Social engineering and the disclosure of personal identifiable information: Examining the relationship and moderating factors using a population-based survey experiment

People tend to disclose personal identifiable information (PII) that could be used by cybercriminals against them. Often, persuasion techniques are used by cybercriminals to trick people to disclose PII. This research investigates whether people can be made less susceptible to persuasion by reciproc...

Full description

Saved in:  
Bibliographic Details
Main Author: van der Kleij, Rick (Author)
Contributors: van ‘t Hoff—De Goede, Susanne ; van de Weijer, Steve ; Leukfeldt, E. R.
Format: Electronic Article
Language:English
Published: 2023
In: Journal of criminology
Year: 2023, Volume: 56, Issue: 2/3, Pages: 278-293
Online Access: Volltext (lizenzpflichtig)
Journals Online & Print:
Drawer...
Check availability: HBZ Gateway
Keywords:
Cybercrime
Cybersecurity
Positive Affect
Self-disclosure
data breach
information security knowledge
persuasion techniques
Description
Summary:People tend to disclose personal identifiable information (PII) that could be used by cybercriminals against them. Often, persuasion techniques are used by cybercriminals to trick people to disclose PII. This research investigates whether people can be made less susceptible to persuasion by reciprocation (i.e., making people feel obligated to return a favour) and authority, particularly in regard to whether information security knowledge and positive affect moderate the relation between susceptibility to persuasion and disclosing PII. Data are used from a population-based survey experiment that measured the actual disclosure of PII in an experimental setting (N?=?2426). The results demonstrate a persuasion?disclosure link, indicating that people disclose more PII when persuaded by reciprocation, but not by authority. Knowledge of information security was also found to relate to disclosure. People disclosed less PII when they possessed more knowledge of information security. Positive affect was not related to the disclosure of PII. And contrary to expectations, no moderating effects were found of information security knowledge nor positive affect on the persuasion?disclosure link. Possible explanations are discussed, as well as limitations and future research directions.
ISSN:2633-8084
DOI:10.1177/26338076231162660