An Examination in Social Engineering: The Susceptibility of Disclosing Private Security Information in College Students
View Rachel's project online
Social sciences often include qualitative or quantitative research methods similar to those used by the "hard" sciences, but may also involve more traditional library research in the form of a literature review.
This award is generously sponsored by John H. Livingstone, SBM ’49.
While security technology can be nearly impenetrable, the people behind the computer screens are often easily manipulated, which makes the human factor the biggest threat to cybersecurity. This study examined whether college students disclosed private information about themselves, and what type of information they shared. The study utilized pretexting, in which attackers impersonate individuals in certain roles and often involves extensive research to ensure credibility. The goal of pretexting is to create situations where individuals feel safe releasing information that they otherwise might not.
The pretexts used for this study were based on the natural inclination to help, where people tend to want to help those in need, and reciprocity, where people tend to return favors given to them. Participants (N=51) answered survey questions that they thought were for a good cause or that would result in a reward. This survey asked for increasingly sensitive information that could be used maliciously to gain access to identification, passwords, or security questions. Upon completing the survey, participants were debriefed on the true nature of the study and were interviewed about why they were willing to share information via the survey.
Some of the most commonly skipped questions included “Student ID number” and “What is your mother’s maiden name?” General themes identified from the interviews included the importance of similarities between the researcher and the subject, the researcher’s adherence to the character role, the subject’s awareness of question sensitivity, and the overall differences between online and offline disclosure. Findings suggest that college students are more likely to disclose private information if the attacker shares a similar trait with the target or if the attacker adheres to the character role they are impersonating. Additionally, this study sheds light on the research limitations, emphasizes the relevance of the human factor in security and privacy, and offers recommendations for future research.
What is your major and expected year of graduation?
Criminal justice, May 2020
What inspired you to pursue your project?
I took a computer crime class where I first learned about my project’s topic of social engineering. I had a stipend to complete summer research and the class inspired me to pursue social engineering further.
What does winning this award mean to you?
I am honored to win this award alongside many other great projects from this year and previous years. I am glad there is recognition for projects specifically in the field of the social sciences. I am also very appreciative of the attention to undergraduate research. This type of support encourages people to explore research and directs people to career paths they otherwise may not have discovered.
How did the Libraries support your research?
The Libraries provided me with the resources I needed to write my literature review. It helped me to find the articles and references that I needed for my paper and ensured me that I had reliable sources. Through the library’s online databases and search engine, I gained all the background information I needed to complete my project and fully develop my research idea.
Rachel Bleiman’s project is significant as it examines college students’ behaviors and actions when managing their identities and data. Rachel found that students are more likely to disclose their sensitive information when subjected to social engineering techniques (using psychological persuasion strategies to manipulate human behavior). Rachel designed and implemented a field research study, analyzed her field notes through a social engineering lens, and even first-authored a paper in the proceedings of the International Conference on Cyber Warfare and Security! She also presented this research at the undergraduate track at the 2019 NSF Secure and Trustworthy Cyberspace yearly PI meeting.
—Aunshul Rege, Associate Professor in the Department of Criminal Justice