Cognition in Social Engineering Empirical Research: A Systematic Literature Review

Pavlo Burda (Corresponding author), Luca Allodi (Corresponding author), Nicola Zannone (Corresponding author)

Research output: Contribution to journalArticleAcademicpeer-review

3 Citations (Scopus)
31 Downloads (Pure)

Abstract

The interdisciplinarity of the Social Engineering (SE) domain creates crucial challenges for the development and advancement of empirical SE research, making it particularly difficult to identify the space of open research questions that can be addressed empirically. This space encompasses questions on attack conditions, employed experimental methods, and interactions with underlying cognitive aspects. As a consequence, much potential in the breadth of existing empirical SE research and in its mapping to the actual cognitive processes it aims to measure is left untapped. In this work, we carry out a systematic review of 169 articles investigating overall 735 hypotheses in the field of empirical SE research, focusing on experimental characteristics and core cognitive features from both attacker and target perspectives. Our study reveals that experiments only partially reproduce real attacks and that the exploitable SE attack surface appears much larger than the coverage provided by the current body of research. Factors such as targets' context and cognitive processes are often ignored or not explicitly considered in experimental designs. Similarly, the effects of different pretexts and varied targetization levels are overall marginally investigated. Our findings on current SE research dynamics provide insights into methodological shortcomings and help identify supplementary techniques that can open promising future research directions.

Original languageEnglish
Article number19
Number of pages55
JournalACM Transactions on Computer-Human Interaction
Volume31
Issue number2
DOIs
Publication statusPublished - Apr 2024

Bibliographical note

Publisher Copyright:
© 2024 Copyright held by the owner/author(s).

Funding

This work is supported by the INTERSCT project, Grant No. NWA.1162.18.301, and by the SeReNity project, Grant No. cs.010, both funded by Netherlands Organisation for Scientific Research (NWO).

FundersFunder number
Nederlandse Organisatie voor Wetenschappelijk Onderzoek

    Keywords

    • Additional Key Words and PhrasesSocial engineering
    • cognitive processes
    • empirical studies

    Fingerprint

    Dive into the research topics of 'Cognition in Social Engineering Empirical Research: A Systematic Literature Review'. Together they form a unique fingerprint.

    Cite this