TY - JOUR
T1 - Vulnerability to Social Engineering Across Digital User Generations: A Dual-Theory Approach
AU - Viana, José Augusto Lopes
AU - Porto-Bellini, Carlo G.
AU - Oguz, Abdullah
AU - Pereira, Rita de Cássia de Faria
PY - 2025/3/1
Y1 - 2025/3/1
N2 - Cybersecurity studies lack data on the relative vulnerability of user generations of information and communication technologies (ICTs) to social engineering, i.e., to ill-intentioned ICT-mediated actions aimed at stealing one’s private information by means of deception strategies. To fill this gap, we draw on three frameworks about vulnerability to social engineering and develop a process model inspired by the routine activity theory and the source-path-goal metaphor. We also developed a psychometric instrument to measure vulnerability, with which we collected data from 306 ICT users ranging from 16 to 85 years of age to analyze whether social engineers take advantage of inequalities among ICT user generations. Contrary to established knowledge, older adults did not manifest statistically significant greater vulnerability than younger ones to ICT-mediated social engineering attacks. The reasons are arguably related to five enablers of personal security awareness, as follows: (i) the intensive use of ICTs by people of all ages in contemporary society, (ii) older adults’ greater wisdom, crystallized intelligence, and mindfulness, (iii) greater abstract reasoning and foresight developed through professional life, (iv) formal education, and (v) massively available information about social engineering.
AB - Cybersecurity studies lack data on the relative vulnerability of user generations of information and communication technologies (ICTs) to social engineering, i.e., to ill-intentioned ICT-mediated actions aimed at stealing one’s private information by means of deception strategies. To fill this gap, we draw on three frameworks about vulnerability to social engineering and develop a process model inspired by the routine activity theory and the source-path-goal metaphor. We also developed a psychometric instrument to measure vulnerability, with which we collected data from 306 ICT users ranging from 16 to 85 years of age to analyze whether social engineers take advantage of inequalities among ICT user generations. Contrary to established knowledge, older adults did not manifest statistically significant greater vulnerability than younger ones to ICT-mediated social engineering attacks. The reasons are arguably related to five enablers of personal security awareness, as follows: (i) the intensive use of ICTs by people of all ages in contemporary society, (ii) older adults’ greater wisdom, crystallized intelligence, and mindfulness, (iii) greater abstract reasoning and foresight developed through professional life, (iv) formal education, and (v) massively available information about social engineering.
KW - Cognition
KW - Crystallized intelligence
KW - Information security
KW - Technology use effectiveness
KW - Vulnerability
KW - Wisdom
UR - https://www.scopus.com/inward/record.uri?partnerID=HzOxMe3b&scp=105009349131&origin=inward
UR - https://www.scopus.com/inward/citedby.uri?partnerID=HzOxMe3b&scp=105009349131&origin=inward
U2 - 10.1057/s41284-025-00498-w
DO - 10.1057/s41284-025-00498-w
M3 - Article
SN - 0955-1662
VL - 38
JO - Security Journal
JF - Security Journal
IS - 1
M1 - 50
ER -