Social engineering and organisational dependencies in phishing attacks

Ronnie Taib, Kun Yu, Shlomo Berkovsky, Piers Bayl-Smith, Mark Wiggins

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

15 Citations (Scopus)


Phishing emails are a widespread cybersecurity attack method. Their breadth and depth have been on the rise as they target individuals and organisations with increased sophistication. In particular, social engineering in phishing focuses on human vulnerabilities by exploiting established psychological and behavioural cues to increase the credibility of phishing emails. This work presents the results of a 56,000-participant phishing attack simulation carried out within a multi-national financial organisation. The overarching hypothesis was that strong cultural and contextual factors impact employee vulnerability. Thus, five phishing emails were crafted, based on three of Cialdini’s persuasion principles used in isolation and in combination. Our results showed that Social proof was the most effective attack vector, followed by Authority and Scarcity. Furthermore, we examined these results in the light of a set of demographic and organisational features. Finally, both click-through rates and reporting rates were examined, to provide rich insights to developers of cybersecurity educational solutions.
Original languageEnglish
Title of host publicationHuman-Computer Interaction – INTERACT 2019
Subtitle of host publication17th IFIP TC 13 International Conference, Proceedings, Part I
EditorsDavid Lamas, Fernando Loizides, Lennart Nacke, Helen Petrie, Marco Winckler, Panayiotis Zaphiris
Place of PublicationSwitzerland
PublisherSpringer, Springer Nature
Number of pages21
ISBN (Electronic)9783030293819
ISBN (Print)9783030293802
Publication statusPublished - 2019
Event17th IFIP TC.13 International Conference on Human-Computer Interaction – INTERACT 2019 - Paphos, Cyprus
Duration: 2 Sept 20196 Sept 2019

Publication series

NameLecture Notes in Computer Science
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference17th IFIP TC.13 International Conference on Human-Computer Interaction – INTERACT 2019
Abbreviated titleINTERACT 2019
Internet address


  • cybersecurity
  • phishing
  • social engineering
  • simulation
  • behavioral study


Dive into the research topics of 'Social engineering and organisational dependencies in phishing attacks'. Together they form a unique fingerprint.

Cite this