Psychological Mechanisms of Social Engineering in Cyber Attacks

Abstract

In contemporary cybersecurity social engineering attacks represent one of the most persistent and effective dangers, since they purposefully prey on human behaviour to avoid technical protective mechanisms. Especially phishing and spear-phishing are based on psychological influence strategies, since they manipulate cognitive and emotional decision processes. The goal of this thesis was the systematic analysis of psychological mechanisms, which enable social engineering attacks as well as the research of the causes for individual susceptibility towards digital manipulation. There was a particular emphasis on the interplay between cognitive biases, heuristic-decision making processes, social influences, and dynamics. For the methodological implementation a theoretical research approach was chosen, which was based on a structured and interdisciplinary literature analysis. Relevant academic sources from the fields of cybersecurity and social psychology with implied criminological references were identified, analysed and interconnected to systematically integrate existing findings. The results show that the effectiveness of social engineering attacks depends on the targeted exploitation of human cognitive and emotional processes. Exploited factors are urgency, authority, social proof, and automated decision-making processes with the goal being to increase the individual’s vulnerability. In addition, modern technologies are enhanced through the use of large language models by scalability and individualization of attacks, which are significantly and continuously improved. This highlights the need for the development of sustainable prevention strategies and effective security measures, where the human factor must be taken into account. In conclusion, technological security measures are not sufficient enough to prevent social engineering attacks. An interdisciplinary approach is needed, where psychological, technological and organizational perspectives are connected.