PSYCHOLOGICAL METHODS OF FRAUD IN CYBERSPACE AND WAYS TO COUNTER THEM
DOI:
https://doi.org/10.28925/2663-4023.2025.30.990Keywords:
social engineering, psychological manipulation, cybersecurity, phishing, vishing, information security, artificial intelligence, protection against fraud.Abstract
The article examines the methods of social engineering used by attackers to gain unauthorized access to confidential information and manipulate the behavior of victims. The main types of attacks, such as phishing, vishing, smishing, pretexting, spear-phishing and whaling, as well as their features, implementation mechanisms and methods of deceiving users, are considered. Particular attention is paid to the psychological aspects of social engineering, including the influence of fear, trust, urgency, social proof and cognitive biases on the decision-making process. Modern approaches to protection against social engineering attacks are outlined, which include a combination of technological and educational methods. Measures are proposed to increase the digital literacy of users, develop information security policies, use multi-factor authentication, user behavior analysis systems and artificial intelligence to detect threats. Particular attention is paid to the use of large language models to identify fraudulent schemes and automate cybersecurity. The results of the study indicate the need for a comprehensive approach to protection against social engineering attacks, which involves synergy between technological tools and the human factor. The proposed recommendations are aimed at minimizing risks and increasing the overall level of security in the digital environment.
Downloads
References
Zaoui, M., Yousra, B., Yassine, S., Yassine, M., & Karim, O. (2024). A comprehensive taxonomy of social engineering attacks and defense mechanisms: Toward effective mitigation strategies. IEEE Access, 12, 72224–72241. https://doi.org/10.1109/ACCESS.2024.3403197
Mokhor, V. V., Tsurkan, O. V., Herasymov, R. P., & Tsurkan, V. V. (2017). Information security assessment of computer systems by socio-engineering approach. In Selected Papers of the XVII International Scientific and Practical Conference “Information Technologies and Security” (pp. 92–98). Kyiv.
Analysis of the cyber attack on the Ukrainian power grid. (2019).
Edwards, M., Larson, R., Green, B., Rashid, A., & Baron, A. (2017). Panning for gold: Automatically analyzing online social engineering attack surfaces. Computers & Security, 69, 18–34. https://doi.org/10.1016/j.cose.2017.05.003
Fathollahi-Fard, M. A., Hajiaghaei-Keshteli, M., & Tavakkoli-Moghaddam, R. (2018). The social engineering optimizer (SEO). Engineering Applications of Artificial Intelligence, 72, 267–293. https://doi.org/10.1016/j.engappai.2018.04.006
Mouton, F., Leenen, L., & Vente, H. (2016). Social engineering attack examples, templates and scenarios. Computers & Security, 59, 186–209. https://doi.org/10.1016/j.cose.2016.02.008
Engebretson, P. (2013). The basics of hacking and penetration testing. Elsevier.
Heartfield, R., & Loukas, G. (2018). Detecting semantic social engineering attacks with the weakest link: Implementation and empirical evaluation of a human-as-a-security-sensor framework. Computers & Security, 76, 101–127. https://doi.org/10.1016/j.cose.2018.02.010
Thomas, V. (2014). Building an information security awareness program. Elsevier.
Ghafir, I., Prenosil, V., Alhejailan, A., & Hammoudeh, M. (2016). Social engineering attack strategies and defense approaches. In Proceedings of the IEEE 4th International Conference on Future Internet of Things and Cloud (pp. 145–149). Vienna, Austria. https://doi.org/10.1109/FiCloud.2016.27
Mitnick Security. (2022). The top 5 most famous social engineering attacks of the last decade. https://www.mitnicksecurity.com/blog/the-top-5-most-famous-social-engineering-attacks-of-the-last-decade
Infosec Institute. (n.d.). The top ten most famous social engineering attacks. https://www.infosecinstitute.com/resources/security-awareness/the-top-ten-most-famous-social-engineering-attacks
PhoenixNAP. (n.d.). Examples of social engineering attacks. https://phoenixnap.com/blog/social-engineering-examples
Krombholz, K., Hobel, H., Huber, M., & Weippl, E. (2014). Advanced social engineering attacks. Journal of Information Security and Applications, 19(3), 183–194. https://doi.org/10.1016/j.jisa.2014.09.005
Marchenko, O. I. (2021). Data processing algorithms for cybersecurity. Vinnytsia: VNTU.
Lytvynenko, V. A. (2023). Use of artificial intelligence in information security. Kyiv: NASU Publishing House.
World Economic Forum. (2024, February). Deepfake scam: Employee tricked into transferring $25 million during video call. https://www.weforum.org/stories/2025/02/deepfake-ai-cybercrime-arup
Sydorenko, I. G. (2021). Psychology of social engineering: Mechanisms and protection. Kharkiv: Kharkiv University.
Pashko, V. K. (2022). Information technologies: Fundamentals and applications. Ternopil: TNTU.
Bily, A. S. (2020). Information protection in computer networks. Zaporizhzhia: ZNU.
Kolesnyk, D. O. (2021). Cybersecurity in the context of digital transformation. Lutsk: LNTU.
Shevchenko, R. P. (2022). Modeling information security threats. Sumy: SumDU.
Stetsenko, N. G. (2020). Information culture and cybersecurity. Kherson: KhDU.
Golub, O. V. (2023). Integration of large language models into security systems. Mykolaiv: MNU.
Trellix. (2023). Trellix 2024 threat predictions. https://www.trellix.com/about/newsroom/stories/research/trellix-2024-threat-predictions
Tripathi, S. (2023). Underground development of malicious LLMs. https://www.trellix.com/about/newsroom/stories/research/trellix-2024-threat-predictions
Ajeeth, S. (2023). The resurrection of script kiddies. https://www.trellix.com/about/newsroom/stories/research/trellix-2024-threat-predictions
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Олег Гарасимчук, Юлія Оліярник, Андрій Нестор, Тарас Наконечний
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
