Every day thousands of people are convinced to reveal vulnerable, personal information such as social security ids and bank account details, home and email addresses, and the list can go on. Deceitful and convincing attempts, known as social engineering techniques, have trustworthy content and occur through various communication means. Online identity theft, commonly known as (online) phishing, is an example of social engineering. A relevant research question here could be formed as follows:
Advancing social awareness can result in better and timely protection of citizens’ vulnerability and privacy. It can encourage citizens’ active participation in society and could eventually have a long term social impact, leading to social transformation (Berki et al., 2014). Additionally, it can prove to be the most cost-effective option in information systems maintenance.
In phishing attacks, technical subterfuge techniques (e.g., pharming) are employed to modify host files in the victims’ computers, proceed to DNS cache poisoning, utilise domain name typos, exploit cross-site scripting vulnerabilities, and organise man-in-the-middle attacks in order to redirect a website’s traffic to another, fake site. Further, techniques such as cross-site request forgery, specialised malware, rogue Wi-Fi (i.e. evil twin), rogue Quick Response (QR) code, and hacking techniques are also utilised to conduct phishing attacks.
Nowadays, however, social engineering is more prevalent in phishing attacks. Social engineering is the psychological manipulation of people in order to make them divulge their confidential information or perform unwitting activities which can be harmful for security and privacy… (See Li, 2013; Berki, 2014). The four phases of a cycle in social engineering are: information gathering, developing relationship, exploitation, and execution (see Allan et al., 2005). Phishers, spammers, and other (e.g. pharmers) employ more specialised targeted attacks such as spear phishing, clone phishing, and whaling and invest considerable time preparing for such attacks. They employ social engineering techniques such as masquerading, dumpster diving, leftover, hoax virus alerts and other such as chain letters, spam, direct psychological manipulation (Harley, 200), chat-in-the- middle attack, vishing, smishing (RSA, 2009), to name just a few attempts that target to sensitive information elicitation. In fact, social engineering and social engineers no longer have a positive image connected to socio-scientific knowledge, but they have been associated with dark creativity and deceitful information acquisition and processing. Notwithstanding, deceiving citizens to reveal their and friends’ and relatives’ personal credentials is considered unethical and illegal.