The personality types most likely to be scammed…

Cyber criminals are masters at triggering human psychological needs – and people with an agreeable personality have a higher chance of being manipulated to share private and sensitive information. That is according to a new study at Stellenbosch University (SU). In this interview with BizNews, system analyst Vian Smit describes the striking correlation between personality types and cybersecurity risk. Smit explains which character traits in agreeable people and extroverts make them good prey for cyber crooks. But he has good news for neurotics whose character traits protect them against scammers. He urges organisations to incorporate human personality types in their counter cyber crime measures. “If we know there is a certain individual that might pose a bigger risk for information loss or information breaches, then I think it would be smart to have a stricter cybersecurity policy applied to such individuals.”

Sign up for your early morning brew of the BizNews Insider to keep you up to speed with the content that matters. The newsletter will land in your inbox at 5:30am weekdays. Register here.

Watch here

Listen here

Summary of the interview

System analyst Vian Smit, in collaboration with Stellenbosch University, delves into the susceptibility of personality types to cyber scams. Focusing on the Five Factor model, encompassing extraversion, openness, conscientiousness, agreeableness, and neuroticism, Smit surveyed approximately 700 individuals. Findings reveal agreeable personalities as most vulnerable to social engineering attacks due to their compassionate, cooperative nature, prioritizing relationships over skepticism. Surprisingly, extroverts, though socially confident, exhibit the second-highest susceptibility, likely due to increased social engagement online. Conversely, neurotic individuals, characterized by low self-esteem and anxiety, display the lowest susceptibility, as they tend to withdraw rather than engage, minimizing exposure to scams.

Organisations can leverage these insights to tailor cybersecurity policies, imposing stricter measures on high-risk individuals. Similarly, individuals can safeguard themselves by understanding their susceptibility level and recognizing potential scams. Smit underscores the pervasive nature of cyber threats, emphasising the necessity for vigilance and scepticism, recounting personal experiences to illustrate common tactics employed by cybercriminals. Ultimately, awareness of psychological vulnerabilities is crucial in combating cybercrime, as perpetrators exploit universal human needs and tendencies. Smit advocates for heightened awareness and caution, stressing the potential consequences of falling victim to cyber scams, urging individuals to remain vigilant in the face of increasingly sophisticated threats.

Extended transcript of the interview ___STEADY_PAYWALL___

Chris Steyn (00:00.842)

Which personality types are most likely to be scammed by cyber criminals? We find out from system analyst, Vian Smit, who conducted a study for Stellenbosch University. Welcome, Vian.

Vian (00:14.394)

Good morning, welcome.

Chris Steyn (00:18.314)

Which five personality types did you focus on?

Vian (00:22.778)

So I essentially conducted my study using the Five Factor model and the Five Factor model includes personality types extraversion, openness, conscientiousness, agreeableness and also neurotism.

Chris Steyn (00:37.866)

How many people did you survey?

Vian (00:40.538)

Myself, I roughly had 700 responses.

Chris Steyn (00:48.138)

And what did your study show?

Vian (00:51.066)

Well, essentially my study, I wanted to study which personality types were more susceptible to social engineering attacks. And at the end of the study, my results showed that agreeableness at the highest social engineering susceptibility level and neurotism and openness at the lowest social engineering susceptibility level associated.

Chris Steyn (01:17.674)

So what character traits of people with agreeable personalities would make them easier targets for social engineering tactics?

Vian (01:25.978)

Well, when it comes to agreeable personality types, these are typically people that care more about the quality of relationship with people. They are also compassionate and cooperative towards other people rather than being suspicious and antagonistic. And I think it’s these character traits that make them more susceptible to social engineering attacks. And when social engineers exploit these type of attacks, typically these characteristics of the agreeable type that gets exploited and cause them to be a victim of a cyber attack.

Chris Steyn (04:12.65)

What about extroverts?

Vian (04:15.482)

Well, it was kind of fascinating for me that my results showed that extroverts had the second highest social engineering susceptibility. It was kind of interesting for me to see this because when you think of extroverts, according to the Five Factor model, these individuals, they seek social company, they are kind of outgoing and they exhibit social confidence in social settings. So you’re kind of expect them to also have a high social engineering susceptibility, but it was interesting for me to see that they had the second highest social engineering susceptibility and not necessarily the highest social engineering susceptibility, but research also shows that extroverts are typically people that would be more inclined to engage on social networks and things like that.

Chris Steyn (05:14.058)

Okay, I just want to go back to neurotics. Could you just recap for us why they have the lowest susceptibility to cyber criminals and their tactics?

Vian (05:27.994)

Yes, definitely. I think it’s mainly because the neurotic individuals, they are people that have a low self-esteem. They exhibit high levels of anxiety. They are kind of more, I want to say people that are generally more down in a way, people that have low levels of joy, low levels of excitement. I think it’s more individuals that are more inclined to pull back in certain scenarios rather than to express themselves fully so they won’t engage that much on social networks. They won’t engage that much when they’ve received maybe a text message that might be a phishing attack or maybe a phishing email. They are more inclined to withdraw rather than to express themselves fully. And I think it’s this character trait that also protects them from social engineering attacks.

Chris Steyn (06:26.218)

So how can organisations use your findings to enhance their cybersecurity measures?

Vian (06:32.73)

Yes, I definitely think that my results can benefit a lot of organisations in a way that they can use it to kind of determine which employees are more susceptible to social engineering attacks. And most organisations these days, or bigger organisations, they deal with a lot of data and information they have, their cybersecurity policies. And I think it’s definitely something that they can maybe consider integrating what would be the cybersecurity policy for different personality types. If we know there is a certain individual that might pose a bigger risk for information loss or information breaches, then I think it would be smart to have a stricter cybersecurity policy applied to such individuals, whereas individuals that might have a lower social engineering susceptibility level can have a lower or less strict cybersecurity policy applied to them at work.

Chris Steyn (07:39.722)

And what about individuals? How can they use your findings to better protect themselves from cyber criminals?

Vian (07:46.362)

I think my findings, it’s really nice for the everyday individual, I want to say as well, because it kind of, it’s not just applicable to employees that work at a company, but it’s also applicable to individuals that are maybe a stay-at-home Mom that’s on their phone when they have a short break or maybe on social media or things like that. And individuals can really use these results to kind of realise which personality type they fall under, but also at the end, see their social engineering susceptibility level and be aware that they are maybe more at risk or less at risk when it comes to these cyber attacks.

Chris Steyn (08:33.386)

Okay, so everybody needs to become more aware how their own psychological makeup can make them prey to cyber criminals. That’s essentially what you are encouraging.

Vian (08:40.442)


Vian (08:47.738)

Yes, that is essentially what I’m encouraging. I think people should also be aware that these cyber criminals are extremely clever. I think they really know the psychological way that humans are created and the psychological needs that we as humans have. And that’s why these cyber attacks are so, so effective because they really trigger those human psychological needs, needs that we have as humans. 

Whether we want to agree with it or not, we all have them in something that we all have in common. And cyber criminals, social engineering criminals, they really target these type of needs that we have as humans. So it’s very difficult to kind of dodge these attacks because in a way we all fall in the criteria of the individuals that they target.

Chris Steyn (09:42.922)

Quite!  Any last words of advice from you, Vian?

Vian (09:47.002)

I think it’s just these cyber attacks, they are so common these days. I mean, I think we can all agree that we’ve all received a message on our phone or an email in our inbox where we could hopefully, hopefully we could realise that, hey, that was a social engineering attack and hopefully we haven’t clicked on it. 

I think for me personally, the other day I ordered something online and then a few days later I got a SMS message saying that I need to change my location because the parcel has been delivered to the warehouse, and immediately I was a bit skeptical because I realised that why would this company do that? This is a very popular company, it’s a big name. They wouldn’t send me a personal message on my phone, they would probably email me and I would be able to verify that it’s the company’s email and there would maybe be a logo of the company in the email. And immediately I was very skeptical of the SMS and I just realised that these social engineering attacks they are extremely common these days and if you are not awake, if you are not aware you can really lose a lot of money or your personal information – and yes I think it just becomes a very messy and tragic story there.

Chris Steyn (11:11.082)

Indeed. Thank you. That was system analyst, Vian Smit, speaking to BizNews about the personality types that are most likely to be scammed by cyber criminals. Thank you, Vian. I am Chris Steyn.

Vian (11:22.842)

Thank you very much.

Read also:

Visited 897 times, 852 visit(s) today