How demographic and appearance cues of a potential social engineer influence trust perception and risk-taking among targets?

Abstract

Purpose The aim of this study is to investigate how the demographics and appearance cues of potential social engineers influence the likelihood that targets will trust them and accept security risk. Design/methodology/approach Data were collected through an online survey of 635 participants, including 322 participants from Arab countries and 313 participants from the UK. The survey presented scenarios with 16 personas who offered participants the use of their mobile internet hotspot. These personas were characterized by combinations of age (young vs aged), gender (male vs female), ethnicity (Arab vs UK) and look formality (casual vs formal). The study measured both participants’ offer acceptance and trust in the persona. Findings Results indicated a higher likelihood of offer acceptance from female and aged personas, as well as a greater trust in these groups. Arab participants showed a preference for personas with Arabian ethnic features. In both samples, trust and acceptance were influenced by the persona’s appearance, which was found to be gender-dependent; with female personas in casual attire and male personas in formal attire being trusted more in comparison to female with formal attire and male with informal, respectively. Practical implications Findings highlight the importance of incorporating awareness of appearance-based biases in cybersecurity training, suggesting the need for culturally sensitive training programs to enhance defense against social engineering. Originality/value This study distinguishes itself by elucidating the influence of social engineers’ demographic and appearance cues on the likelihood of individuals to take security risks, thus addressing a significant gap in the literature which has traditionally emphasized the profiles of targets.