Social Engineering via Personality Psychology - Bypassing Users Based on Their Personality Pattern To Raise Security Awareness

Abstract

In this research, we applied personality psychology within Social Engineering to raise security awareness and identify the awareness level of the Dominance, Influence, Steadiness, and Conscientiousness (DiSC) Personality Model of William Moulton Marston, 1928. By convincing people to click a scam but safe URL through an email message (URL Phishing) phrased to be convincing based on every person's personality pattern, we were able to effectively conduct this pilot study. This URL forwards the user (or victim) to a safe landing page with a security warning, and countermeasures suggested by the U.S. Department of Homeland Security to apply to avoid falling victim to similar attacks, thus raising security awareness. The first goal of this work was to build and analyze a data set of 86 applicants' that contained their name, age, gender, email, and personality pattern. This information was collected through the RBYG TEST by Abdulateef Al-Bustani, 2020, a short personality test of 3 precisely made questions. Accordingly, based on each applicant's behavioral pattern, several social engineering attack scenarios were applied in two stages, Attack 1 & Attack 2, and vulnerability scores were recorded to identify the awareness level of all behavioral patterns in the DiSC Personality Model. We concluded that the most secure personality pattern with the highest awareness level is “Y” / “Influence”, then “B” / “Conscientious”, then “G” / “Stability”, and the weakest is “R”/ “Dominance”. The results of this study can be used as a guide for organizations to raise security awareness, especially for people with the lowest awareness level.