Social engineering and the disclosure of personal identifiable information: Examining the relationship and moderating factors using a population-based survey experiment-Reference-Cited by-同舟云学术

Social engineering and the disclosure of personal identifiable information: Examining the relationship and moderating factors using a population-based survey experiment

Published:2023-03-14 Issue:2-3 Volume:56 Page:278-293
ISSN:2633-8076
Container-title:Journal of Criminology
language:en
Short-container-title:Journal of Criminology

Author:

van der Kleij Rick¹^ORCID,van ‘t Hoff—De Goede Susanne²,van de Weijer Steve³^ORCID,Leukfeldt Rutger⁴

Affiliation:

1. Centre of Expertise Cyber Security, The Hague University of Applied Sciences (THUAS), The Hague, the Netherlands; Department of Networked Organisations, Netherlands Organisation for Applied Scientific Research (TNO), The Hague, the Netherlands

2. Centre of Expertise Cyber Security, The Hague University of Applied Sciences (THUAS), The Hague, the Netherlands

3. Netherlands Institute for the Study of Crime and Law Enforcement (NSCR), Amsterdam, the Netherlands

4. Centre of Expertise Cyber Security, The Hague University of Applied Sciences (THUAS), The Hague, the Netherlands; Netherlands Institute for the Study of Crime and Law Enforcement (NSCR), Amsterdam, the Netherlands

Abstract

People tend to disclose personal identifiable information (PII) that could be used by cybercriminals against them. Often, persuasion techniques are used by cybercriminals to trick people to disclose PII. This research investigates whether people can be made less susceptible to persuasion by reciprocation (i.e., making people feel obligated to return a favour) and authority, particularly in regard to whether information security knowledge and positive affect moderate the relation between susceptibility to persuasion and disclosing PII. Data are used from a population-based survey experiment that measured the actual disclosure of PII in an experimental setting ( N = 2426). The results demonstrate a persuasion–disclosure link, indicating that people disclose more PII when persuaded by reciprocation, but not by authority. Knowledge of information security was also found to relate to disclosure. People disclosed less PII when they possessed more knowledge of information security. Positive affect was not related to the disclosure of PII. And contrary to expectations, no moderating effects were found of information security knowledge nor positive affect on the persuasion–disclosure link. Possible explanations are discussed, as well as limitations and future research directions.

Publisher

SAGE Publications

Subject

Law

Link

http://journals.sagepub.com/doi/pdf/10.1177/26338076231162660

Reference36 articles.

1. Privacy and human behavior in the age of information

2. The Impact of Relative Standards on the Propensity to Disclose

3. Security awareness of computer users: A phishing threat avoidance perspective

4. How effective are social engineering interventions? A meta-analysis

5. Clarke R. A., Knake R. K. (2010). Securing the GCC in Cyberspace. ECSSR (Abu Dhabi). Emirates Lecture Series, (83), 0_1.