Social engineering is the usage of social manipulation and psychological tricks to make the targets assist offenders in their attack. This paper aimed to discuss the success of social engineering attacks and interventions in an organisational setting. Three kinds of social engineering experiments were discussed, each using a different modality (i.e. face-to-face (f2f), email and telephone). In each experiment, the targets (i.e. participants) were persuaded to perform actions that contribute to their victimisation. A portion of the participants in both the f2f and telephone experiment received an intervention to reduce victimisation. The conclusion is that awareness raising about dangers, characteristics and countermeasures related to social engineering proved to have a significant positive effect on protecting the target. The results of these experiments allow practitioners to focus awareness campaigns to maximise their effectiveness.
Bullee, J.H., Montoya, L., Junger, M., & Hartel, P. (2018). Het succes van social engineering. Tijdschrift voor Veiligheid, 40-52. doi: 10.5553/TvV/187279482018017102004
