How do gender and age similarities with a potential social engineer influence one's trust and willingness to take security risks?
Israa Abuelezz,Mahmoud Barhamgi,Sameha Alshakhsi,Ala Yankouskaya,Armstrong Nhlabatsi,Khaled M. Khan,Raian Ali
DOI: https://doi.org/10.1007/s10207-024-00954-5
2024-12-17
International Journal of Information Security
Abstract:This study investigates how age and gender similarity between individuals and potential social engineers affect the individuals' trust and risk-taking behaviors. We crafted and face validated 16 personas, varying in demographics and visual cues, and inquired whether participants would agree to use each persona's offer to connect to the internet via their personal mobile hotspot, as well as the degree of trust they placed in the persona's intentions. Individuals were informed about the potential risks associated with using another person's mobile hotspot and that the person offering can be, but not necessarily, malicious. Data from 635 participants (322 Arabs and 313 British) were collected through an online survey. Participants were categorized by gender into male and female groups, and by age into two groups: early adulthood (18–35 years) and middle adulthood (36–59 years). Our results showed a correlation between trust and offer acceptance across all participant groups except for British females in middle adulthood. Additionally, participants, regardless of their gender and age groups, exhibited greater trust and acceptance towards personas who were female or older. Arab sample did not indicate a significant gender preference in aged personas; however, the British early adulthood group displayed a significant inclination towards accepting the offer from aged female personas over aged male personas. While demographic similarity between the potential manipulator personas and participants did not significantly impact the participants trust and risk-taking, our study uncovered differences in trust and offer acceptance when both age and gender demographics were considered together, suggesting nuanced effects of demographic matching and mismatching on taking security risks. These findings underscore the importance of incorporating bias awareness and debiasing techniques to reduce high reliance on demographic or cultural stereotypes.
computer science, information systems, theory & methods, software engineering