Catch Me if You Can : "Delaying" as a Social Engineering Technique in the Post-Attack Phase. Alizadeh, F., Stevens, G., Jakobi, T., & Krüger, J. Proceedings of the ACM on Human-Computer Interaction, 7(CSCW1):32:1–32:25, April, 2023. ![Catch Me if You Can : "Delaying" as a Social Engineering Technique in the Post-Attack Phase [link]](https://bibbase.org/img/filetypes/link.svg "link")
Paper doi abstract bibtex Much is known about social engineering strategies (SE) during the attack phase, but little is known about the post-attack period. To address this gap, we conducted 17 narrative interviews with victims of cyber fraud. We found that while it was seen to be important for victims to act immediately and to take countermeasures against attack, they often did not do so. In this paper, we describe this "delay" in victims' responses as entailing a period of doubt and trust in good faith. The delay in victim response is a direct consequence of various SE techniques, such as exploiting prosocial behavior with subsequent negative effects on emotional state and interpersonal relationships. Our findings contribute to shaping digital resistance by helping people identify and overcome delay techniques to combat their inaction and paralysis.
@article{alizadeh_catch_2023,
title = {Catch {Me} if {You} {Can} : "{Delaying}" as a {Social} {Engineering} {Technique} in the {Post}-{Attack} {Phase}},
volume = {7},
shorttitle = {Catch {Me} if {You} {Can}},
url = {https://dl.acm.org/doi/10.1145/3579465},
doi = {10.1145/3579465},
abstract = {Much is known about social engineering strategies (SE) during the attack phase, but little is known about the post-attack period. To address this gap, we conducted 17 narrative interviews with victims of cyber fraud. We found that while it was seen to be important for victims to act immediately and to take countermeasures against attack, they often did not do so. In this paper, we describe this "delay" in victims' responses as entailing a period of doubt and trust in good faith. The delay in victim response is a direct consequence of various SE techniques, such as exploiting prosocial behavior with subsequent negative effects on emotional state and interpersonal relationships. Our findings contribute to shaping digital resistance by helping people identify and overcome delay techniques to combat their inaction and paralysis.},
number = {CSCW1},
urldate = {2023-04-20},
journal = {Proceedings of the ACM on Human-Computer Interaction},
author = {Alizadeh, Fatemeh and Stevens, Gunnar and Jakobi, Timo and Krüger, Jana},
month = apr,
year = {2023},
keywords = {comping strategies, cybercrime, digital resilience, post-attack, social computing, social engineering, usable security, user behavior, victim's vulnerabilities},
pages = {32:1--32:25},
}
Downloads: 0
{"_id":"k7SW5fdnHJnebhFnA","bibbaseid":"alizadeh-stevens-jakobi-krger-catchmeifyoucandelayingasasocialengineeringtechniqueinthepostattackphase-2023","author_short":["Alizadeh, F.","Stevens, G.","Jakobi, T.","Krüger, J."],"bibdata":{"bibtype":"article","type":"article","title":"Catch Me if You Can : \"Delaying\" as a Social Engineering Technique in the Post-Attack Phase","volume":"7","shorttitle":"Catch Me if You Can","url":"https://dl.acm.org/doi/10.1145/3579465","doi":"10.1145/3579465","abstract":"Much is known about social engineering strategies (SE) during the attack phase, but little is known about the post-attack period. To address this gap, we conducted 17 narrative interviews with victims of cyber fraud. We found that while it was seen to be important for victims to act immediately and to take countermeasures against attack, they often did not do so. In this paper, we describe this \"delay\" in victims' responses as entailing a period of doubt and trust in good faith. The delay in victim response is a direct consequence of various SE techniques, such as exploiting prosocial behavior with subsequent negative effects on emotional state and interpersonal relationships. Our findings contribute to shaping digital resistance by helping people identify and overcome delay techniques to combat their inaction and paralysis.","number":"CSCW1","urldate":"2023-04-20","journal":"Proceedings of the ACM on Human-Computer Interaction","author":[{"propositions":[],"lastnames":["Alizadeh"],"firstnames":["Fatemeh"],"suffixes":[]},{"propositions":[],"lastnames":["Stevens"],"firstnames":["Gunnar"],"suffixes":[]},{"propositions":[],"lastnames":["Jakobi"],"firstnames":["Timo"],"suffixes":[]},{"propositions":[],"lastnames":["Krüger"],"firstnames":["Jana"],"suffixes":[]}],"month":"April","year":"2023","keywords":"comping strategies, cybercrime, digital resilience, post-attack, social computing, social engineering, usable security, user behavior, victim's vulnerabilities","pages":"32:1–32:25","bibtex":"@article{alizadeh_catch_2023,\n\ttitle = {Catch {Me} if {You} {Can} : \"{Delaying}\" as a {Social} {Engineering} {Technique} in the {Post}-{Attack} {Phase}},\n\tvolume = {7},\n\tshorttitle = {Catch {Me} if {You} {Can}},\n\turl = {https://dl.acm.org/doi/10.1145/3579465},\n\tdoi = {10.1145/3579465},\n\tabstract = {Much is known about social engineering strategies (SE) during the attack phase, but little is known about the post-attack period. To address this gap, we conducted 17 narrative interviews with victims of cyber fraud. We found that while it was seen to be important for victims to act immediately and to take countermeasures against attack, they often did not do so. In this paper, we describe this \"delay\" in victims' responses as entailing a period of doubt and trust in good faith. The delay in victim response is a direct consequence of various SE techniques, such as exploiting prosocial behavior with subsequent negative effects on emotional state and interpersonal relationships. Our findings contribute to shaping digital resistance by helping people identify and overcome delay techniques to combat their inaction and paralysis.},\n\tnumber = {CSCW1},\n\turldate = {2023-04-20},\n\tjournal = {Proceedings of the ACM on Human-Computer Interaction},\n\tauthor = {Alizadeh, Fatemeh and Stevens, Gunnar and Jakobi, Timo and Krüger, Jana},\n\tmonth = apr,\n\tyear = {2023},\n\tkeywords = {comping strategies, cybercrime, digital resilience, post-attack, social computing, social engineering, usable security, user behavior, victim's vulnerabilities},\n\tpages = {32:1--32:25},\n}\n\n\n\n","author_short":["Alizadeh, F.","Stevens, G.","Jakobi, T.","Krüger, J."],"key":"alizadeh_catch_2023","id":"alizadeh_catch_2023","bibbaseid":"alizadeh-stevens-jakobi-krger-catchmeifyoucandelayingasasocialengineeringtechniqueinthepostattackphase-2023","role":"author","urls":{"Paper":"https://dl.acm.org/doi/10.1145/3579465"},"keyword":["comping strategies","cybercrime","digital resilience","post-attack","social computing","social engineering","usable security","user behavior","victim's vulnerabilities"],"metadata":{"authorlinks":{}}},"bibtype":"article","biburl":"https://bibbase.org/zotero-group/WinemeCSCW/2912317","dataSources":["2aZf3F3Kjs6p26m56"],"keywords":["comping strategies","cybercrime","digital resilience","post-attack","social computing","social engineering","usable security","user behavior","victim's vulnerabilities"],"search_terms":["catch","delaying","social","engineering","technique","post","attack","phase","alizadeh","stevens","jakobi","krüger"],"title":"Catch Me if You Can : \"Delaying\" as a Social Engineering Technique in the Post-Attack Phase","year":2023}