A Framework Based on Personality Traits to Identify Vulnerabilities to Social Engineering Attacks

Currently, all users massively use digital devices connected to the Internet. Because of this overcrowding, the number of cybercriminals who use Social Engineering techniques to extract sensitive information from users also increased. The attackers take advantage of the personality traits of their victims, such as friendliness, ignorance of basic security measures, naivety, or overconfidence. To combat this type of attack, we have developed a Framework based on personality traits, allowing us to know which people are more vulnerable than others are. Faced with this scenario, the main aim of this study is to develop a tool that allows determining which people are most vulnerable to Social Engineering attacks. The methodological process consisted of first determining the most common traits of users related to vulnerability. Then, the personality traits of a surveyed group were determined. Finally, the most vulnerable traits were matched with the personality traits of the respondents. The personality traits in which our research was framed is known as the Five-Factor Model of personality. The results show that this framework can be used to detect the most vulnerable user or groups and focus training and awareness on it or these groups.