Abstract:
Social engineering is deeply entrenched in the fields of both computer science and social
psychology. Knowledge is required in both these disciplines to perform social engineering
based research. Several ethical concerns and requirements need to be taken into account
when social engineering research is conducted to ensure that harm does not befall those
who participate in such research. These concerns and requirements have not yet been
formalised and most researchers are unaware of the ethical concerns involved in social engineering
research. This paper identifies a number of concerns regarding social engineering
in public communication, penetration testing and social engineering research. It also discusses
the identified concerns with regard to three different normative ethics approaches
(virtue ethics, utilitarianism and deontology) and provides their corresponding ethical perspectives
as well as practical examples of where these formalised ethical concerns for social
engineering research can be beneficial.