Abstract
Social engineering is a popular attack vector among cyber criminals. During such attacks, impostors often attempt to trigger empathy to manipulate victims into taking dangerous actions, for example, sharing their credentials or clicking on malicious email attachments. The objective of this position paper is to initiate a conversation on the tension between positive and negative aspects of empathy in HCI as it pertains to security-relevant behaviors. To this end, we focus on the malicious ways in which empathy can be instrumentalized in social engineering. We describe examples of such empathy-related social engineering attacks, explore potential solutions (including the automated detection of empathy-triggering communication, or of empathetic communication on the part of a potential victim), and discuss technical, social as well as organizational interventions. We highlight research challenges and directions for future work.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of the 2nd Empathy-Centric Design Workshop, EmpathiCH 2023 - Collocated with ACM CHI Conference on Human Factors in Computing Systems |
| Publisher | ACM |
| ISBN (Electronic) | 9798400707490 |
| DOIs | |
| Publication status | Published - 23 Apr 2023 |
| MoE publication type | A4 Conference publication |
| Event | Empathy-Centric Design Workshop - Hamburg, Germany Duration: 23 Apr 2023 → 23 Apr 2023 Conference number: 2 |
Conference
| Conference | Empathy-Centric Design Workshop |
|---|---|
| Abbreviated title | EmpathiCH |
| Country/Territory | Germany |
| City | Hamburg |
| Period | 23/04/2023 → 23/04/2023 |
Keywords
- Empathy
- Security
- Social Engineering