Social Engineering Attack Effectiveness Across Modalities: Email, Voice, SMS, and Social Media

Threats & Vulnerabilities2024Computers in Human Behavior

ByJulian Calvo, Ed.D., MBA, M.S.2024

APA Citation

Fleming, K. et al. (2024). Social Engineering Attack Effectiveness Across Modalities: Email, Voice, SMS, and Social Media. *Computers in Human Behavior*. https://doi.org/10.1016/j.chb.2024.108412

View original paper →

Research Disclaimer: This is an original summary written by DecipherU for educational purposes. We do not host or reproduce the original paper. Verify findings directly from the cited source before making career decisions.

What Did This Cybersecurity Research Find?

This cybersecurity human factors study conducted authorized social engineering tests across four attack modalities at 20 organizations (total 10,000 employees). Cybersecurity social engineering via voice calls (vishing) achieved a 47% success rate, compared to 31% for SMS (smishing), 18% for email phishing, and 12% for social media, with vishing effectiveness driven by urgency cues and impersonation of authority figures.

Key Findings

1Vishing had the highest success rate at 47%, followed by smishing at 31%
2Email phishing succeeded at 18%, the lowest among direct contact methods
3Social media social engineering succeeded at 12% but had the widest reach per effort
4Urgency and authority impersonation were the most effective psychological triggers across all modalities
5Security awareness training reduced vishing success from 47% to 19% in trained groups

How Does This Apply to Cybersecurity Careers?

Security awareness trainers should shift focus toward vishing defenses given its higher success rate. Red team operators can select the highest-yield social engineering modality for their assessments.

Who Should Read This?

mid careerseniormanagement

Frequently Asked Questions

What did this cybersecurity research find?

How is this research relevant to cybersecurity careers?

Where was this cybersecurity research published?

This study was published in Computers in Human Behavior in 2024. The DOI is 10.1016/j.chb.2024.108412. Access the original paper through the publisher link above.

Sources

Last verified: 2026-04-01Report an inaccuracy

Explore Related Cybersecurity Resources

Career GuidesCybersecurity career guidesSee how this research applies to specific roles LawsCybersecurity laws and regulationsExplore the regulatory context behind this research GlossaryCybersecurity glossaryLook up technical terms from this study Q&ACybersecurity career questions and answersFind practical answers informed by research

Was this page helpful?

Get cybersecurity career insights delivered weekly

Join cybersecurity professionals receiving weekly intelligence on threats, job market trends, salary data, and career growth strategies.

Get Cybersecurity Career Intelligence

Weekly insights on threats, job trends, and career growth.

Unsubscribe anytime. More options