Catch Me if You Can : "Delaying" as a Social Engineering Technique in the Post-Attack Phase.

Much is known about social engineering strategies (SE) during the attack phase, but little is known about the post-attack period. To address this gap, we conducted 17 narrative interviews with victims of cyber fraud. We found that while it was seen to be important for victims to act immediately and to take countermeasures against attack, they often did not do so. In this paper, we describe this "delay" in victims' responses as entailing a period of doubt and trust in good faith. The delay in victim response is a direct consequence of various SE techniques, such as exploiting prosocial behavior with subsequent negative effects on emotional state and interpersonal relationships. Our findings contribute to shaping digital resistance by helping people identify and overcome delay techniques to combat their inaction and paralysis.