Sharing passwords with strangers – A laboratory study

This study aims to investigate the conditions under which people are inclined to engage with social engineering propositions. Using the contributions of Prospect Theory, the role of individual utility evaluations and risk perception were examined. A laboratory experiment was conducted with a sample of 82 people from Germany. Participants were asked to work on tasks when they were approached by a third-party social engineer who offered to help them complete the task in exchange for their social media password. The experiment was conducted in a laboratory setting to control for extraneous factors. The results showed that participants were more likely to share their password when the perceived profitability of doing so was high, when they expected that the trust would be rewarded, and when they perceived the stranger to be trustworthy. The findings suggest that this framework could be used to develop more effective strategies to prevent social engineering attacks. This study uniquely contributes to the literature by applying a Prospect Theory framework to explore the decision-making processes of individuals in the context of social engineering, offering novel insights into the psychosociological mechanisms that influence individuals’ susceptibility to phishing tactics.

• Publication year

  2026

• Venue

  Information & Computer Security

• Publication date

  2026-01-27

• Fields of study

  Not labeled

• Identifiers
  DOI 10.1108/ics-10-2025-0422
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• Uncovering the role of optimism bias in social media phishing: an empirical study on TikTok

  2023cited by this paper
• Situational Contingencies in Susceptibility of Social Media to Phishing: A Temptation and Restraint Model

  2023cited by this paper
• Cyber Security Awareness (CSA) and Cyber Crime in Bangladesh: A Statistical Modeling Approach

  2023cited by this paper
• Comprehensive Assessment of Reverse Social Engineering to Understand Social Engineering Attacks

  2023cited by this paper
• Comparative Analysis of Phishing Tools on Social Media Sites

  2023cited by this paper
• Social Engineering Attack Classifications on Social Media Using Deep燣earning

  2023cited by this paper
• Violations at the Reference Point of Discontinuity: Limitations of Prospect Theory and an Alternative Model of Risk Choices

  2022cited by this paper
• Predicting User Susceptibility to Phishing Based on Multidimensional Features

  2022cited by this paper
• The social ambiguity of money: empirical evidence on the multiple usability of money in social life

  2022cited by this paper
• Does prospect theory explain ethical decision making? Evidence from tax compliance

  2021cited by this paper
• The prevalence and motivations for password sharing practices and intrusive behaviors among early adolescents' best friendships - A mixed-methods study

  2021cited by this paper
• Overview of Social Engineering Attacks on Social Networks

  2021cited by this paper
• Characteristics that Predict Phishing Susceptibility: A Review

  2021cited by this paper
• Continuous Multimodal Biometric Authentication Schemes: A Systematic Review

  2021cited by this paper
• Phishing Happens Beyond Technology: The Effects of Human Behaviors and Demographics on Each Step of a Phishing Process

  2021cited by this paper
• Improving cybersecurity awareness using phishing attack simulation

  2021cited by this paper
• An interdisciplinary view of social engineering: A call to action for research

  2021cited by this paper
• Is this phishing? Older age is associated with greater difficulty discriminating between safe and malicious emails.

  2020cited by this paper
• Replicating patterns of prospect theory for decision under risk

  2020cited by this paper
• Taking Risks With Cybersecurity: Using Knowledge and Personal Characteristics to Predict Self-Reported Cybersecurity Behaviors

  2020cited by this paper
• Understanding Phishing Email Processing and Perceived Trustworthiness Through Eye Tracking

  2020cited by this paper
• Is FIDO2 the Kingslayer of User Authentication? A Comparative Usability Study of FIDO2 Passwordless Authentication

  2020cited by this paper
• Individual differences in the perception of probability

  2020cited by this paper
• Risk and Demographics’ Influence on Security Behavior Intentions

  2020cited by this paper
• Multi-Factor Authentication in Cyber Physical System: A State of Art Survey

  2019cited by this paper
• That Was Then, This Is Now: A Security Evaluation of Password Generation, Storage, and Autofill in Browser-Based Password Managers

  2019cited by this paper
• Which Phish Is on the Hook? Phishing Vulnerability for Older Versus Younger Adults

  2019cited by this paper
• Phishing and Cybercrime Risks in a University Student Community

  2019cited by this paper
• What Message Characteristics Make Social Engineering Successful on Facebook: The Role of Central Route, Peripheral Route, and Perceived Risk

  2019cited by this paper
• Social Engineering Attacks: A Survey

  2019cited by this paper
• "If you know what to do, will you take action to avoid mobile phishing attacks": Self-efficacy, anticipated regret, and gender

  2019cited by this paper
• All About Phishing: Exploring User Research through a Systematic Literature Review

  2019cited by this paper
• How persuasive is a phishing email? A phishing game for phishing awareness

  2019cited by this paper
• A critique of prospect theory and framing with particular reference to consumer decisions

  2019cited by this paper
• Intentions-Based Reciprocity to Monetary and Non-Monetary Gifts

  2018cited by this paper
• How to end password reuse on the web

  2018cited by this paper
• The effects of online trust-building mechanisms on trust and repurchase intentions: An empirical study on eBay

  2018cited by this paper
• Social Engineering Attacks and Countermeasures in the New Zealand Banking System: Advancing a User-Reflective Mitigation Model

  2018cited by this paper
• It’s the deceiver and the receiver: Individual differences in phishing susceptibility and false positives with item profiling

  2018cited by this paper
• Discussing Alternative Login Methods and Their Advantages and Disadvantages

  2018cited by this paper
• Facing the future: the impact of Apple FaceID

  2018cited by this paper
• Gender difference and employees' cybersecurity behaviors

  2017cited by this paper
• Let's Go in for a Closer Look: Observing Passwords in Their Natural Habitat

  2017cited by this paper
• Phishing environments, techniques, and countermeasures: A survey

  2017cited by this paper
• Prospect theory and the decision to move or stay

  2017cited by this paper
• Dissecting Spear Phishing Emails for Older vs Young Adults: On the Interplay of Weapons of Influence and Life Domains in Predicting Susceptibility to Phishing

  2017cited by this paper
• Which phish get caught? An exploratory study of individuals′ susceptibility to phishing

  2017cited by this paper
• Password-free authentication for social networks

  2017cited by this paper
• Measuring Source Credibility of Social Engineering Attackers on Facebook

  2016cited by this paper
• Social network phishing: Becoming habituated to clicks and ignorant to threats?

  2016cited by this paper
• Social engineering attack examples, templates and scenarios

  2016cited by this paper
• Understanding Social Engineering Based Scams

  2016cited by this paper
• A Serious Game for Eliciting Social Engineering Security Requirements

  2016cited by this paper
• Susceptibility to Social Engineering in Social Networking Sites: The Case of Facebook

  2015cited by this paper
• Individual Differences in Cyber Security Behaviors: An Examination of Who Is Sharing Passwords

  2015cited by this paper
• On the Impact of Touch ID on iPhone Passcodes

  2015cited by this paper
• "I Added '!' at the End to Make It Secure": Observing Password Creation in the Lab

  2015cited by this paper
• Principles of Persuasion in Social Engineering and Their Use in Phishing

  2015cited by this paper
• Phishing for Suitable Targets in The Netherlands: Routine Activity Theory and Phishing Victimization

  2014cited by this paper
• Passwords are Dead: Alternative Authentication Methods

  2014cited by this paper
• Outcomes and expectations in dilemmas of trust

  2014cited by this paper
• When Giving Money Does Not Work: The Differential Effects of Monetary Versus In-Kind Rewards in Referral Reward Programs

  2014cited by this paper
• Time Pressure Increases Cooperation in Competitively Framed Social Dilemmas

  2014cited by this paper
• A Study of Social Engineering in Online Frauds

  2013cited by this paper
• The effect of prior outcomes on gender risk-taking differences

  2013cited by this paper
• Social Networks : Threats and Solutions

  2013cited by this paper
• Understanding persuasive elements in phishing e-mails: A categorical content and semantic network analysis

  2013cited by this paper
• Towards understanding phishing victims' profile

  2012cited by this paper
• Spontaneous giving and calculated greed

  2012cited by this paper
• The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes

  2012cited by this paper
• Thirty Years of Prospect Theory in Economics: A Review and Assessment

  2012cited by this paper
• A Holistic Framework for Trust in Online Transactions

  2012cited by this paper
• F for fake: four studies on how we fall for phish

  2011cited by this paper
• Understanding scam victims

  2011cited by this paper
• Trusting and trustworthiness: What are they, how to measure them, and what affects them

  2010cited by this paper
• Influence functions of the Spearman and Kendall correlation measures

  2010cited by this paper
• Who falls for phish?: a demographic analysis of phishing susceptibility and effectiveness of interventions

  2010cited by this paper
• Spheres of trust: An empirical analysis of the foundations of particularised and generalised trust

  2009cited by this paper
• The Risk Society: Towards a new modernity

  2009cited by this paper
• Avoidance of Information Technology Threats: A Theoretical Perspective

  2009cited by this paper
• You've been warned: an empirical study of the effectiveness of web browser phishing warnings

  2008cited by this paper
• Measures of Association: How to Choose?

  2008cited by this paper
• Psychological Foundations of Trust

  2007cited by this paper
• Password sharing: implications for security design based on social practice

  2007cited by this paper
• Behavioral response to phishing risk

  2007cited by this paper
• The hidden costs of control

  2006cited by this paper
• Why phishing works

  2006cited by this paper
• Sensation Seeking And Risky Behavior

  2006cited by this paper
• Peer influence on risk taking, risk preference, and risky decision making in adolescence and adulthood: an experimental study.

  2005cited by this paper
• Soziologie des Cyberspace

  2004cited by this paper
• Making Descriptive Use of Prospect Theory to Improve the Prescriptive Use of Expected Utility

  2001cited by this paper
• Measuring Trust

  2000cited by this paper
• Advances in prospect theory: Cumulative representation of uncertainty

  1992cited by this paper
• The theory of planned behavior

  1991cited by this paper
• Perception of risk.

  1987cited by this paper
• A Protection Motivation Theory of Fear Appeals and Attitude Change1.

  1975cited by this paper
• Toward a Theory of Interpersonal Trust

  1973cited by this paper
• Justice in Social Exchange

  1964cited by this paper
• You have printed the following article : Prospect Theory : An Analysis of Decision under Risk

  year unknowncited by this paper

• No citing papers are available for this paper.