Home > Publications
Home University of Twente
Prospective Students
Intranet (internal)

EEMCS EPrints Service

25579 The persuasion and security awareness experiment: reducing the success of social engineering attacks
Home Policy Brochure Browse Search User Area Contact Help

Bullee, J.H. and Montoya Morales, A.L. and Pieters, W. and Junger, M. and Hartel, P.H. (2015) The persuasion and security awareness experiment: reducing the success of social engineering attacks. Journal of Experimental Criminology, 11 (1). pp. 97-115. ISSN 1573-3750 *** ISI Impact 2,229 ***

Full text available as:

- Univ. of Twente only
1286 Kb

Official URL:

Exported to Metis


The aim of the current study is to explore to what extent an intervention reduces the effects of social engineering (e.g. the obtaining of access by persuasion) in an office environment. In particular, we study the effect of authority during a `social engineering' attack.

31 different `offenders' visited the offices of 118 employees and on the basis of a script, asked them to hand over their office keys. Authority, one of the six principles of persuasion, was used by half of the offenders to persuade a target to comply with his/her request. Prior to the visit, an intervention was randomly administered to half of the targets to increase their resilience against attempts by others to obtain their credentials.

37.0% of the employees who were exposed to the intervention surrendered their keys whilst 62.5% of those who were not exposed to it handed it over. The intervention has a significant effect on compliance but the same was not the case for authority.

Awareness-raising about the dangers, characteristics and countermeasures associated with social engineering proved to have a significant positive effect on neutralizing the attacker.

Item Type:Article
Research Group:EWI-SCS: Services, Cyber security and Safety, MB-IEBIS: Industrial Engineering and Business Information Systems
Research Program:CTIT-General, UT-CST: Crime Science Twente
Research Project:TREsPASS: Technology-supported Risk Estimation By Predictive Assessment Of Socio-technical Security
Additional Information:Foreground=100%; Type of activity = publication; Main leader=UT; Type of audience = scientific community; Size of audience = n.a.; Countries addressed = international;
Uncontrolled Keywords:Authority, Awareness, Credentials, Experiment, Intervention, Persuasion, Social Engineering
ID Code:25579
Deposited On:30 January 2015
ISI Impact Factor:2,229
More Information:statisticsmetis

Export this item as:

To request a copy of the PDF please email us request copy

To correct this item please ask your editor

Repository Staff Only: edit this item