Harnessing Large Language Models to Simulate Realistic Human Responses to Social Engineering Attacks: A Case Study

The research publication, “Generative Agents: Interactive Simulacra of Human Behavior,” by Stanford and Google in 2023 established that large language models (LLMs) such as GPT-4 can generate interactive agents with credible and emergent human-like behaviors. However, their application in simulating human responses in cybersecurity scenarios, particularly in social engineering attacks, remains unexplored. In addressing that gap, this study explores the potential of LLMs, specifically the Open AI GPT-4 model, to simulate a broad spectrum of human responses to social engineering attacks that exploit human social behaviors, framing our primary research question: How does the simulated behavior of human targets, based on the Big Five personality traits, responds to social engineering attacks? . This study aims to provide valuable insights for organizations and researchers striving to systematically analyze human behavior and identify prevalent human qualities, as defined by the Big Five personality traits, that are susceptible to social engineering attacks, specifically phishing emails. Also, it intends to offer recommendations for the cybersecurity industry and policymakers on mitigating these risks. The findings indicate that LLMs can provide realistic simulations of human responses to social engineering attacks, highlighting certain personality traits as more susceptible

Is there a cybercriminal personality? Comparing cyber offenders and offline offenders on HEXACO personality domains and their underlying facets

Cyberspace creates opportunities for new forms of crime that may be related to specific personality characteristics of offenders. Few studies have investigated the personality characteristics of cyber offenders. We address this gap by comparing a judicial sample of 261 suspects of cyber-dependent crime, 260 suspects of offline crime, and a community sample of 512 participants on the HEXACO personality domains and their underlying facets. This provides a nuanced picture of the cybercriminal personality and could provide information for prevention and intervention programs. Results indicate that, compared to suspects of offline crime, suspected cyber offenders score significantly lower on extraversion and significantly higher on conscientiousness and openness to experience. Cyber offenders are more similar to community participants on these main personality domains. With regard to the underlying facets, suspected cyber offenders appear to be unique in their relatively high level of diligence. They are more similar to suspected offline offenders on traits that may help them perform criminal activities, such as lower levels of modesty, fearfulness, and flexibility. They are more similar to the community sample, however, on traits that may strengthen their ability or tendency to commit cyber offenses, such as higher levels of patience, perfectionism, and prudence

Evidence of personality traits on phishing attack menace among selected university undergraduates in Nigerian

Access ease, mobility, portability, and improved speed have continued to ease the adoption of computing devices; while, consequently proliferating phishing attacks. These, in turn, have created mixed feelings in increased adoption and nosedived users’ trust level of devices. The study recruited 480-students, who were exposed to socially-engineered attack directives. Attacks were designed toretrieve personal dataand entice participants to access compromised links. Wesought to determine the risks of cybercrimes among the undergraduates in selected Nigerian universities, observe students’ responses and explore their attitudes before/after each attack. Participants were primed to remain vigilant to all forms of scams as WE sought to investigate attacks’ influence on gender, students’ status, and age to perceived safety on susceptibility to phishing. Results show that contrary to public beliefs, age, status, and gender were not among the factors associated with scam susceptibility and vulnerability rates of the participants. However, the study reports decreased user trust levels in the adoption of these new, mobile computing devices

Risk factors for social networking site scam victimisation amongst Malaysian students

Prior evidence suggests that board independence may enhance financial performance, but this relationship has been tested almost exclusively for Anglo-American countries. To explore the boundary conditions of this prominent governance mechanism, we examine the impact of the formal and information institutions of 18 national business systems (Whitley, 1999) on the board independence-financial performance relationship. Our results show that while the direct effect of independence is weak, national-level institutions significantly moderate the independence-performance relationship. Our findings suggest that the efficacy of board structures is likely to be contingent on the specific national context, but the type of legal system is insignificant

A Psychosocial Behavioral Attribution Model: Examining the Relationship Between the “Dark Triad” and Cyber-Criminal Behaviors Impacting Social Networking Sites

This study proposes that individual personality characteristics and behavioral triggering effects come together to motivate online victimization. It draws from psychology’s current understanding of personality traits, attribution theory, and criminological research. This study combines the current computer deviancy and hacker taxonomies with that of the Dark Triad model of personality mapping. Each computer deviant behavior is identified by its distinct dimensions of cyber-criminal behavior (e.g., unethical hacking, cyberbullying, cyberstalking, and identity theft) and analyzed against the Dark Triad personality factors (i.e., narcissism, Machiavellianism, and psychopathy). The goal of this study is to explore whether there are significant relationships among the Dark Triad personality traits and specific cyber-criminal behaviors within social network sites (SNSs). The study targets offensive security engineers and computer deviants from specific hacker conferences and from websites that discuss or promote computer deviant behavior (e.g., hacking). Additional sampling is taken from a general population of SNS users. Using a snowball sampling method, 235 subjects completed an anonymous, self-report survey that includes items measuring computer deviance, personality traits, and demographics. Results yield that there was no significant relationship between Dark Triad and cyber-criminal behaviors defined in the perceived hypotheses. The final chapter of the study summarizes the results and discusses the mechanisms potentially underlying the findings. In the context of achieving the latter objective, exploratory analyses are incorporated and partly relied upon. It also includes a discussion concerning the implications of the findings in terms of providing theoretical insights on the Dark Triad traits and cyber-criminal behaviors more generally

Re-Thinking Online Offenders’ SKRAM: Individual Traits and Situational Motivations as Additional Risk Factors for Predicting Cyber Attacks

Cyber security experts in the U.S. and around the globe assess potential threats to their organizations by evaluating potential attackers’ skills, knowledge, resources, access to the target organization and motivation to offend (i.e. SKRAM). Unfortunately, this model fails to incorporate insights regarding online offenders’ traits and the conditions surrounding the development of online criminal event. Drawing on contemporary criminological models, we present a theoretical rationale for revising the SKRAM model. The revised model suggests that in addition to the classical SKRAM components, both individual attributes and certain offline and online circumstances fuel cyber attackers’ motivation to offend, and increase the probability that a cyber-attack will be launched against an organization. Consistent with our proposed model, and its potential in predicting the occurrence of different types of cyber-dependent crimes against organizations, we propose that Information Technology professionals’ efforts to facilitate safe computing environments should design new approaches for collecting indicators regarding attackers’ potential threat, and predicting the occurrence and timing of cyber-dependent crimes

Personality Types and Ransomware Victimisation

Ransomware remains one of the most prevalent cyberthreats to individuals and businesses alike. Psychological techniques are often employed by attackers when infecting victims’ devices with ransomware, in an attempt to increase the likelihood of the victims paying the ransom demand. At the same time, cybersecurity researchers are continually putting in effort to find new ways to prevent ransomware infections and victimisation from happening. Since employees and contractors are often considered to be the most frequent and well-known attack vectors, it makes sense to focus on them. Identifying factors to predict the most vulnerable population to cyberattacks can be useful in preventing or mitigating the impact of ransomware attacks. Additionally, understanding victims’ psychological traits can help us devise better solutions to recover from the attack more effectively, while at the same time, encouraging victims not to pay the ransom demand to cybercriminals. In this paper, we investigated the relationship between personality types and ransomware victimisation, in order to understand whether people with certain personality types would be more prone to becoming a ransomware victim or not. We also studied the behavioural and psychological effects of becoming a ransomware victim, in an attempt to see whether such an experience can be used to reinforce positive cybersecurity behaviours in the future. We carried out a survey involving 880 participants, recruited through the Prolific online survey platform. First, these participants were asked to answer a set of standard questions to determine their personality type, using the Big-Five personality trait indicators. They were then asked to answer several follow-up questions regarding victimisation, as well as their feelings and views post-victimisation. We found that 9.55% (n=84) of the participants had been a victim of ransomware. Out of these, 2.38% (n=2) were found to have paid the ransom. We found no compelling evidence to suggest that personality traits would influence ransomware victimisation. In other words, there are no discernible differences regarding potential ransomware victimisation based on people’s personality types alone. Therefore, we should not blame victims for falling prey – in particular, we should not apportion the blame to their personality type. These findings can be used to improve positive cybersecurity behaviours, for example, by encouraging victims to invest more in cybersecurity products and tools. Additionally, our results showed that the aftermath of a ransomware attack could be quite devastating and hard to deal with for many victims. Finally, our research shows that properly dealing with ransomware is a complex socio-technical challenge that requires both technical and psychological support

Conceptualizing human resilience in the face of the global epidemiology of cyber attacks

Computer security is a complex global phenomenon where different populations interact, and the infection of one person creates risk for another. Given the dynamics and scope of cyber campaigns, studies of local resilience without reference to global populations are inadequate. In this paper we describe a set of minimal requirements for implementing a global epidemiological infrastructure to understand and respond to large-scale computer security outbreaks. We enumerate the relevant dimensions, the applicable measurement tools, and define a systematic approach to evaluate cyber security resilience. From the experience in conceptualizing and designing a cross-national coordinated phishing resilience evaluation we describe the cultural, logistic, and regulatory challenges to this proposed public health approach to global computer assault resilience. We conclude that mechanisms for systematic evaluations of global attacks and the resilience against those attacks exist. Coordinated global science is needed to address organised global ecrime