Home > Publications
Home University of Twente
Prospective Students
Intranet (internal)

EEMCS EPrints Service

27214 Priming and warnings are not effective to prevent social engineering attacks
Home Policy Brochure Browse Search User Area Contact Help

Junger, M. and Montoya Morales, A.L. and Overink, F.J. (2017) Priming and warnings are not effective to prevent social engineering attacks. Computers in Human Behavior, 66. pp. 75-87. ISSN 0747-5632 *** ISI Impact 2,880 ***

Full text available as:

- Univ. of Twente only
731 Kb

Official URL:


Humans tend to trust each other and to easily disclose personal information. This makes them vulnerable to social engineering attacks. The present study investigated the effectiveness of two interventions that aim to protect users against social engineering attacks, namely priming through cues to raise awareness about the dangers of social engineering cyber-attacks and warnings against the disclosure of personal information. A sample of visitors of the shopping district of a medium-sized town in the Netherlands was studied. Disclosure was measured by asking subjects for their email address, 9 digits from their 18 digit bank account number, and for those who previously shopped online, what they had purchased and in which web shop. Relatively high disclosure rates were found: 79.1% of the subjects filled in their email address, and 43.5% provided bank account information. Among the online shoppers, 89.8% of the subjects filled in the type of product(s) they purchased and 91.4% filled in the name of the online shop where they did these purchases. Multivariate analysis showed that neither priming questions, nor a warning influenced the degree of disclosure. Indications of an adverse effect of the warning were found. The implications of these findings are discussed.

Item Type:Article
Research Group:EWI-SCS: Services, Cyber security and Safety, BMS-IEBIS: Industrial Engineering & Business Information Systems
Research Program:CTIT-General, UT-CST: Crime Science Twente
Research Project:TREsPASS: Technology-supported Risk Estimation By Predictive Assessment Of Socio-technical Security
Additional Information:Foreground = 50%; Type of activity = Publication; Main leader = UT; Type of audience = Scientific community, industry & policy makers; Size of audience = n.a.; Countries addressed = International ;
ID Code:27214
Deposited On:26 September 2016
ISI Impact Factor:2,880
More Information:statistics

Export this item as:

To request a copy of the PDF please email us request copy

To correct this item please ask your editor

Repository Staff Only: edit this item