Home > Research > Publications & Outputs > Triggering Empathy out of Malicious Intent: The...

Links

Text available via DOI:

View graph of relations

Triggering Empathy out of Malicious Intent: The Role of Empathy in Social Engineering Attacks

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Published
Close
Publication date18/05/2023
Host publicationProceedings of the 2nd Empathy-Centric Design Workshop, EmpathiCH 2023 - Collocated with ACM CHI Conference on Human Factors in Computing Systems
PublisherAssociation for Computing Machinery (ACM)
Pages1-6
Number of pages6
ISBN (electronic)9798400707490
<mark>Original language</mark>English
EventEMPATHICH '23:: EmpathiCH Workshop - Hamburg, Germany
Duration: 23/04/202323/04/2023

Conference

ConferenceEMPATHICH '23:
Country/TerritoryGermany
CityHamburg
Period23/04/2323/04/23

Publication series

NameACM International Conference Proceeding Series

Conference

ConferenceEMPATHICH '23:
Country/TerritoryGermany
CityHamburg
Period23/04/2323/04/23

Abstract

Social engineering is a popular attack vector among cyber criminals. During such attacks, impostors often attempt to trigger empathy to manipulate victims into taking dangerous actions, for example, sharing their credentials or clicking on malicious email attachments. The objective of this position paper is to initiate a conversation on the tension between positive and negative aspects of empathy in HCI as it pertains to security-relevant behaviors. To this end, we focus on the malicious ways in which empathy can be instrumentalized in social engineering. We describe examples of such empathy-related social engineering attacks, explore potential solutions (including the automated detection of empathy-triggering communication, or of empathetic communication on the part of a potential victim), and discuss technical, social as well as organizational interventions. We highlight research challenges and directions for future work.