The social engineering personality framework

We explore Information and Communication Technology (ICT) security in a socio-technical world and focus in particular on the susceptibility to social engineering attacks. We pursue the question if and how personality traits influence this susceptibility. We use Cialdini’s principles of influence to categorise social engineering attacks. First we show with a comprehensive literature review how existent research approaches social engineering susceptibility. Based on this review we construct suggestions for plausible relations between personality traits of the Five-Factor Model (Big 5) and the principles of influence. We propose our – at this stage theory-based – “Social Engineering Personality Framework” (SEPF) which we will evaluate in future empiric research. The characteristics of victims’ personality traits in the SEPF will support and guide security researchers and practitioners in developing detection, mitigation, and prevention strategies while dealing with human factors in social engineering attacks.