A Study of Social Engineering in Online Frauds

Social engineering is a psychological exploitation which scammers use to skillfully manipulate human weaknesses and carry out emotional attacks on innocent people. This study examined the contents of 100 phishing e-mails and 100 advance-fee-scam e-mails, and evaluated the persuasion techniques exploited by social engineers for their illegal gains. The analyses showed that alert and account verification were the two primary triggers used to raise the attention of phishing e-mail recipients. These phishing e-mails were typically followed by a threatening tone via urgency. In advance-fee e-mails, timing is a lesser concern; potential monetary gain is the main trigger. Business proposals and large unclaimed funds were the two most common incentives used to lure victims. The study revealed that social engineers use statements in positive and negative manners in combination with authoritative and urgent persuasions to influence innocent people on their decisions to respond. Since it is highly unlikely that online fraud will ever be completely eliminated, the most important strategy that can be directed to combat social engineering attacks is to educate the public on potential threats from perpetrators.