Training Users to Recognize Persuasion Techniques in Vishing Calls

Abstract

Voice-based phishing attacks, in which a scammer uses social engineering techniques over a phone call to convince victims to divulge sensitive information, cause losses of several million dollars. We present a pilot study of a novel intervention that trains users to recognize phishing calls by identifying the persuasion principles used by the scammer. The training is implemented via a Whatsapp chatbot that includes example audio recordings and exercises of scam calls, and how the scammer employs the principle of authority in order to persuade the victim. 50 students from a university participated in the persuasion principles training. We then conducted a simulated vishing call a few days later to test how well the participants recognize the call compared to a control group (also 50 students) that was only given a general awareness training, and was not specifically trained to recognize authority via chatbot exercises. We also conducted interviews with participants from both the groups to understand the perceived usefulness of the training.