The article “Harnessing Large Language Models to Simulate Realistic Human Responses
to Social Engineering Attacks: A Case Study” by Asfour and Murillo (2023) addresses a crucial
issue in cybersecurity: how human behavior influences vulnerability to social engineering
attacks, such as phishing emails (Asfour & Murillo, 2023). Combining advanced technology
With everyday human behaviors. The primary research question is: How do simulated human
behaviors, influenced by the Big Five personality traits (openness, conscientiousness,
extraversion, agreeableness, and neuroticism), respond to social engineering attacks? The authors suggest that specific personality traits, such as high agreeableness or low conscientiousness, make people more susceptible to these attacks because they are more likely to trust manipulative tactics. In this case, the independent variable is the Big Five personality traits. In contrast, the dependent variable is the simulated response to the attack, measured by actions like opening emails or sharing information.

This topic is closely related to social science concepts, particularly those from
psychology and sociology. Psychologically, it uses trait theory to explain individual differences
in risk-taking, showing how personality influences decision-making under uncertainty.
Sociologically, it illustrates social norms by demonstrating how cybercrimes exploit shared
norms of trust and shared information in digital interactions, ideas we have studied in class that emphasize cybersecurity as not just a tech issue, but a human one rooted in common behavior.

The authors used large language models (LLMs), such as OpenAI’s GPT-4, to generate
real human responses in their research. “Their approach to obtain those findings through expert interviews and individual tests was manual, time-consuming, and lacked standardization of the victims’ conditions and attack techniques”(Asfour & Murillo, 2023). They implemented real-life phishing attempts. “The prompt was designed to mimic a real-world phishing email, posing as an authentic security alert from Apple, requesting the recipient to verify their identity by replying with their current password. It is important to note that the email used in this study was extracted from a real-world phishing attack, and it includes original spelling and formatting” (Asfour & Murillo, 2023).

Social engineering attacks target individuals with little to no understanding of the dangers of the internet, such as older adults. This article examines how human behavior and personality traits influence vulnerability to social engineering attacks, particularly in the context of cybersecurity.

The study’s primary research question is: How do simulated human behaviors, influenced by the Big Five personality traits (openness, conscientiousness, extraversion, agreeableness, and neuroticism), respond to social engineering attacks? The authors hypothesize that certain personality traits, such as high agreeableness and low conscientiousness, may increase the likelihood that individuals will fall for phishing attacks. The independent variable (IV) is the Big Five personality traits, and the dependent variable (DV) is the response to the social engineering attack.

For their research methods, the authors developed a realistic approach, using large language models (LLMs) such as OpenAI’s GPT-4 to generate real human responses to phishing attacks. This approach allowed researchers to create controlled scenarios that mimic real-world social engineering attempts.

Concepts from PowerPoint on human factors are closely related to the article’s findings, particularly in the areas of technology and psychology, where we discussed victimization and the behaviors of victims that result from their victimization. The topic also highlights the challenges marginalized groups face in digital security. Designing cybersecurity defenses to address the specific needs of users with limited computer knowledge is essential to reducing their risk and developing better tools to spot and identify theft and financial exploitation.

Overall, the contributions of this study to society are significant. This research validates the use of LLMs for understanding human behavior, recognizing how phishing attacks succeed, and enabling proactive defense in a world where cyberattacks and social engineering have become increasingly common.

In conclusion, Asfour and Murillo’s research gives a clearer understanding of cybercrime through innovative methods. They also advance the role of social sciences in promoting digital safety and literacy. It requires guidelines to be established to protect everyone. Having a better understanding of human factors and how they impact each attack can lead to more in-depth
preventive measures.

References
Asfour, M., & Murillo, J. C. (2023). Harnessing large language models to simulate realistic human
responses to social engineering attacks: A case study. International Journal of Cybersecurity Intelligence
& Cybercrime, 6(2), 41-60. https://vc.bridgew.edu/ijcic/vol6/iss2/3/