Suspicious Minds: Psychological Techniques Correlated with Online Phishing Attacks

Phishing remains a pervasive threat to information security, leveraging human psychology to manipulate
individuals into disclosing sensitive information or performing actions against their best interests. This study
presents a comprehensive taxonomy and analysis of psychological techniques utilized in social engineering,
introducing novel metrics such as Absolute Compliance Increase Rate (ACR), Relative Compliance Increase Rate
(RCR), and Comprehensive Compliance Increase Rate (CCR) to quantify their effectiveness. Our methodology
involved a systematic review of existing literature and empirical data from psychological experiments to
evaluate and compare the effectiveness of various techniques, including Authority, Commitment & Consistency,
Reciprocity, and Group Pressure. The findings indicate that the Majority Size technique, measured by
CCR, is particularly potent in scenarios with low initial compliance rates, while Authority, Commitment &
Consistency, and Reciprocity also demonstrate high effectiveness. These insights enhance the understanding of
the mechanics of social engineering techniques, enabling the development of more effective countermeasures
against social engineering attacks.