{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,9]],"date-time":"2026-04-09T12:28:10Z","timestamp":1775737690056,"version":"3.50.1"},"reference-count":28,"publisher":"Emerald","issue":"2","license":[{"start":{"date-parts":[[2020,12,7]],"date-time":"2020-12-07T00:00:00Z","timestamp":1607299200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ICS"],"published-print":{"date-parts":[[2021,8,3]]},"abstract":"<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Purpose<\/jats:title>\n<jats:p>This study aims to examine how social engineers use persuasion principles during vishing attacks.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Design\/methodology\/approach<\/jats:title>\n<jats:p>In total, 86 examples of real-world vishing attacks were found in articles and videos. Each example was coded to determine which persuasion principles were present in that attack and how they were implemented, i.e. what specific elements of the attack contributed to the presence of each persuasion principle.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Findings<\/jats:title>\n<jats:p>Authority (A), social proof (S) and distraction (D) were the most widely used persuasion principles in vishing attacks, followed by liking, similarity and deception (L). These four persuasion principles occurred in a majority of vishing attacks, while commitment, reciprocation and consistency (C) did not. Further, certain sets of persuasion principles (i.e. authority, distraction, liking, similarity, and deception and social proof; , authority, commitment, reciprocation, and consistency, distraction, liking, similarity and deception, and social proof; and authority, distraction and social proof) were used more than others. It was noteworthy that despite their similarities, those sets of persuasion principles were implemented in different ways, and certain specific ways of implementing certain persuasion principles (e.g. vishers claiming to have authority over the victim) were quite rare.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Originality\/value<\/jats:title>\n<jats:p>To the best of authors\u2019 knowledge, this study is the first to investigate how social engineers use persuasion principles during vishing attacks. As such, it provides important insight into how social engineers implement vishing attacks and lays a critical foundation for future research investigating the psychological aspects of vishing attacks. The present results have important implications for vishing countermeasures and education.<\/jats:p>\n<\/jats:sec>","DOI":"10.1108\/ics-07-2020-0113","type":"journal-article","created":{"date-parts":[[2020,12,8]],"date-time":"2020-12-08T07:51:51Z","timestamp":1607413911000},"page":"314-331","source":"Crossref","is-referenced-by-count":47,"title":["How social engineers use persuasion principles during vishing attacks"],"prefix":"10.1108","volume":"29","author":[{"given":"Keith S.","family":"Jones","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Miriam E.","family":"Armstrong","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"McKenna K.","family":"Tornblad","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Akbar","family":"Siami Namin","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"140","published-online":{"date-parts":[[2020,12,7]]},"reference":[{"key":"key2021080202132078600_ref001","unstructured":"Beals, M., DeLiema, M. and Deevy, M. (2015), \u201cFramework for a taxonomy of fraud\u201d, available at: http:\/\/longevity.stanford.edu\/framework-for-a-taxonomy-of-fraud\/"},{"key":"key2021080202132078600_ref002","volume-title":"Influence: The Psychology of Persuasion","year":"2007"},{"issue":"4","key":"key2021080202132078600_ref003","doi-asserted-by":"publisher","first-page":"284","DOI":"10.1037\/1040-3590.6.4.284","article-title":"Guidelines, criteria, and rules of thumb for evaluating normed and standardized assessment instruments in psychology","volume":"6","year":"1994","journal-title":"Psychological Assessment"},{"key":"key2021080202132078600_ref004","article-title":"2019 Cyberthreat defense report","author":"CyberEdge Group","year":"2019"},{"key":"key2021080202132078600_ref09a","volume-title":"Applying Communication Theory for Professional Life: A Practical Introduction","year":"2005"},{"key":"key2021080202132078600_ref005","unstructured":"Federal Bureau of Investigation (FBI) (2017), \u201cBusiness e-mail compromise\/e-mail account compromise: the 5 billion dollar scam. Alert no. I-050417-PSA\u201d, available at: www.ic3.gov\/media\/2017\/170504.aspx"},{"key":"key2021080202132078600_ref006","doi-asserted-by":"publisher","first-page":"29","DOI":"10.1007\/978-1-4939-6457-4_4","article-title":"Persuasion in scams","volume-title":"Understanding Social Engineering Based Scams","year":"2016"},{"key":"key2021080202132078600_ref007","doi-asserted-by":"publisher","first-page":"597","DOI":"10.1007\/978-3-319-70278-0_38","article-title":"What to phish in a subject?","volume-title":"in International Conference on Financial Cryptography and Data Security, FC 2017 Workshops","year":"2017"},{"key":"key2021080202132078600_ref008","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1016\/j.ijhcs.2018.12.004","article-title":"Persuasion: how phishing emails can influence users and bypass security measures","volume":"125","year":"2019","journal-title":"International Journal of Human-Computer Studies"},{"key":"key2021080202132078600_ref009","doi-asserted-by":"publisher","first-page":"9","DOI":"10.1109\/STAST.2015.10","article-title":"An analysis of social engineering principles in effective phishing","volume-title":"2015 Workshop on Socio-Technical Aspects in Security and Trust","year":"2015"},{"key":"key2021080202132078600_ref010","doi-asserted-by":"publisher","first-page":"36","DOI":"10.1007\/978-3-319-20376-8_4","article-title":"Principles of persuasion in social engineering and their use in phishing","volume-title":"Proceedings of the International Conference on Human Aspects of Information Security, Privacy, and Trust, HAS 2015","year":"2015"},{"key":"key2021080202132078600_ref011","unstructured":"Gragg, D. (2003), \u201cA multi-level defense against social engineering\u201d, available at: www.sans.org\/reading-room\/whitepapers\/engineering\/multi-level-defense-social-engineering-920"},{"issue":"1","key":"key2021080202132078600_ref012","first-page":"31","article-title":"A survey on social engineering and the art of deception","volume":"1","year":"2012","journal-title":"International Journal of Innovations in Engineering and Technology"},{"key":"key2021080202132078600_ref013","article-title":"Abusing phone numbers and cross-application features for crafting targeted attacks","year":"2015"},{"key":"key2021080202132078600_ref014","volume-title":"Social Engineering: The Art of Human Hacking","year":"2011"},{"issue":"4","key":"key2021080202132078600_ref015","doi-asserted-by":"publisher","first-page":"749","DOI":"10.1177\/001316446402400402","article-title":"A note on the G index of agreement","volume":"24","year":"1964","journal-title":"Educational and Psychological Measurement"},{"key":"key2021080202132078600_ref016","unstructured":"Kok, K.F. (2019), \u201cTruecaller insights: top 20 countries affected by spam calls and SMS in 2019\u201d, available at: https:\/\/truecaller.blog\/2019\/12\/03\/truecaller-insights-top-20-countries-affected-by-spam-calls-sms-in-2019\/"},{"key":"key2021080202132078600_ref017","unstructured":"Kok, K.F. (2020), \u201cTruecaller insights 2020 US spam and scam report\u201d, available at: https:\/\/truecaller.blog\/2020\/04\/16\/truecaller-insights-2020-us-spam-scam-report\/"},{"key":"key2021080202132078600_ref018","doi-asserted-by":"publisher","first-page":"1331","DOI":"10.1177\/1541931213601815","article-title":"Interaction of personality and persuasion tactics in email phishing attacks","volume-title":"Proceedings of the Human Factors and Ergonomics Society 2017 Annual Meeting","year":"2017"},{"key":"key2021080202132078600_ref019","doi-asserted-by":"publisher","first-page":"824","DOI":"10.1109\/CIT.2010.156","article-title":"Are the con artists back? A preliminary analysis of modern phone frauds","volume-title":"Proceedings of the 2010 10th IEEE International Conference on Computer and Information Technology (CIT 2010)","year":"2010"},{"key":"key2021080202132078600_ref020","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1109\/ISSA.2014.6950510","article-title":"Social engineering attack framework","volume-title":"2014 Information Security for South Africa, IEEE 2014","year":"2014"},{"key":"key2021080202132078600_ref021","volume-title":"An Introduction to Statistical Methods and Data Analysis","year":"2016","edition":"7th ed"},{"key":"key2021080202132078600_ref022","unstructured":"Pindrop (2017), \u201c2017 call center fraud report\u201d, available at: www.pindrop.com\/resources\/download\/report\/2017-call-center-fraud-report\/"},{"key":"key2021080202132078600_ref023","unstructured":"Proofpoint (2020), \u201c2020 State of the phish: an in-depth look at user awareness, vulnerability and resilience\u201d, available at: www.proofpoint.com\/us\/resources\/threat-reports\/state-of-phish"},{"issue":"3","key":"key2021080202132078600_ref024","doi-asserted-by":"publisher","first-page":"70","DOI":"10.1145\/1897852.1897872","article-title":"Understanding scam victims: seven principles for systems security","volume":"54","year":"2011","journal-title":"Communications of the Acm"},{"key":"key2021080202132078600_ref025","unstructured":"The Social Engineering Framework (SEF) (2019), available at: www.social-engineer.org\/framework\/general-discussion\/"},{"issue":"6","key":"key2021080202132078600_ref026","doi-asserted-by":"publisher","first-page":"1219","DOI":"10.1037\/a0037489","article-title":"Interrater agreement statistics with skewed data: evaluation of alternatives to Cohen\u2019s kappa","volume":"82","year":"2014","journal-title":"Journal of Consulting and Clinical Psychology"},{"key":"key2021080202132078600_ref027","doi-asserted-by":"publisher","first-page":"765","DOI":"10.1177\/1541931213601175","article-title":"A temporal analysis of persuasion principles in phishing emails","volume-title":"Proceedings of the Human Factors and Ergonomics Society 2016 Annual Meeting","year":"2016"}],"container-title":["Information &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-07-2020-0113\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-07-2020-0113\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:23:03Z","timestamp":1753406583000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/29\/2\/314-331\/117747"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,12,7]]},"references-count":28,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2020,12,7]]},"published-print":{"date-parts":[[2021,8,3]]}},"alternative-id":["10.1108\/ICS-07-2020-0113"],"URL":"https:\/\/doi.org\/10.1108\/ics-07-2020-0113","relation":{},"ISSN":["2056-4961","2056-4961"],"issn-type":[{"value":"2056-4961","type":"print"},{"value":"2056-4961","type":"print"}],"subject":[],"published":{"date-parts":[[2020,12,7]]}}}