End User Mental Models of Social Engineering Attacks

It appears your Web browser is not configured to display PDF files. Download adobe Acrobat or click here to download the PDF file.

Click here to download the PDF file.


Kyi, Lin




How do end users understand social engineering attacks, and how do their mental models differ from reality? To investigate, we have proposed a new social engineering attack framework, and ran two studies using the framework as the foundation. In the first study, we conducted 30 interviews to investigate social engineering mental models, and found that confidence and accuracy are underlying themes that affect users' mental models. In the second survey, we quantified how confidence and accuracy impact mental models at different stages of an attack. We found that users tend to be overconfident in their ability to understand social engineering attacks, but hold inaccurate beliefs. They hold major misconceptions of what constitutes as social engineering, and the threat levels of these attacks. Based on our results, we have proposed various educational and design opportunities to match social engineering mitigation strategies to end user mental models of social engineering.


Computer Science




Carleton University

Thesis Degree Name: 

Master of Arts: 

Thesis Degree Level: 


Thesis Degree Discipline: 

Human-Computer Interaction

Parent Collection: 

Theses and Dissertations

Items in CURVE are protected by copyright, with all rights reserved, unless otherwise indicated. They are made available with permission from the author(s).