe suasion.
3.3.1. Xe ox copying machine
Fo he i s expe imen ega ding placebic in o ma ion, he ex-
pe imen e sa a a able in he lib a y whe e hey had a clea iew
o he copie . When a pa icipan used he copie and placed hei
ma e ial on he machine, he expe imen e app oached hem igh
be o e hey deposi ed he money o begin copying. The pa icipan
asked he expe imen e o use he machine i s o copy 5 o 20 pages.
I he expe imen e had ewe pages o copy han he pa icipan , his
cons i u es a small a o . O he wise, he a o is conside ed o be la ge.
The expe imen e used h ee di e en ph ases o pe o m he e-
ques :
•Reques : ‘‘Excuse me, I ha e (5/20) pages. May I use he xe ox
machine?’’
•Placebic in o ma ion: ‘‘Excuse me, I ha e (5/20) pages. May I
use he xe ox machine, because I ha e o make copies?’’
•Real in o ma ion: ‘‘Excuse me, I ha e (5/20) pages. May I use
he xe ox machine, because I’m in a ush?’’
The esul s o he expe imen can be summa ized in Table 4, as well
as on Fig. 6:
The expe imen shows ha , o small eques s, people accep place-
bic in o ma ion as an equally alid eason as eal in o ma ion and a e
mo e likely o comply. When he a o becomes la ge , he o ende
needs o inco po a e eal in o ma ion o u ge he ic im o comply.
The o ende can manipula e hei ic im in o complying using ei he
placebic in o ma ion o a small eques o ele an in o ma ion in
a o o a g ea e scale.
Fig. 6. Xe ox copying machine compliance a e.
Table 5
Resul s o he ques ionnai e expe imen (Cong ui y).
High S a us Random S a us
Cong uen 55% (11/20) 20% (4/20)
Incong uen 32% (6/19)) 37% (7/19)
Table 6
Resul s o he ques ionnai e expe imen (All Combina ions).
High s a us Random s a us
Pe sonal Impe sonal Pe sonal Impe sonal
Demand 33% (3/9) 40% (4/10) 44% (4/9) 20% (2/10)
Reques 70% (7/10) 30% (3/10) 20% (2/10) 30% (3/10)
3.3.2. Ques ionnai e in he mail
Fo he second s udy on placebic in o ma ion, eigh y (80) andomly
selec ed pa icipan s we e mailed a ques ionnai e con aining i e unim-
po an ques ions. The pa icipan s we e o di e en s a us (Lange
e al., 1978):
•40 o he pa icipan s we e om he Manha an elephone di ec-
o y.
•40 o he pa icipan s we e om he ‘‘Physicians’’ sec ion o he
Manha an Yellow pages.
The condi ions o e e y le e a ied be ween cong uen /
incong uen , eques /demand, pe sonal/impe sonal, c ea ing 2 × 2 = 4
combina ions:
•Reques : ‘‘I would app ecia e i i you would ill ou he a ached
ques ionnai e and e u n i in he enclosed en elope o me by
Sep embe 10’’.
•Demand: ‘‘The a ached ques ionnai e is o be illed ou and
e u ned by Sep embe 10’’.
•Pe sonal: The le e was signed ‘‘Thank you o you help, Geo ge
L. Lewis’’.
•Impe sonal: The le e was wi hou any signa u e.
The le e s a e cha ac e ized as cong uen /incong uen based on he
cong ui y o he eques /demand and pe sonal/impe sonal a iables:
•Cong uen : Ei he a pe sonal eques o an impe sonal demand
•Incong uen : Ei he a pe sonal demand o an impe sonal eques
The esul s o he expe imen can be summa ized in Tables 5and 6,
as well as on Figs. 7and 8:
Pe sonal s yle seems o ha e had a highe a e age success a e
o high-s a us and andom-s a us pa icipan s and would be he go-
o me hod o an o ende . Pe sonal eques s had an inc edible suc-
cess a e agains high-s a us a ge s, while pe sonal demands had he
Compu e s in Human Beha io Repo s 19 (2025) 100694
7
I. S ylianou e al.
Fig. 7. Ques ionnai e compliance a e wi h espec o cong ui y.
Fig. 8. Ques ionnai e compliance a e 2 × 2 ma ix.
Table 7
Resul s o he sec e a y memo expe imen .
Pe sonal Impe sonal
Demand 60% (6/10) 50% (5/10)
Reques 70% (7/10) 90% (9/10)
same e ec o andom-s a us a ge s. High-s a us a ge s a e mo e
ola ile o cong uen condi ions. Random s a us a ge s a e una ec ed
by condi ions.
3.3.3. Sec e a y memo anda
Fo he hi d expe imen on placebic in o ma ion, eigh y- h ee (83)
memo anda we e i s collec ed om was e baske s o 20 sec e a ies
a he G adua e Cen e on he p emises o he Ci y Uni e si y o New
Yo k (Lange e al., 1978). The majo i y (68%) o he memo anda had
an impe sonal eques s uc u e, while he emaining 32% we e e enly
dis ibu ed be ween he emaining ca ego ies. Thus, he cong uen o m
o his expe imen was made up o solely impe sonal eques s. The
o he h ee possibili ies, impe sonal demands, pe sonal eques s, and
pe sonal demands, we e iewed as incong uen .
Fo his expe imen , 40 sec e a ies a he G adua e Cen e we e sen
a memo andum h ough o ice mail. The email o ms we e eques s/de-
mands in pe sonal/impe sonal o m:
•Reques : ‘‘I would app ecia e i i you would e u n his pape
immedia ely o Room 238 h ough in e o ice mail’’.
•Demand: ‘‘This pape is o be e u ned immedia ely o Room 238
h ough in e o ice mail’’.
•Pe sonal: ‘‘Since ely, John Lewis’’.
•Impe sonal: Simply had a numbe (R374021-A) appended a e
he message.
The expe imen ’s goal was simila o ha o second expe imen : o
examine how di e en condi ions a ec he pe cen age o pa icipan s
who e u ned he memo. The esul s can be summa ized in Table 7 and
Fig. 9.
The pe cen age o pa icipan s ha e u ned he memo in cong uen
condi ions (impe sonal eques : 90%) compa ed o he pa icipan s in
cong uen condi ions (mean o o he condi ions: 60%) we e shown o
be signi ican ly di e en using 0 and 1 sco es (𝑡(38) = 1.78, 𝑝 < .05).
Fig. 9. Sec e a y compliance a e wi h espec o condi ions.
People end o comply mo e when aced wi h a eques a he han
a demand. People a e much mo e likely o comply wi h a eques con-
g uen wi h hei ac ions’ egula condi ions. An o ende can maximize
he e ec i eness o a social enginee ing a ack by s udying he ic im’s
condi ions o plan he a ack acco dingly, using he p ope eques
s yle.
3.4. The p e alence e ec
The p e alence e ec is he psychological phenomenon ha a e
signals a e ha de o de ec , e en when aking in o accoun hei sig-
ni ican ly low p obabili y o occu ing. In ac , as he signal p obabili y
diminishes, he accu acy wi h which one can ecognize he signal
decays loga i hmically (Sawye & Hancock, 2018).
An expe imen o show how he p e alence e ec can be applied
o social enginee ing, pa icula ly phishing, was execu ed. The pa -
icipan s ecei ed emails o a speci ic pe iod, asking hem o ei he
download a PDF ile o upload an exis ing one. A e eading an email
in hei inbox, he pa icipan s o he s udy could pe o m one o he
ollowing h ee ac ions:
•Download a achmen s.
•Reply and upload hei own a achmen s.
•Repo said message as possibly malicious.
The na u e o he emails was one o he ollowing:
•Legi ima e: Sen om email add esses unde a speci ic domain
ending in ‘‘.com’’.
•Malwa e: The ile a ached would be an execu able (.exe) ile
ins ead o a .pd ile.
•Phishing: The email would ha e a sende add ess wi h he ‘‘. ’’
op-le el domain ins ead.
The pa icipan s we e di ided in h ee (3) di e en g oups, wi h
he signal p obabili y being 1%, 5%, 20% espec i ely. The signal
p obabili y was no known o hem, and he emails we e e enly dis-
ibu ed be ween upload and download asks. The measu emen s made
o es ima e he pa icipan s’ pe o mance we e in ega ds o hei a e
o epo ed malicious emails pe o al amoun o malicious emails
(accu acy), as well as he a e age ime spen pe email ( esponse
ime). The esul s o he expe imen a e p esen ed isually in he
esea ch o Sawye and Hancock (2018), compa ing he pe o mance
indica o s— esponse accu acy and esponse ime— o e e y g oup wi h
a di e en signal p obabili y (SP), as well as he esponse accu acy wi h
espec o di e en SP.
The esul s show ha he pa icipan s o he low signal p obabili y
g oup (1% SP) de ec ed malicious emails a a signi ican ly lowe a e
despi e alloca ing mo e ime o decide o each email. Fu he mo e,
he loga i hmic i o he da a e ie ed om he expe imen is be e
han he linea i , sugges ing ha , as seen in pas esea ch ega ding
he p e alence e ec , he pa e n ound is one o loga i hmic decay
Compu e s in Human Beha io Repo s 19 (2025) 100694
8
I. S ylianou e al.
o accu acy as signal p obabili y (SP) app oaches ze o (Sawye &
Hancock, 2018).
The p e alence pa adox is ha ha ing a well-con igu ed email
il e ing sys em educes he signal p obabili y o a malicious email
being sen o an employee, and he e o e, he employee has an e e -
inc easing chance o de ec he emaining malicious emails he be e
he il e ing sys em is Sawye and Hancock (2018).
3.5. P inciples o pe suasion
The p inciples o pe suasion a e p ope ies o he o ende ha can
in luence he a ge ’s beha io , inc easing he odds o compliance o
he o ende ’s a o (Bullée e al., 2018). The p inciples cons i u e he
ollowing (Cialdini, 2007): (𝑖) ecip oci y, (𝑖𝑖) sca ci y, (𝑖𝑖𝑖) au ho i y,
(𝑖𝑣) commi men & consis ency, (𝑣) liking, and (𝑣𝑖) con o mi y (social
p oo /uni y).
3.5.1. Recip oci y
The echnique o ecip oci y in ol es he o ende gi ing some hing
in e u n. This pu s he o ende in an ad an ageous posi ion as he
a ge eels indeb ed o he eques e o hei ges u e, e en hough he
ac ual gi migh be insigni ican . This allows he o ende o implemen
quid p o quo a acks. The La in exp ession ‘‘quid p o quo’’ ansla es
di ec ly o ‘‘some hing o some hing’’ and implies an exchange o
se ices o goods. The ic im is made o belie e ha he exchange is
ai , bu he bene i o he a acke is signi ican ly g ea e (S ylianou,
2021). Two main echniques u ilize his echnique, he Doo -in- he- ace
echnique and he Tha ’s-no -all echnique.
Doo -in- he-Face echnique (Di F). A ypical echnique unde his
ca ego y is he Di F echnique. When pe o ming his echnique, he
pe suade ini ially makes an un ealis ic eques ha he esponden
u ns down and hen makes a mo e easonable eques he esponden
will eel compelled o accep , as hey eel hey owe he pe suade .
Cialdini pe o med h ee expe imen s (Cialdini e al., 1975) o es he
e ec i eness o his echnique.
In he s udy’s i s expe imen , 72 pa icipan s o bo h sexes s olling
alone h ough uni e si y walkways in he day ime we e selec ed. Ei he
o he ollowing eques s we e made by he expe imen e :
•La ge eques : I hey would like o be conside ed o wo king as
olun a y, nonpaid counselo s a he Coun y Ju enile De en ion
Cen e (2 h/week o a leas 2 yea s).
•Small eques : I hey would like o be conside ed o wo king as
olun a y, nonpaid chape ones o a g oup o child en om he
Coun y Ju enile De en ion Cen e on a ip o he zoo (2 h o one
a e noon o e ening).
Th ee di e en condi ions we e s udied:
•Smalle Reques Only Con ol Condi ion: Pa icipan s we e
only asked o pe o m he small eques .
•Exposu e Con ol Condi ion: Pa icipan s hea d bo h eques s
and we e hen eques ed o pe o m ei he .
•Rejec ion-mode a ion Expe imen al Condi ion: Pa icipan s
hea d he ex eme eques i s , and a e e using, he expe i-
men e elabo a ed on he smalle eques a e saying ‘‘Well, we
also ha e ano he p og am you migh be in e es ed in hen’’.
Conside ing no pa icipan ag eed o he la ge a o , he expe i-
men ’s esul s ega ding he small a o can be summa ized in Table 8
and Fig. 10.
A second expe imen was conduc ed o es whe he he pa icipan s
showed g ea e compliance due o pe cei ing asking a smalle a o as
a concession by he eques e . I his we e he case, he pa icipan s
would no be mo e complian i a di e en pe son made he smalle
second eques . Fo his expe imen , 58 males we e selec ed using
he same p ocedu e as in he i s expe imen . Ei he o he ollowing
eques s we e made by he expe imen e :
Table 8
Resul s o he Doo -in- he- ace expe imen 1.
Smalle eques only Exposu e Rejec ion-mode a ion (Di F)
Compliance % 16.7% (4/24) 25% (6/24) 50% (12/24)
Fig. 10. Compliance using doo -in- he- ace echnique (Expe imen 1).
Fig. 11. Compliance using doo -in- he- ace echnique (Expe imen 2).
Table 9
Resul s o he Doo -in- he- ace expe imen 2.
Smalle eques only Two eques e Rejec ion-mode a ion (Di F)
Compliance % 31.5% (6/19) 10.5% (2/19) 55.5% (11/20)
•La ge eques : I hey would like o be conside ed o wo king as
olun a y, nonpaid counselo s a he Coun y Ju enile De en ion
Cen e (2 h/week o a leas 2 yea s).
•Small eques : I hey would like o be conside ed o wo king
as olun a y, nonpaid chape ones o a g oup o ‘‘low-income
child en’’ on a ip o he zoo (2 h o one a e noon o e ening).
The ollowing condi ions we e s udied:
•Smalle Reques Only Con ol Condi ion: Pa icipan s hea d
he small eques only.
•Two- eques e Con ol Condi ion: Pa icipan s hea d he ex-
eme eques i s , and a e e using, he expe imen e le ,
while a di e en expe imen e made he small eques , as i he
o e hea d he discussion.
•Rejec ion-mode a ion Expe imen al Condi ion: Pa icipan s
hea d he ex eme eques i s , and a e e using, he expe i-
men e elabo a ed on he smalle eques .
The expe imen esul s summa ized in Table 9 and Fig. 11 show
ha he concep o concession is impo an . When he same expe i-
men e conceded, he pa icipan s we e mo e inclined o ecip oca e
he concession.
A hi d expe imen was pe o med o es whe he he pa icipan s
showed g ea e compliance a e being p essu ed wi h a second eques .
Fo his expe imen , 72 pa icipan s o bo h sexes we e included, and
he ollowing condi ions we e s udied:
•Smalle Reques only Con ol Condi ion: Iden ical o he same
condi ion o Expe imen 1.
Compu e s in Human Beha io Repo s 19 (2025) 100694
9
I. S ylianou e al.
Fig. 23. Classical condi ioning.
Table 21
Resul s o he Chameleon e ec expe imen .
Liking Smoo hness
Mimicking M = 6.62 M = 6.76
No mimicking M = 5.91 M = 6.02
Fig. 24. The e ec i eness o he chameleon e ec on liking and smoo hness.
The Chameleon E ec . Besides Cialdini’s echniques o gaining like-
abili y, he chameleon e ec is also wo h conside ing. The chameleon
e ec occu s when an indi idual nonconsciously mimics pos u es, man-
ne isms, acial exp ession o hei in e ac ion pa ne s. I has been
shown ha said mimic y makes in e ac ions smoo he as well as in-
c eases he liking be ween he people in e ac ing (Cha and & Ba gh,
1999). Du ing a 15 min session, he pa icipan s and he expe imen e ’s
con ede a es ook u ns desc ibing wha hey saw in pho og aphs.
Con ede a es ei he mi o ed he manne isms o he pa icipan (ex-
pe imen al condi ion) o pe o med neu al manne isms (con ol condi-
ion). The pa icipan s we e hen asked o epo how much hey liked
he con ede a e and how smoo hly he in e ac ion wen on a scale om
1 (ex emely awkwa d) o 9 (ex emely smoo h/likable). The esul s o
he expe imen can be summa ized in Table 21, as well as in Fig. 24.
I is in e es ing o no e ha only 1 ou o 37 pa icipan s no iced he
con ede a e’s simila manne isms, bu did no ealize i was a esul o
mimicking, saying ‘‘i seemed no mal’’. I has been no ed ha in e -
pe sonal closeness also leads o mimicking. This means ha mimick-
ing inc eases in e pe sonal closeness, which hen inc eases mimicking,
causing a cycle (Lakin, Je e is, Cheng, & Cha and, 2003). This u he
ampli ies he po en ial o his echnique in social enginee ing.
3.5.6. Con o mi y
The e a e a o al o 4 ypes o Con o mi y de ined o e he yea s,
which include (McLeod, 2023b):
•Th ee (3) ypes o con o mi y dis inguished (Kelman, 1958):
– Compliance: An indi idual accep s in luence in o de o
ge a a o able eac ion om a pe son o g oup, and a oid
disapp o al. I is possible o he indi idual o decline.
– In e naliza ion: An indi idual accep s in luence o he
in insic ewa ds (inhe en sa is ac ion and no ex e nal
ewa d). I includes he eeling o accomplishmen om
bea ing challenges, sa is ying one’s cu iosi y, ha ing a sense
o con ol and unde s anding he con ex and u ili y o
knowledge in eal-li e si ua ions (Nicke son, 2021).
– Iden i ica ion: An indi idual accep s in luence in o de o
es ablish o main ain a sel -de ining ela ionship o ano he
pe son o g oup, such as he gua ds in he S an o d P ison
Expe imen which immedia ely con o med o hei ole in
he expe imen .
•An addi ional ype iden i ied by (Mann, 1969):
– Ing a ional: An indi idual accep s in luence solely o gain
accep ance, and pee p essu e does no in luence hei deci-
sion o con o m.
•The e ha e been wo (2) explana ions in ega ds o why people
con o m (McLeod, 2023b):
– No ma i e Con o mi y: An indi idual wan s o i in wi h
a g oup, and has he ea o being ejec ed. Usually, he
indi idual does no p i a ely accep he iews o he g oup,
e en hough hey publicly accep hem.
– In o ma ional Con o mi y: An indi idual is unsu e ega d-
ing he decision a hand and looks o he g oup o guidance.
The indi idual accep s and in e nalizes he iews o he
g oup.
4. Implemen a ion o psychological echniques in eal-li e phish-
ing a acks
To achie e his, we i s pe o med exhaus i e esea ch ac oss es-
ablished sea ch engines (e.g. Google, Bing, DuckDuckGo) using a -
ge ed keywo ds such as ‘‘no able phishing a acks’’, ‘‘phishing email
a acks’’, and ‘‘phishing inciden s’’. Fo each iden i ied a ack, we hen
de e mined which psychological echniques om ou axonomy we e
employed. A e conduc ing a ho ough e iew o documen ed cybe -
a acks om epu able sou ces (including go e nmen epo s, legal
documen s, cybe secu i y h ea in elligence pla o ms, and majo news
ou le s), he s udied inciden s we e selec ed based on he ollowing
c i e ia:
•The inciden s a e well-documen ed in public epo s, legal ind-
ings, and cybe secu i y analyses.
•The inciden s ep esen massi e inancial losses and da a leaks.
•The a ge s cons i u e la ge o ganiza ions spanning a ious indus-
ies (e.g., echnology, manu ac u ing, pha maceu icals, go e n-
men ).
•The inciden s demons a e he use o sophis ica ed psychologi-
cal manipula ion echniques and a e ep esen a i e o he cases
s udied.
No able inciden s such as he DocuSign phishing campaign (2017),7
B i ish Ai ways b each (2018),8 Twi e Bi coin scam (2020),9 Axie
7DocuSign (2017) and K ebs (2017).
8BBC News (2018, 2019), Sou ce De ense (2022) and BBC News (2020a).
9Mi nick Secu i y (2020), New Yo k Depa men o Financial Se ices
(2020), Tessian (2023) and BBC News (2020b).
Compu e s in Human Beha io Repo s 19 (2025) 100694
16
I. S ylianou e al.
In ini y b each (2022),10 and Ci cleCI phishing a ack (2023)11 we e
excluded because hey ei he did no align wi h one o mo e o hese
c i e ia o did no o e addi ional alue o he analysis. As he s udy
aims o in es iga e he e ec i eness o he echniques, inciden s a e
epo ed in ascending o de o inancial damage caused by he a ack.
In 2016, Snapcha aced a phishing email a ack ha exploi ed he
Au ho i y psychological me hod (desc ibed in Sec ion 3). The a ge was
an HR employee, and he a acke p e ended o be he CEO (Au ho i y),
asking abou employee pay oll in o ma ion. This esul ed in a leak o
sensi i e employee da a (Daly, 2021) ha all unde Pe sonally Iden-
i iable In o ma ion (PII) acco ding o he Depa men o Labo (U.S.
Depa men o Labo , n. d.).
Speaking o he Depa men o Labo (DoL), in Janua y 2022, i
aced a phishing a ack using he echniques Au ho i y, Recip oci y and
Sca ci y. The a acke s imi a ed he DoL (Au ho i y) o send emails
asking ecipien s o submi hei bids on a go e nmen p ojec (Reci-
p oci y) in an u gen manne (Sca ci y). The ecipien s we e edi ec ed
o a Mic oso O ice 365 email login page a e clicking he bid bu on,
which s ole hei c eden ials (Tessian, 2023; Toulas, 2022b).
In 2019, an unnamed UK-based ene gy i m ecei ed a ishing a -
ack (simila o phishing bu ia phone) using he Au ho i y echnique.
The CEO ecei ed a phone call om an indi idual ha sounded exac ly
like his boss (Au ho i y), who was he chie execu i e o hei pa en
company. The audio was cons uc ed using deep ake echnology, using
AI o cons uc speech samples segmen s on exis ing speech samples.
The CEO was ins uc ed o ans e 243 housand dolla s o a audulen
accoun ha was allegedly a Hunga ian supplie . This case showcases
how ad anced echnology can be used in cybe c ime.
In 2016, an ae ospace pa s manu ac u e ‘‘FACC’’ aced a phishing
a ack using he Au ho i y echnique and su e ed a loss o 42 million
dolla s when he a acke s s udied he CEO’s w i ing habi s and im-
pe sona ed his w i ing s yle (Au ho i y) o eques und ans e s om
employees in he inance depa men (Lichumon, 2023; Pu ohi , 2022;
T endMic o, 2016).
In 2015, a US-based ech company ‘‘Ubiqui i Ne wo ks’’ was de-
auded 46.7 million dolla s h ough spea -phishing using he Au ho i y
echnique. The pe pe a o s impe sona ed company execu i es (Au ho -
i y), in o de o ick employees in o ans e ing unds o accoun s hey
con olled (Daly, 2021; Lichumon, 2023; Pu ohi , 2022).
In 2014, a US d ug company ‘‘Upshe -Smi h Labo a o ies’’ aced a
phishing a ack employing he Au ho i y echnique and los o e 50
million dolla s. The a ack boiled down o a CEO impe sona ion scam
(Au ho i y) ha con inced he accoun s payable depa men o pe o m
a se ies o audulen wi e ans e s (Pu ohi , 2022).
Pe haps he mos p ominen and high-p o ile case o co po a e
aud is he 100 million dolla Google and Facebook Spea Phishing
Scam, ha employed Au ho i y, Recip oci y, Commi men & Consis ency
and mo e speci ically he Foo -in- he-doo (Fi D) app oach. This scheme
s a ed in 2013 and wen on o 2 yea s. The pe pe a o se up a ake
compu e wi h a name ha esembled a company ha was a known
ha dwa e supplie o Google and Facebook (Au ho i y). Using o ged
email add esses ha appea ed o be om he new ound company, he
a acke s sen emails o eques paymen s o non-exis en supplies and
se ices (Recip oci y). This p ocess was ca ied ou epea edly o he
du a ion o he a ack (Commi men & Consis ency, Fi D) (Daly, 2021;
Depa men o Jus ice, 2019; Lichumon, 2023; Pu ohi , 2022; Tessian,
2023). Table 22 highligh s he echniques employed in each o he mos
no able phishing a acks ha ha e occu ed while Fig. 25 p o ides a
imeline o s udied a acks.
I is clea ha in mos cases, social enginee ing a acks employ
some o m o Au ho i y o maximize hei success a e, especially as he
ini ial echnique. This aligns wi h he indings o Bullée e al. (2018),
10 Sigalos (2022), Tidy (2022), Toulas (2022a) and Vo i o (2022).
11 A.O. Labs (2023) and Pe cep ion Poin (2023).
whe e he au ho s analyzed ou social enginee ing books w i en by
social enginee s and ound ha he Au ho i y echnique was used in
76 (53.5%) o all 142 documen ed a ack s eps. Au ho i y was always
one o he wo echniques employed when mul iple echniques we e
used simul aneously (27 occu ences). Mo eo e , om hei analysis,
we can deduce ha Au ho i y was used as he i s s ep (alone o in
combina ion wi h o he echniques) in 56 (75.7%) o he 74 scena ios
and as he las s ep in 29 (82.9%) o he 35 mul i-s ep scena ios.
A leas one psychological echnique was in ol ed in each no able
example, and some a acks combined mul iple echniques o added e -
ec . Rema kably, he mos inancially damaging case, in ol ing Google
and Facebook, u ilized h ee o he mos po en pe suasion p inciples
iden i ied by Cialdini (2007).
5. E ec i eness me ics, compa ison and alida ion
This sec ion del es in o an in-dep h analysis o he e ec i eness o
a ious psychological echniques commonly employed in online social
enginee ing a acks. A comp ehensi e app oach is p oposed o e alua e
he po ency o hese echniques, combining no el me ics in oduced
in his a icle. This compa a i e analysis sheds ligh on he s eng hs
and weaknesses o each echnique, p o iding aluable guidance o
esea che s and p ac i ione s in bo h cybe secu i y and psychology.
The p oposed me ics ep esen a signi ican ad ancemen in e al-
ua ing psychological echniques in social enginee ing. They enable a
sys ema ic and quan i a i e assessmen o indi idual me hods and o e
a no el amewo k o compa ing echniques ac oss di e se scena ios—
a con ibu ion la gely absen in p io li e a u e. These me ics a e
highly applicable, balancing eal-wo ld insigh s wi h p opo ional e -
ec i eness and p o iding a holis ic pe spec i e ha mi iga es he lim-
i a ions o indi idual measu es. Thei in oduc ion lays a ounda ion
o u u e s udies o adop mo e igo ous and s anda dized app oaches
in assessing compliance and con o mi y echniques, he eby enhancing
ep oducibili y and s anda diza ion in his ield.
5.1. De ining e ec i eness me ics
Based on he analysis o he psychological echniques, his a icle in-
oduces wo p ima y me ics o gauge hei e ec i eness in enhancing
he success a e o social enginee ing a acks: he ACR and he RCR.
Gi en ha he p ima y me ics ha e hei s eng hs and weaknesses,
he CCR is p oposed, aking in o accoun bo h p ima y a es o combine
hei s eng hs and mi iga e hei biases. Below is a de ailed desc ip ion
o each me ic along wi h i s inhe en ad an ages and d awbacks.
When e e ing o Compliance Ra es (CRs), no e ha :
•Pos - echnique CR is he compliance a e using he espec i e
psychological echnique (expe imen al condi ion).
•P e- echnique CR indica es he ini ial compliance a e wi hou
he in oduc ion o he echnique (con ol condi ion).
Absolu e Compliance Inc ease Ra e (ACR). This me ic di ec ly mea-
su es he change in compliance be ween he p e-applica ion and pos -
applica ion o a echnique, wi hou accoun ing o ela i e s a ing
poin s.
The o mula o his me ic is de ined as:
ACR (%) =Pos - echnique CR −P e- echnique CR (1)
P os:
•In ui i e Unde s anding: This me ic o e s a di ec and easily
comp ehensible compa ison. Fo example, an inc ease om 40%
o 50% is a 10% absolu e inc ease.
•Volume Insigh : P o ides a clea pic u e o he aw numbe o
indi iduals who became complian due o he echnique.
Compu e s in Human Beha io Repo s 19 (2025) 100694
17
I. S ylianou e al.
Fig. 25. A imeline o he s udied eal-wo ld phishing a acks.
Table 22
Psychological echniques employed in eal-li e phishing a acks.
Phishing a ack Yea Psychological echnique used Financial impac
Snapcha Employee Da a Leak 2016 Au ho i y N/A
DoL Email Impe sona ion 2022 Au ho i y → Sca ci y → Recip oci y N/A
Deep ake CEO F aud 2019 Au ho i y $ 243k
FACC CEO Impe sona ion 2016 Au ho i y $ 42M
Ubiqui i Ne wo ks Spea -Phishing 2015 Au ho i y $ 46.7M
Upshe -Smi h Labo a o ies CEO Scam 2014 Au ho i y $ 50M
Google and Facebook Spea Phishing Scam 2013–2015 Au ho i y → Commi men & Consis ency: Fi D → Recip oci y $ 100M
Cons:
•Baseline Igno ance: The me ic does no ac o in ini ial compli-
ance a es. Fo example, a compliance inc ease om 5% o 15% is
a g ea e ela i e shi (200% ela i e inc ease) han going om
40% o 80% (100% ela i e inc ease), e en hough he absolu e
inc ease is quad uple.
•Po en ial Misleading Compa isons: In ins ances whe e s a ing
compliance a ies signi ican ly be ween s udies, his me ic migh
p esen skewed compa isons.
Rela i e Compliance Inc ease Ra e (RCR). This me ic measu es he
p opo iona e inc ease in compliance, hus p o iding insigh s in o he
echnique’s e ec i eness ela i e o i s s a ing compliance a e (CR).
The o mula o his me ic is de ined as:
RCR (%) =(Pos - echnique CR −P e- echnique CR
P e- echnique CR )× 100 (2)
P os:
•Baseline Conside a ion: By compa ing g ow h a es, his me -
ic acknowledges and emphasizes he impac o echniques ha
migh iple compliance, o ins ance, om 5% o 15%.
•No malized Compa isons: Especially bene icial in ou s udy
whe e ini ial compliance a es di e ac oss echniques, his me ic
o e s a ha monized compa ison pla o m.
Cons:
•Ex eme Ends Decep ion: A he spec um’s ends, he me ic can
o e emphasize g ow h; o ins ance, a jump om 1% o 2% is a
100% inc ease bu emains ma ginal in absolu e e ms.
•Volume Ambigui y: The me ic does no inhe en ly illus a e he
o al numbe o indi iduals impac ed.
When assessing echniques ha ha e been es ed in mul iple ex-
pe imen s, i is impe a i e o compu e a e age alues o gain a clea
pe spec i e on hei e icacy.
•Fo he Absolu e Compliance Ra e (ACR)
Gi en ACR𝑖 as he Absolu e Compliance Ra e o he 𝑖𝑡ℎ expe i-
men and conside ing 𝑁 expe imen s, he a e age ACR can be
ep esen ed as:
A e age ACR =1
𝑁
𝑁
∑
𝑖=1
ACR𝑖(3)
•Fo he Rela i e Compliance Ra e (RCR):
Gi en RCR𝑖 as he Rela i e Compliance Ra e o he 𝑖𝑡ℎ expe imen
and conside ing 𝑁 expe imen s, he a e age RCR is exp essed as:
A e age RCR =1
𝑁
𝑁
∑
𝑖=1
RCR𝑖(4)
Such a e aging ensu es a mo e comp ehensi e and balanced iew o
each echnique’s e ec i eness, conside ing all conduc ed expe imen s.
To achie e a comp ehensi e unde s anding o he echniques’ e ec-
i eness, ou analysis in eg a es insigh s om bo h me ics. While he
ela i e a e g an s us cla i y on he echnique’s po ency, he absolu e
a e elucida es i s b oade , eal-wo ld implica ions. This dual me ic
app oach ensu es a balanced e alua ion, add essing bo h he dep h o
he echnique’s impac and i s b ead h in a wide con ex .
Comp ehensi e Compliance Inc ease Ra e (CCR). Fo a holis ic pe -
spec i e on he e icacy o psychological echniques in d i ing com-
pliance, he Comp ehensi e Compliance Inc ease Ra e (CCR) is in o-
duced. This a e amalgama es he insigh s om bo h he Absolu e and
Rela i e Compliance Inc ease Ra es, a ibu ing equal weigh s o each.
Fo mally, he CCR can be ep esen ed as:
CCR =1
2(A e age RCR +A e age ACR) (5)
The CCR is concei ed o ha ness he s eng hs o bo h he absolu e
and ela i e me ics, enabling a balanced app oach and encompassing
e alua ion o each echnique’s impac on compliance.
No malized Comp ehensi e Compliance Inc ease Ra e (nCCR). To
u he enhance he u ili y and in e p e abili y o he CCR, a no malized
e sion is in oduced, deno ed as nCCR. This no malized me ic e ains
he ela i e e ec i eness be ween di e en echniques while cons ain-
ing he alues wi hin a bounded ange o [−1, 1]. I is hus no only
aiding in p ese ing he essen ial cha ac e is ics o he da a bu also
Compu e s in Human Beha io Repo s 19 (2025) 100694
18
I. S ylianou e al.
Table 23
P inciples & Techniques e ec i eness compa ison.
Technique name CRini ial CR inal ACR RCR ≈RRaCCR nCCR No es
Majo i y Size 8.60% 34.25% 25.65% 298.26% 3.98 1.619529 1 Majo i y size 1,2 a e age s. 3,4,6,7,9,15 a e age
AUTHORITY 20.00% 66.72% 46.72% 233.60% 3.34 1.4016 0.865 Ini ial compliance calcula ed om he a e age o
a ia ions 11,13. Final compliance calcula ed om
he a e age o a ia ions 1,2,5,6,8,13a,16,18.
COM: Foo -in- he-Doo (Fi D) 19.45% 64.40% 44.95% 231.11% 3.31 1.380277 0.852
COMMITMENT & CONSISTENCY 22.23% 61.20% 38.98% 175.37% 2.75 1.071703 0.662
COM: Low-Ball 25.00% 58.00% 33.00% 132.00% 2.32 0.825 0.509
REC: Tha ’s-no -All echnique (TNA) 37.08% 72.03% 34.95% 94.27% 1.94 0.646092 0.399 In case o Nego ia ion and No-nego ia ion TNA
condi ions he Nego ia ion Condi ion was selec ed.
RECIPROCITY 32.12% 62.61% 30.49% 94.93% 1.95 0.627098 0.387
REC: Doo -in- he-Face echnique (Di F) 27.17% 53.20% 26.03% 95.83% 1.96 0.609308 0.376 Smalle - eques -only and Rejec ion-mode a ion
condi ions we e selec ed o ini ial and inal
compliance.
Cong ui y (High S a us) 32.00% 55.00% 23.00% 71.88% 1.72 0.474375 0.293
Real In o ma ion (La ge Fa o s) 24.00% 42.00% 18.00% 75.00% 1.75 0.465 0.287
Real In o ma ion (Small Fa o s) 60.00% 94.00% 34.00% 56.67% 1.57 0.453333 0.280
COM: Reques Simila i y 47.60% 76.00% 28.40% 59.66% 1.60 0.440319 0.272
Placebic In o ma ion (Small Fa o s) 60.00% 93.00% 33.00% 55.00% 1.55 0.44 0.272
Real In o ma ion 42.00% 68.00% 26.00% 61.90% 1.62 0.439524 0.271
Unanimi y 63.00% 89.00% 26.00% 41.27% 1.41 0.336349 0.208 One pa icipan s. 2 allied pa icipan s
LIK: Chameleon E ec 59.65% 66.90% 7.25% 12.15% 1.12 0.097021 0.060
Placebic In o ma ion (La ge Fa o s) 24.00% 24.00% 0.00% 0.00% 1.00 0 0
Cong ui y (Random S a us) 37.00% 20.00% −17.00% −45.95% 0.54 −0.31473 −0.194
a Risk Ra ios (RRs) can be eco e ed om RCR as:
𝑅𝑅 =Pos -Technique CR
P e-Technique CR =Pos -Technique CR
P e-Technique CR −1+1= Pos -Technique CR−P e-Technique CR
P e-Technique CR + 1 = RCR%
100 + 1 (7)
acili a es a mo e di ec compa ison o di e en compliance echniques.
The no maliza ion is achie ed h ough he ollowing ma hema ical
ep esen a ion:
nCCR =CCR
max (||CCRmax||,||CCRmin||)(6)
whe e:
•CCRmax is he maximum obse ed CCR alue in he da ase .
•CCRmin is he minimum obse ed CCR alue in he da ase .
Employing nCCR allows o a nuanced e alua ion ha is g ounded
in he obus analy ical ounda ion p o ided by he CCR while en-
hancing he comp ehensibili y and ease o analysis. I se es o ensu e
ha he g aphical ep esen a ion o he e ec i eness o di e en ech-
niques main ains he o iginal dis ibu ion shape, hus p o iding a
ealis ic and undis o ed pe spec i e on he compa a i e s eng hs o
a ious s a egies in enhancing compliance. I is c ucial o no e ha his
no maliza ion is con ex -speci ic; i addi ional echniques we e o be
in oduced in o he da ase , he nCCR mus be ecalcula ed o accoun
o po en ial changes in CCRmax and CCRmin.
5.2. E ec i eness compa ison and alida ion
A comp ehensi e summa y o he psychological echniques, along
wi h hei e ec i eness me ics, is p esen ed in Table 23. In addi ion o
ou cus om nCCR me ic, we ha e compu ed an app oxima e Risk Ra io
(RR) o each echnique. These RRs p o ide an in ui i e mul iplie o
compliance likelihood (e.g., RR = 3 means ‘‘ h ee imes mo e likely o
comply’’). Because Table 23 en ies a e agg ega ed pe cen ages om
s udies wi h a ying sample sizes—and in some cases only pe cen ages
we e a ailable— hese RRs should be ega ded as desc ip i e app oxi-
ma ions a he han p ecise in e en ial es ima es. No ably, he o de ing
o he echniques by nCCR is nea ly iden ical o ha ob ained using
RR. To quan i y his ag eemen , we compu ed Spea man’s ank-o de
co ela ions be ween nCCR and RR, 𝜌=.975, 𝑝 < .001, and be ween
absolu e compliance gains (ACR) and RR, 𝜌=.624, 𝑝 =.006. This s ong
conco dance p o ides addi ional alida ion ha ou composi e nCCR
me ic cap u es he same unde lying e ec -size signal as con en ional
isk- a io es ima es.
Fig. 26 illus a es he echniques’ e ec i eness based on he nCCR
da a om Table 23, enabling a compa a i e analysis o Cialdini’s p inci-
ples. In Bullée e al. (2018), a simila compa ison was conduc ed using
74 scena ios ex ac ed om ou social enginee ing books au ho ed
by social enginee s. Fo alida ion, he esul s o his a icle we e
compa ed wi h hose o Bullée e al. (2018), and he alignmen be ween
hese indings is shown in Table 24, which highligh s he consis ency
in anking and a ings obse ed ac oss bo h wo ks.
I is in e es ing ha he anking o he p inciples in e ms o e ec-
i eness om Bullée e al. (2018) based on social enginee ing books
ma ches he anking o echniques calcula ed by ou esea ch based on
psychological expe imen s. This alida es he esul s o he li e a u e,
pinpoin s he po ency o each p inciple o pe suasion and con i ms he
hypo hesis ha hese p inciples and echniques a e he co e o social
enginee ing a acks.
6. Discussion, limi a ions and u u e esea ch di ec ions
This sec ion discusses he key indings, limi a ions o he s udy,
and u u e esea ch di ec ions o enhance ou unde s anding o social
enginee ing ac ics and bols e de ense s a egies.
6.1. Discussion
In he discussion o he indings, i becomes e iden ha ce ain
psychological p inciples consis en ly eme ge as po en ools in he
Compu e s in Human Beha io Repo s 19 (2025) 100694
19
I. S ylianou e al.
Fig. 26. P inciples & echniques e ec i eness compa ison based on nCCR.
social enginee ’s a senal. Au ho i y s ands ou as a highly e ec i e p in-
ciple, which is suppo ed by p e ious esea ch and u he alida ed
in his s udy. These indings align wi h he obse a ions om Bullée
e al. (2018), which emphasize he p ominence o au ho i y in social
enginee ing ac ics, especially as he i s o las echnique when used in
conjunc ion wi h o he echniques in mul iple con ac s. The ull po en-
ial o he Chameleon E ec is in e ec when applied o a ime ame
o ake ad an age o he cycle o mimicking ha inc eases in e pe sonal
closeness, which hen inc eases mimicking, causing a cycle (Lakin e al.,
2003). The e ec i eness o his echnique would scale well wi h he
amoun o con ac and he du a ion o he a ack.
Addi ionally, he majo i y size echnique p o es o be ema kably
e ec i e, especially in scena ios whe e he ini ial compliance a e is
low. This echnique’s e ec i eness can be a ibu ed, in pa , o he
phenomenon o ex eme ends decep ion. I excels in aising compliance
a es om a low baseline o a ound 30%, unde sco ing i s po en ial as
a po en ool o social enginee s. In e es ingly, e en when pa icipan s
made almos no o he mis akes (wi h a me e 0.54% e o a e), hey
succumbed o he p essu e o he majo i y. This sugges s ha he majo -
i y size echnique can be pa icula ly e ec i e in si ua ions whe e he
ic im’s ini ial compliance is minimal, making i a aluable choice o
social enginee s aiming o exploi low base compliance le els. Howe e ,
i may no be as e ec i e when a emp ing o u he aise compliance
in si ua ions whe e indi iduals a e al eady easonably complian .
P oposing and u ilizing no el me ics allows o a comp ehensi e
e alua ion o hese echniques’ e ec i eness in di e se scena ios. The
indings emphasize he signi icance o unde s anding he baseline com-
pliance le el when selec ing he mos sui able echnique o a speci ic
si ua ion. Techniques wi h high Absolu e Compliance Ra e (ACR) a e
ad an ageous when wo king wi h a easonable baseline, capi alizing
on al eady-exis ing compliance endencies. Con e sely, echniques wi h
Table 24
Compa ison be ween he p inciple e ec i eness a ing be ween his a icle and Bullée
e al. (2018).
P inciple nCCR Compliance a ing by Bullée e al. (2018)
Au ho i y 0.86 62.5%
Commi men & Consis ency 0.66 45.2%
Recip oci y 0.39 41.1%
high Rela i e Compliance Ra e (RCR) shine in si ua ions wi h low
ini ial compliance, whe e hey can induce subs an ial ela i e inc eases.
When we ansla e he compliance gains in o con en ional isk a ios,
he op echniques s and ou pa icula ly powe ul. Fo ins ance, he
Majo i y-Size and Au ho i y cues bo h yield RRs app oaching 4.0;
meaning pa icipan s a e nea ly ou imes mo e likely o comply a e
hose in e en ions. In beha io al science, RRs o 2.0 a e ypically
seen as medium e ec s, while RRs o 4.0 o highe quali y as e y
la ge e ec s (Cohen, 2016; Fe guson, 2016). This unde sco es ha
he social-enginee ing p inciples ha seem mos e ec i e by nCCRs
also ep esen obus , eal-wo ld-sized impac s. These insigh s no only
enhance he comp ehension o social enginee ing ac ics bu also o e
aluable guidance o secu i y p ac i ione s in selec ing and deploying
coun e measu es ailo ed o he speci ic compliance landscape hey aim
o add ess.
To educe indi idual suscep ibili y, o ganiza ions should implemen
con inuous and engaging secu i y—awa eness p og ams, combining
simula ed phishing exe cises, gami ied aining modules, and pe iodic
e eshe aining sessions— o build employees’ skills a iden i ying
and esis ing common social-enginee ing ploys (Aldawood & Skin-
ne , 2019; Alshaikh, 2020). A he collec i e le el, os e ing a s ong
in o ma ion-secu i y cul u e is c i ical: isible leade ship suppo o cy-
be secu i y, clea e i ica ion policies (e.g. seconda y con i ma ion o
unusual eques s), and a non-puni i e epo ing en i onmen encou -
age employees o ques ion suspicious in e ac ions a he han comply
e lexi ely (Flo es & Eks ed , 2016; Nwankpa & Da a, 2023). These
indi idual-le el and o ganiza ion-le el measu es o m a mul ilaye ed
de ense ha di ec ly a ge s he cogni i e biases exploi ed by a acke s
in digi al con ex s.
6.2. Limi a ions
Unde s anding he limi a ions o his esea ch is c ucial o con-
ex ualize i s indings and iden i y a eas o imp o emen . While he
s udy p o ides aluable insigh s in o psychological echniques in social
enginee ing, se e al cons ain s wa an conside a ion.
Con olled Expe imen al Se ings. The expe imen s conside ed in his
a icle ace inhe en cons ain s. Many expe imen s in ol e con olled
se ings wi h ela i ely small sample sizes, which may no ully cap u e
he complexi ies o eal-wo ld social enginee ing scena ios. Addi ion-
ally, he cul u al and con ex ual ac o s ha can in luence he e ec-
i eness o hese echniques may no be ully add essed in he selec ed
expe imen s. Fu u e esea ch should aim o conduc mo e ex ensi e and
di e se s udies o alida e and gene alize he indings.
Real-Wo ld Con ex and Dynamics. A u he limi a ion lies in eliance
on con olled expe imen s, which may no ully encompass he b ead h
o social enginee ing ac ics employed in p ac ice. Real-wo ld social
enginee ing a acks o en in ol e a combina ion o echniques, used in
di e en o de o in a single s ep, and a acke s equen ly adap hei
s a egies based on e ol ing ends and echnologies. Consequen ly,
he e ec i eness o psychological echniques in isola ion may no ully
ep esen hei eal-wo ld impac . Fu u e esea ch could explo e mo e
holis ic and dynamic app oaches, such as analyzing he in e play be-
ween mul iple echniques and conside ing he in luence o e ol ing
echnologies on social enginee ing. Beyond expe imen al se ings and
Compu e s in Human Beha io Repo s 19 (2025) 100694
20
I. S ylianou e al.
eal-wo ld dynamics, he ools o measu ing e ec i eness hemsel es
p esen limi a ions.
Quan i a i e s. Quali a i e Measu es. The quan i a i e me ics in-
oduced in his s udy, while aluable o sys ema ically compa ing
echniques, inhe en ly cap u e only a limi ed iew o social enginee -
ing’s complexi y. They desc ibe he ela ionship be ween a one- ime
applica ion o a echnique and compliance a es, po en ially o e -
looking non-linea e ec s. These migh include diminishing e u ns
wi h epea ed use o exponen ial impac s unde ce ain condi ions.
Mo eo e , ocusing solely on compliance a es does no inco po a e
pa icipan s’ easoning o long- e m beha io . These quali a i e aspec s
could p o ide a iche unde s anding o he echniques’ e ec i eness.
Addi ionally, di e ences in o line and online se ings pose u he
challenges.
Online s. O line Con ex s. Because many psychological expe imen s
a e conduc ed o line, he de i ed e ec i eness me ics may no ac-
cu a ely e lec he ue impac o psychological echniques in online
en i onmen s. In digi al con ex s, whe e physical cues such as body
language, acial exp essions, one o oice, and si ua ional con ex a e
absen , echniques may play ou di e en ly. These cues a e o en pi -
o al in es ablishing us , con eying au ho i y, and ein o cing message
au hen ici y. Mo eo e , he asynch onous na u e o online in e ac ions,
such as email o social media, may educe immediacy and emo ional
in luence. These ac o s complica e applying and e alua ing echniques
in digi al se ings, unde sco ing he need o amewo ks ha add ess
hese online-speci ic challenges.
Demog aphic and Cul u al Gaps. While his s udy in oduces a ame-
wo k o e alua ing he e ec i eness o psychological echniques, i
does no ully explo e how demog aphic o cul u al ac o s may medi-
a e hei impac . Di e ences in compliance ac oss a ious age g oups,
gende s, o cul u al backg ounds emain unexplo ed. Add essing hese
demog aphic conside a ions in u u e esea ch would enhance he ap-
plicabili y o hese indings and allow o mo e ailo ed de enses agains
social enginee ing ac oss di e se popula ions.
6.3. Fu u e esea ch di ec ions
In addi ion o he indings p esen ed in his a icle, he e a e se -
e al di ec ions o u u e esea ch and p ac ical ini ia i es o enhance
cybe secu i y in he ace o social enginee ing h ea s.
A p omising app oach is o conduc a eal-wo ld ace- o- ace (F2F)
s udy. This would in ol e alida ing and gaining deepe insigh s in o
he e ec i eness o psychological echniques, as well as using addi-
ional echniques which can only be applied in non-online con ex s in
p ac ical scena ios. Such a s udy could help b idge he gap be ween
con olled expe imen s and eal-wo ld social enginee ing a acks, p o-
iding aluable insigh s o secu i y p o essionals.
Ano he a ea o in es iga ion in ol es in-dep h case s udies o
ac ual social enginee ing a acks. Analyzing ac ics employed in a -
acks such as phishing, p e ex ing, and ailga ing can o e a deepe
unde s anding o he unde lying psychological p inciples a play. These
case s udies can se e as aluable esou ces o bo h esea che s and
o ganiza ions seeking o bols e hei secu i y measu es.
NLP and La ge Language Models (LLMs) o e powe ul echniques
o dissec ing psychological manipula ion in phishing emails and o he
w i en communica ion-based a acks. By iden i ying pe suasi e lan-
guage, au ho i y appeals, and commi men o ecip oci y ac ics, NLP
can help o ganiza ions de ec and espond o social enginee ing a -
emp s mo e e ec i ely. AI echnology can be u ilized o ain models
based on pa ame e s de ined by NLP, in o de o u ilize psychological
echniques in social enginee ing scena ios as well as iden i y hem.
This in u n will be a aluable indica o o he de ec ion o social
enginee ing a acks such as phishing emails.
Beha io al analysis is ano he p omising a enue o u u e esea ch.
Explo ing he beha io al changes in social enginee ing ic ims du ing
and a e a acks can e eal pa e ns ha aid in imp o ed de ec ion and
esponse s a egies. Unde s anding how indi iduals eac o di e en
social enginee ing ac ics can in o m he de elopmen o mo e a ge ed
coun e measu es. The beha io o he ic ims may be analyzed om
a psychological s andpoin as well as by ha nessing he powe o AI
echnology.
The inal poin is ha he de elopmen and implemen a ion o
social enginee ing coun e measu es a e essen ial. P ac ical s eps, such
as employee aining, ad anced email il e ing sys ems, and awa eness
campaigns, can help mi iga e social enginee ing isks wi hin o ganiza-
ions. These coun e measu es play a c ucial ole in s eng hening he
human elemen o cybe secu i y.
To summa ize, while his a icle p o ides aluable insigh s in o he
e ec i eness o psychological echniques in social enginee ing, he e
is s ill much o explo e and implemen . By pu suing hese a enues o
esea ch and p ac ical ini ia i es, we can be e p o ec indi iduals and
o ganiza ions om he e e -e ol ing landscape o social enginee ing
h ea s.
7. Conclusion
In his s udy, we del ed in o he complex wo ld o psychological
echniques u ilized in online phishing a acks, explo ing how hese
me hods exploi human cogni i e biases o manipula e indi iduals.
Th ough igo ous analysis, he s udy has in oduced and alida ed
no el me ics such as Absolu e Compliance Inc ease Ra e (ACR), Rela-
i e Compliance Inc ease Ra e (RCR), and Comp ehensi e Compliance
Inc ease Ra e (CCR), p o iding a nuanced amewo k o quan i ying
he in luence o psychological ac ics on compliance beha io s.
The indings e eal he impo ance o g oup dynamics in compli-
ance and he impo ance o he majo i y size, especially in scena ios
wi h ini ially low compliance, sugges ing i is a necessa y phenomenon
o acknowledge when designing p eemp i e de ense mechanisms. Sim-
ila ly, es ablished p inciples such as Au ho i y and Commi men &
Consis ency we e con i med as highly impac ul, aligning wi h hei
no ed p e alence in bo h heo e ical and p ac ical domains o social
enginee ing. These insigh s no only enhance ou unde s anding, bu
also guide e ec i e coun e measu es.
Mo eo e , by p o iding a de ailed axonomy o psychological ech-
niques used in no able phishing a acks, his a icle en iches he ex-
is ing body o knowledge, o e ing a esou ce o cybe secu i y p o es-
sionals seeking o unde s and he in e play be ween psychology and
secu i y. By co ela ing hese echniques wi h empi ical da a om
ime-hono ed co ne s one s udies, as well as con empo a y s udies, i
pa es he way o u u e esea ch aimed a o i ying digi al secu i y
in as uc u es agains he sub le ies o social enginee ing.
O e all, his esea ch unde sco es he impo ance o in eg a ing
psychological insigh s in o cybe secu i y p ac ices. I o e s a ounda-
ion o de eloping mo e e ec i e aining p og ams and de ensi e
measu es ha add ess he human elemen , which is o en he weakes
link in secu i y chains. The clea demons a ion o he e ec i eness
o a ious social enginee ing echniques p o ides a p ac ical basis
o de eloping aining p og ams and de ensi e p o ocols agains he
inc easingly sophis ica ed wo ld o cybe h ea s.
CRediT au ho ship con ibu ion s a emen
Ioannis S ylianou: W i ing – e iew & edi ing, W i ing – o igi-
nal d a , Visualiza ion, Resou ces, Me hodology, In es iga ion, Fo -
mal analysis, Concep ualiza ion. Panagio is Boun akas: W i ing – e-
iew & edi ing, Supe ision. Apos olis Za as: W i ing – e iew &
edi ing, Supe ision. Ch is os Xenakis: W i ing – e iew & edi ing,
Supe ision.
Compu e s in Human Beha io Repo s 19 (2025) 100694
21
I. S ylianou e al.
Decla a ion o compe ing in e es
The au ho s decla e ha hey ha e no known compe ing inan-
cial in e es s o pe sonal ela ionships ha could ha e appea ed o
in luence he wo k epo ed in his pape .
Acknowledgmen s
This esea ch has been pa ially unded om he Eu opean Union’s
esea ch and inno a ion p og ammes unde g an ag eemen s No.
101070214 (TRUSTEE), No. 101119602 (COBALT), No. 101092702
(OASEES), and No. 101120962 (RESCALE). Views and opinions ex-
p essed a e howe e hose o he au ho (s) only and do no necessa ily
e lec hose o he Eu opean Union o he Heal h and Digi al Execu i e
Agency. Nei he he Eu opean Union no he g an ing au ho i y can be
held esponsible o hem.
Da a a ailabili y
No da a was used o he esea ch desc ibed in he a icle.
Re e ences
Abdullahi, A. M., Oyibo, K., O ji, R., & Kawu, A. A. (2019). The in luence o
age, gende , and cogni i e abili y on he suscep ibili y o pe suasi e s a egies.
In o ma ion, 10(11), 352. h p://dx.doi.o g/10.3390/in o10110352.
Ab oshan, H., De os, J., Poels, G., & Lae mans, E. (2021). Phishing happens beyond
echnology: The e ec s o human beha io s and demog aphics on each s ep o a
phishing p ocess. IEEE Access, 9, 44928–44949. h p://dx.doi.o g/10.1109/ACCESS.
2021.3066383.
Aldawood, H., & Skinne , G. (2019). Re iewing cybe secu i y social enginee ing
aining and awa eness p og ams—Pi alls and ongoing issues. Fu u e In e ne , 11(3),
73.
Alshaikh, M. (2020). De eloping cybe secu i y cul u e o in luence employee beha io :
A p ac ice pe spec i e. Compu e s & Secu i y, 98, A icle 102003.
A. O. Labs (2023). Unpacking (and p e en ing) he ci cleci da a b each. URL: h ps:
//appomni.com/ao-labs/unpacking-p e en ing-ci cleci-da a-b each/. [Accessed 21
Decembe 2024].
A onson, E., Blaney, N., S ephan, C., Sikes, J., & Snapp, M. (1978). The jigsaw class oom.
Sage, h p://dx.doi.o g/10.4324/9781003106760-7.
Asch, S. E. (1952). G oup o ces in he modi ica ion and dis o ion o judgmen s. Social
Psychology, 450–501.
Asch, S. E. (1955). Opinions and social p essu e. Scien i ic Ame ican, 193(5), 31–35,
URL:.
Asch, S. E. (1956). S udies o independence and con o mi y: I. A mino i y o one
agains a unanimous majo i y. Psychological Monog aphs: Gene al and Applied, 70(9),
1. h p://dx.doi.o g/10.1037/h0093718.
Asch, S. E. (2016). E ec s o g oup p essu e upon he modi ica ion and dis o ion o
judgmen s. In O ganiza ional in luence p ocesses (pp. 295–303). Rou ledge.
Ba gh, J. A., & Mo sella, E. (2008). The unconscious mind. Pe spec i es on Psychological
Science, 3(1), 73–79. h p://dx.doi.o g/10.1111/j.1745-6916.2008.00064.x.
BBC News (2018). B i ish ai ways b each: How did hacke s ge in? URL: h ps:
//www.bbc.com/news/ echnology-45446529. [Accessed 21 Decembe 2024].
BBC News (2019). B i ish ai ways aces eco d £183m ine o da a b each. URL:
h ps://www.bbc.com/news/business-48905907. [Accessed 21 Decembe 2024].
BBC News (2020a). B i ish ai ways ined £20m o e da a b each. URL: h ps://www.
bbc.com/news/ echnology-54568784. [Accessed 21 Decembe 2024].
BBC News (2020b). Majo US Twi e accoun s hacked in bi coin scam. URL: h ps:
//www.bbc.com/news/ echnology-53425822. [Accessed 21 Decembe 2024].
Bem, D. J. (1972). Sel -pe cep ion heo y. ol. 6, In Ad ances in expe imen al social
psychology (pp. 1–62). Else ie , h p://dx.doi.o g/10.1016/S0065-2601(08)60024-6.
Bond, R., & Smi h, P. B. (1996). Cul u e and con o mi y: A me a-analysis o s udies
using asch2019s (1952b, 1956) line judgmen ask. Psychological Bulle in, 119(1),
111–137. h p://dx.doi.o g/10.1037/0033-2909.119.1.111.
Bullée, J.-W. H., Mon oya, L., Pie e s, W., Junge , M., & Ha el, P. (2018). On he
ana omy o social enginee ing a acks—A li e a u e-based dissec ion o success ul
a acks. Jou nal o In es iga i e Psychology and O ende P o iling, 15(1), 20–45.
h p://dx.doi.o g/10.1002/jip.1482.
Bu ge , J. M. (1986). Inc easing compliance by imp o ing he deal: The ha 2019s-
no -all echnique. Jou nal o Pe sonali y and Social Psychology, 51(2), 277–283.
h p://dx.doi.o g/10.1037/0022-3514.51.2.277.
Cha and, T. L., & Ba gh, J. A. (1999). The chameleon e ec : The pe cep ion2013be-
ha io link and social in e ac ion. Jou nal o Pe sonali y and Social Psychology, 76(6),
893–910. h p://dx.doi.o g/10.1037/0022-3514.76.6.893.
Cialdini, R. B. (1984). In luence: The psychology o pe suasion: ol. 55, Ha pe Collins
New Yo k.
Cialdini, R. B. (2007). In luence: The psychology o pe suasion: ol. 55, Collins New Yo k.
Cialdini, R. B., Cacioppo, J. T., Basse , R., & Mille , J. A. (1978). Low-ball p ocedu e
o p oducing compliance: Commi men hen cos . Jou nal o Pe sonali y and Social
Psychology, 36(5), 463. h p://dx.doi.o g/10.1037/0022-3514.36.5.463.
Cialdini, R. B., Vincen , J. E., Lewis, S. K., Ca alan, J., Wheele , D., & Da by, B. L.
(1975). Recip ocal concessions p ocedu e o inducing compliance: The doo -in-
he- ace echnique. Jou nal o Pe sonali y and Social Psychology, 31(2), 206–215.
h p://dx.doi.o g/10.1037/h0076284.
Cohen, J. (2016). A powe p ime . In Me hodological issues and s a egies in clinical
esea ch (4 h ed.). (pp. 279–284). Ame ican Psychological Associa ion, h p://dx.
doi.o g/10.1037/14805-018.
Coope , H. M. (1979). S a is ically combining independen s udies: A me a-analysis o
sex di e ences in con o mi y esea ch. Jou nal o Pe sonali y and Social Psychology,
37(1), 131–146. h p://dx.doi.o g/10.1037/0022-3514.37.1.131.
Daly, A. (2021). 7 o he bigges phishing scams o all ime. URL: h ps://www.inky.
com/en/blog/7-o - he-bigges -phishing-scams-o -all- ime-2021.
Depa men o Jus ice (2019). Li huanian man sen enced o 5 yea s in p ison
o he o o e $120 million in audulen business email comp omise
scheme. URL: h ps://www.jus ice.go /usao-sdny/p /li huanian-man-sen enced-5-
yea s-p ison- he -o e -120-million- audulen -business.
Dijks e huis, A., Smi h, P. K., an Baa en, R. B., & Wigboldus, D. H. (2005). The uncon-
scious consume : E ec s o en i onmen on consume beha io . Jou nal o Consume
Psychology, 15(3), 193–202. h p://dx.doi.o g/10.1207/s15327663jcp1503_3.
DocuSign (2017). Upda e: 5/15/2017: La es upda e on malicious email campaign.
URL: h ps://www.docusign.com/ us /ale s/upda e-5-15-2017-la es -upda e-on-
malicious-email-campaign. [Accessed 21 Decembe 2024].
Eagly, A. H. (1978). Sex di e ences in in luenceabili y. Psychological Bulle in, 85(1),
86–116. h p://dx.doi.o g/10.1037/0033-2909.85.1.86.
Eagly, A. H., Wood, W., & Fishbaugh, L. (1981). Sex di e ences in con o mi y:
Su eillance by he g oup as a de e minan o male noncon o mi y. Jou nal o
Pe sonali y and Social Psychology, 40(2), 384–394. h p://dx.doi.o g/10.1037/0022-
3514.40.2.384.
En ici, I., Ancilli, M., & Lioy, A. (2010). A psychological app oach o in o ma ion
echnology secu i y. In 3 d in e na ional con e ence on human sys em in e ac ion (pp.
459–466). IEEE, h p://dx.doi.o g/10.1109/HSI.2010.5514528.
Fe guson, C. J. (2016). An e ec size p ime : A guide o clinicians and esea che s.
In Me hodological issues and s a egies in clinical esea ch (4 h ed.). (pp. 301–310).
Ame ican Psychological Associa ion, h p://dx.doi.o g/10.1037/14805-020.
Fe ei a, A., & Teles, S. (2019). Pe suasion: How phishing emails can in luence use s
and bypass secu i y measu es. In e na ional Jou nal o Human-Compu e S udies, 125,
19–31. h p://dx.doi.o g/10.1016/j.ijhcs.2018.12.004.
Flo es, W. R., & Eks ed , M. (2016). Shaping in en ion o esis social enginee ing
h ough ans o ma ional leade ship, in o ma ion secu i y cul u e and awa eness.
Compu e s & Secu i y, 59, 26–44.
F eedman, J. L., & F ase , S. C. (1966). Compliance wi hou p essu e: The oo -in-
he-doo echnique. Jou nal o Pe sonali y and Social Psychology, 4(2), 195–202.
h p://dx.doi.o g/10.1037/h0023552.
G agg, D. (2003). A mul i-le el de ense agains social enginee ing. SANS Reading Room,
13, 1–21.
G een, B. L., & Ken ick, D. T. (1994). The a ac i eness o gende - yped ai s a
di e en ela ionship le els: And ogynous cha ac e is ics may be desi able a e
all. Pe sonali y and Social Psychology Bulle in, 20(3), 244–253. h p://dx.doi.o g/10.
1177/0146167294203002.
G iske icius, V., Golds ein, N. J., Mo ensen, C. R., Cialdini, R. B., & Ken ick, D.
T. (2006). Going along e sus going alone: When undamen al mo i es acili a e
s a egic (non) con o mi y. Jou nal o Pe sonali y and Social Psychology, 91(2), 281.
h p://dx.doi.o g/10.1037/0022-3514.91.2.281.
He zog, R. L., & Scudde , J. N. (1996). In luence o pe suade gende e sus gende
o a ge on he selec ion o compliance2010gaining s a egies. Howa d Jou nal o
Communica ions, 7(1), 29–34. h p://dx.doi.o g/10.1080/10646179609361711.
Jackson, L. A. (1983). The pe cep ion o and ogyny and physical a ac i eness.
Pe sonali y and Social Psychology Bulle in, 9(3), 405–413. h p://dx.doi.o g/10.1177/
0146167283093011.
Jhangiani, R., & Ta y, H. (2022). P inciples o social psychology-1s in e na ional H5P
Edi ion. BCcampus.
Kahneman, D. (2011). Thinking, as and slow. Macmillan.
Kelman, H. C. (1958). Compliance, iden i ica ion, and in e naliza ion h ee p ocesses
o a i ude change. Jou nal o Con lic Resolu ion, 2(1), 51–60. h p://dx.doi.o g/10.
1177/002200275800200106.
Kiesel, A., Wagene , A., Kunde, W., Ho mann, J., Fallga e , A. J., & S öcke , C. (2006).
Unconscious manipula ion o ee choice in humans. Consciousness and Cogni ion,
15(2), 397–408, URL:.
K ebs, B. (2017). B each a DocuSign led o a ge ed email malwa e campaign. URL:
h ps://k ebsonsecu i y.com/2017/05/b each-a -docusign-led- o- a ge ed-email-
malwa e-campaign/commen -page-1/. [Accessed 21 Decembe 2024].
K ombholz, K., Hobel, H., Hube , M., & Weippl, E. (2015). Ad anced social enginee ing
a acks. Jou nal o In o ma ion Secu i y and Applica ions, 22, 113–122. h p://dx.doi.
o g/10.1016/j.jisa.2014.09.005.
Compu e s in Human Beha io Repo s 19 (2025) 100694
22
I. S ylianou e al.
Lakin, J. L., Je e is, V. E., Cheng, C. M., & Cha and, T. L. (2003). The chameleon
e ec as social glue: E idence o he e olu iona y signi icance o nonconscious
mimic y. Jou nal o Non e bal Beha io , 27, 145–162, URL:.
Lange , E. J., Blank, A., & Chanowi z, B. (1978). The mindlessness o os ensibly
hough ul ac ion: The ole o " placebic" in o ma ion in in e pe sonal in e ac ion.
Jou nal o Pe sonali y and Social Psychology, 36(6), 635. h p://dx.doi.o g/10.1037/
0022-3514.36.6.635.
Lichumon (2023). 5 wo s whaling a acks: Whale phishing. PhishG id. URL: h ps:
//phishg id.com/blog/wo s -whaling-a ack/#1-snapcha -pay oll-in o ma ion-leak.
Majo , B., & Deaux, K. (1977). E ec s o physical a ac i eness, sex and sex- ole on
ai a ibu ions. Midwes e n Psychological Associa ion Con en ion.
Mann, L. (1969). Social psychology: ol. 55, Wiley.
McLeod, S. (2023a). The milg am shock expe imen . www.simplypsychology.o g/
milg am.h ml.
McLeod, S. (2023b). Wha is con o mi y? www.simplypsychology.o g/con o mi y.h ml.
Milg am, S. (1974). Obedience o au ho i y: an expe imen al iew. New Yo k: Ha pe &
Row.
Milg am, S., Bickman, L., & Be kowi z, L. (1969). No e on he d awing powe o c owds
o di e en size. Jou nal o Pe sonali y and Social Psychology, 13, 79–82.
Mi nick, K. D., & Simon, W. L. (2003). The a o decep ion: Con olling he human elemen
o secu i y. John Wiley & Sons.
Mi nick Secu i y (2020). The 2020 Twi e bi coin scam: How i happened and key
lessons om whi eha hacke ke in mi nick. URL: h ps://www.mi nicksecu i y.
com/blog/2020- wi e -bi coin-scam. [Accessed 21 Decembe 2024].
Mon añez, R., Golob, E., & Xu, S. (2020). Human cogni ion h ough he lens o social
enginee ing cybe a acks. F on ie s in Psychology, 11, 1755. h p://dx.doi.o g/10.
3389/ psyg.2020.01755.
Mo ison, C., & Naumo , P. (2019). G oup con o mi y in social ne wo ks. Jou nal o
Logic, Language and In o ma ion, 29(1), 3–19. h p://dx.doi.o g/10.1007/s10849-
019-09303-5.
Muscanell, N. L., Guadagno, R. E., & Mu phy, S. (2014). Weapons o in luence misused:
A social in luence analysis o why people all p ey o in e ne scams. Social
and Pe sonali y Psychology Compass, 8(7), 388–396. h p://dx.doi.o g/10.1111/spc3.
12115.
New Yo k Depa men o Financial Se ices (2020). Twi e in es iga ion epo . URL:
h ps://www.d s.ny.go /Twi e _Repo . [Accessed 21 Decembe 2024].
Newell, B. R., & Shanks, D. R. (2014). Unconscious in luences on decision making:
A c i ical e iew. Beha io al and B ain Sciences, 37(1), 1–19. h p://dx.doi.o g/10.
1017/s0140525x12003214.
Nicke son, C. (2021). Di e ences be ween ex insic and in insic mo i a ion. www.
simplypsychology.o g/di e ences-be ween-ex insic-and-in insic-mo i a ion.h ml.
Nowak, K. L., & Rauh, C. (2017). The in luence o he a a a on online pe cep ions
o an h opomo phism, and ogyny, c edibili y, homophily, and a ac ion. Jou nal
o Compu e -Media ed Communica ion, 11(1), 153–178. h p://dx.doi.o g/10.1111/j.
1083-6101.2006. b00308.x.
Nwankpa, J. K., & Da a, P. M. (2023). Remo e igilance: The oles o cybe awa eness
and cybe secu i y policies among emo e wo ke s. Compu e s & Secu i y, 130, A icle
103266.
Oinas-Kukkonen, H., & Ha jumaa, M. (2009). Pe suasi e sys ems design: Key issues, p o-
cess model, and sys em ea u es. Communica ions o he Associa ion o In o ma ion
Sys ems, 24(1), 28. h p://dx.doi.o g/10.17705/1CAIS.02428.
Pe cep ion Poin (2023). Takeaways om he ci cleci inciden . URL: h ps://pe cep ion-
poin .io/blog/ akeaways- om- he-ci cleci-inciden /. [Accessed 21 Decembe 2024].
Pu ohi , A. (2022). 5 o he mos expensi e phishing scams in his o y. URL: h ps:
//www.del a-ne .com/blog/5-o - he-mos -expensi e-phishing-scams-in-his o y/.
Sawye , B. D., & Hancock, P. A. (2018). Hacking he human: The p e alence pa a-
dox in cybe secu i y. Human Fac o s, 60(5), 597–609. h p://dx.doi.o g/10.1177/
0018720818780472.
Schneie , B. (2015). Sec e s & Lies: digi al secu i y in a ne wo ked wo ld. Wiley, h p:
//dx.doi.o g/10.1002/9781119183631.
She i , M. (1988). The obbe s ca e expe imen : In e g oup con lic and coope a ion.[O ig.
pub. as In e g oup con lic and g oup ela ions]. Wesleyan Uni e si y P ess.
Sigalos, M. (2022). C yp o hacke s s eal o e $615 million om ne wo k ha uns pop-
ula game axie in ini y. URL: h ps://www.cnbc.com/2022/03/29/hacke s-s eal-
o e -615-million- om-ne wo k- unning-axie-in ini y.h ml. [Accessed 21 Decembe
2024].
Sou ce De ense (2022). B i ish ai ways: A case s udy in GDPR compliance ail-
u e. URL: h ps://sou cede ense.com/ esou ces/blog/b i ish-ai ways-a-case-s udy-
in-gdp -compliance- ailu e/. [Accessed 21 Decembe 2024].
S allen, M., Smid s, A., & San ey, A. (2013). Pee in luence: Neu al mechanisms
unde lying in-g oup con o mi y. F on ie s in Human Neu oscience, 7, h p://dx.
doi.o g/10.3389/ nhum.2013.00050, URL: h ps://www. on ie sin.o g/a icles/10.
3389/ nhum.2013.00050.
S eele, R. S., & Mo awski, J. G. (2002). Implici cogni ion and he social unconscious.
Theo y & Psychology, 12(1), 37–54. h p://dx.doi.o g/10.1177/0959354302121003.
S ojnic, T., Va salan, D., & A achchilage, N. A. G. (2021). Phishing email s a egies:
Unde s anding cybe c iminals’ s a egies o c a ing phishing emails. Secu i y and
P i acy, 4(5), h p://dx.doi.o g/10.1002/spy2.165.
S ylianou, I. (2021). Analysis and usage o pene a ion es ing ools.
Tessian (2023). 15 examples o eal social enginee ing a acks. URL: h ps://www.
essian.com/blog/examples-o -social-enginee ing-a acks/.
Tidy, J. (2022). Ronin ne wo k: Wha a $600m hack says abou he s a e o c yp o. URL:
h ps://www.bbc.com/news/ echnology-60933174. [Accessed 21 Decembe 2024].
Toulas, B. (2022a). Hacke s s ole $620 million om axie in ini y ia ake job in e iews.
URL: h ps://www.bleepingcompu e .com/news/secu i y/hacke s-s ole-620-million-
om-axie-in ini y- ia- ake-job-in e iews/. [Accessed 21 Decembe 2024].
Toulas, B. (2022b). O ice 365 phishing a ack impe sona es he US depa men o la-
bo . URL: h ps://www.bleepingcompu e .com/news/secu i y/o ice-365-phishing-
a ack-impe sona es- he-us-depa men -o -labo /.
T endMic o (2016). Aus ian ae onau ics company loses o e e42 million o BEC scam.
URL: h ps://www. endmic o.com/ in o/us/secu i y/news/cybe c ime-and-digi al-
h ea s/aus ian-ae onau ics-company-loses-42m- o-bec-scam.
U. S. Depa men o Labo Guidance on he P o ec ion o Pe sonally Iden i iable
In o ma ion (PII). URL: h ps://www.dol.go /gene al/ppii.
Vo i o (2022). E e y hing we know abou he axie in ini y b each. URL: h ps://
o i o.com/blog/e e y hing-we-know-abou - he-axie-in ini y-b each/. [Accessed 21
Decembe 2024].
Compu e s in Human Beha io Repo s 19 (2025) 100694
23
