Analysis of Vulnerabilities Associated with Social Engineering Attacks Based on User Behavior

Eduardo Benavides-Astudillo, Luis Silva-Ordoñez, Ronny Rocohano-Rámos, Walter Fuertes, Félix Fernández-Peña, Sandra Sanchez-Gordon, Rodrigo Bastidas-Chalan

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

4 Scopus citations


One of the most effective attacks on cybersecurity is Social Engineering, in which the attacker deceives an end-user to steal its credentials and perpetrate cyber-crimes. There are hardware and software countermeasures to deal with these types of attacks. However, people themselves are the most vulnerable link in this security chain. In addition, there are influencing factors in people’s behavior, which make them more vulnerable. This study aims to determine the most common characteristics that make users vulnerable, either individually or in groups. For this, we conduct an exploratory and descriptive study on administrative, lecturers, and students of a higher education institution on four scales that consider the following behaviors: risk behavior, conservative behavior, exposure to offense, and perception of risk. The results obtained show that users with risky behavior are the most exposed to a Social Engineering attack. We also concluded that the analyzed groups of lecturers and administrators are less likely to be victims of these attacks than students. Finally, we inferred that people who spend more time in front of a computer and are more permissive of risky behaviors are more vulnerable to these attacks.

Original languageEnglish
Title of host publicationApplied Technologies - 3rd International Conference, ICAT 2021, Proceedings
EditorsMiguel Botto-Tobar, Sergio Montes León, Pablo Torres-Carrión, Marcelo Zambrano Vizuete, Benjamin Durakovic
PublisherSpringer Science and Business Media Deutschland GmbH
Number of pages14
ISBN (Print)9783031038839
StatePublished - 2022
Externally publishedYes
Event3rd International Conference on Applied Technologies, ICAT 2021 - Quito, Ecuador
Duration: 27 Oct 202129 Oct 2021

Publication series

NameCommunications in Computer and Information Science
Volume1535 CCIS
ISSN (Print)1865-0929
ISSN (Electronic)1865-0937


Conference3rd International Conference on Applied Technologies, ICAT 2021

Bibliographical note

Funding Information:
The authors would like to thank the Universidad de las Fuerzas Armadas-ESPE of Sangolquí, Ecuador, for the resources granted to develop the research project entitled: “Detection and Mitigation of Social Engineering attacks applying Cognitive Security”, coded as PIC-2020-SOCIAL-ENGINEERING.

Publisher Copyright:
© 2022, Springer Nature Switzerland AG.


  • Cybersecurity
  • Risk
  • Social Engineering
  • User behavior
  • Vulnerabilities

Cite this