Psycholinguistic Aspects of Humanitarian Component of Cybersecurity Психолінгвістичні аспекти гуманітарного компоненту кібербезпеки

Introduction. The paper focuses on language means exploited by social engineers in their activities in terms of humanitarian aspects of cybersecurity. The goal of this research is to analyze the methods and techniques employed by social engineers in their malicious activity and its features from a psycholinguistic point of view for further development of counteraction mechanisms. Methods. To obtain results we used the following methods: primary source analysis, analysis of spoken and written speech and speech products, and intent analysis. Results. The activity theory has been successfully applied to consider the key features of social engineers’ work. On the base of AT we presented a three-component model which we may consider only in the case of a social engineer’s successful attack (action). Based on the analysis of the sources, we distinguished the types of spoken and written communication actions (these types correspond to direct and indirect actions),


Introduction
Psycholinguistics and its methods contribute to solving problems related to a wide range of issues, including the analysis of the humanitarian aspects of cybersecurity and social engineering. As a technique in communication, social engineering involves human interaction, manipulation, and persuasion through either oral or written communication to succeed in aff ecting a person's behavior. However, examining social engineering is not as simple as it looks. Since spoken and written language samples are one of the few materials available for the study, thus, in our opinion, psycholinguistics off er an important means for identifying speech patterns of an individual engaged in a social engineering activity, the impact on the behavior and consciousness of the object of attack and developing counteraction mechanisms against complex social engineering strategies.
Social engineering is one of the biggest challenges facing cybersecurity as it exploits the natural human tendency to trust. The annual reports and documents of the world's leading organizations and many experienced security experts emphasize the given fact According to statistics, social engineering attacks are on the rise, accounting for 43% of data breaches (Actual cyber threats -2018. Trends and forecasts, https; UN Documents. Creation of a Global Culture of Cybersecurity: Resolution Adopted by the General Assembly, http). It evidences the importance of comprehensive consideration of this issue and confi rms the view that human factor still remains the weakest link of any security system (Yan et al., 2018).
The prevalence of social engineering methods can be explained by the fact that social engineers always take advantage of human emotions and psychology which are more vulnerable than protective technologies, so cyber criminals fi nd it much easier to ain access to private data through communication than by breaking down the security system. In this regard, understanding the psycholinguistic aspects of cybersecurity is the basis for protecting sensitive data and practicing cyber defense tactics, even if a person is not a cybersecurity specialist.
Human-based social engineering attacks are sophisticated and hard to detect, making their study necessary. The abovementioned is a key reason to consider the social engineering-related psycholinguistic aspects of cybersecurity, which can be applied to develop counteracting and data protecting mechanisms.
Currently, a great deal of research from pedagogy, psychology, and philology has covered cybersecurity in humanitarian contexts. At the same time, psycholinguistic aspects of cybersecurity have never been investigated before.
V.Y. Bykov, O.Y. Burov, N.P. Dementievska (2019), G. Li et al. (2019) address the pedagogical basis in the designing of cybersecurity educational courses suited to a broad target audience, since people are not trained to prevent cyberattacks.
In particular, (Bykov, Burov & Dementievska, 2019: 313-331) draw attention to the necessity of introducing cyber defense training into the e-learning environment. Since cybersecurity is a complex problem, the protection of sensitive data should include legal, technical, informational, organizational, and psychological measures.
G. Li et al. (2019) point out that the lack of cybersecurity awareness can lead to a cyberattack. The authors propose to introduce online courses to work at a number of training models aimed at developing competencies and skills to detect unauthorized access to closed systems.
J. Dawson and R. Thomson focus on the importance of cognitive abilities for the cybersecurity workforce. The authors believe that alongside technical and engineering skills cybersecurity experts need to develop social, communication skills that they can be constantly trained on (Dawson & Thomson, 2018).
Social psychologists R. Dreibelbis and J.Martin explain that the rapid changes in cyberspace require I-O psychology intervention from organizational psychology. They insist on including special tasks targeted at the development of sustainability and adaptability into the corporate personnel training system (Dreibelbis et al., 2018).
Contemporary researchers have made signifi cant eff orts to develop a holistic approach that could describe the human-factor risks in the cybersecurity system. Researchers examined cyberattackers' behavior and analyzed the motives behind insider threats and user profi les. The analysis data formed the basis for a scale that includes a set of characteristics and assessment tools, which can be used in the future to identify potential patterns of cybercrime behavior (King et al., 2018).
Since computer security is not just about technology and systems, but it is also about the people who use these systems, so scholars repeatedly highlight the extreme importance of human factors in cybersecurity systems (Quigley, 2015;Hadlington, 2017;Marble et al., 2015;Yan et al., 2018, and etc.).
Particularly, K. Quigley (scrutinizes communication problems between technical experts and laypersons, for instance, blame-shifting in case the system is being attacked. The survey demonstrates that professional communication has a number of disadvantages that are associated with over-and underestimation of the risks, which may aff ect the critical infrastructure (Quigley, 2015).
L. Hadlington brought into focus the correlation between employees' attitudes towards cybersecurity and risky online behaviors. He notes that Internet addiction and impulsivity are the indicators of an employee's tendency for risky behavior on the network that threatens the organization's cybersecurity (Hadlington, 2017).
J. Marble et al. (2015) analyze the role of cyberattack participants (attackers and defenders). The authors emphasize that the lack of awareness of cyberthreats by users and the complexity of the new cyber environment are the key reasons for successful cyberattacks. In this regard, they suppose that studying the psychology of users as potential targets of cyberattacks can help to create a safer cyber environment. Finally, the authors conclude that the human factor poses a threat not only to the individual but also to the nationwide security system in general. The complexity of the problem needs further research and development of cyberthreats counteraction mechanisms (Marble et al., 2015).
L. Ermakova's and Yu. Aidarov (2009) and work carries out a linguistic analysis of spam emails, which may help hackers to gain access to user's sensitive data. Paying special attention to their grammatical, lexical, and syntactic features, the authors, however, come to the conclusion that junk mail is more likely to be a channel to advertise obnoxious and intrusive services and goods. The conclusions made by the authors do not allow to systematize and identify linguistic patterns of junk mail and to take action against it. In addition, spam emails, unlike social engineers' activity, do not harm personal sensitive data. Unfortunately, the given study suggests a rather limited application, it contains little practical information on what steps users should undertake to protect themselves from receiving junk mails and does not consider other psycholinguistic aspects of the problem.
O. Vanyushicheva et al. (2011) cogitate about psychological peculiarities of user vulnerability as a potential object of socioengineering attack. The authors allude to the user's personal and social factors that aff ect the degree of his vulnerability. Moreover, the authors mention the correlation between the user's vulnerability and psychological profi le. Nevertheless, the given work focuses on the individual object of attack, while the psycholinguistic aspects of the social engineer's activity and his interaction with the object of attack have not been subject to research so far.
The ways in which individuals manipulate or infl uence other persons were considered by G. Grachev and I. Melnik (2002), R. Cialdini (2015), and others. These studies refer to the psychology of persuasion in general, paying no particular attention to the psychological and linguistic aspects of social engineering as a vital problem of cybersecurity.
M. Workman (2007) The SANS Institute that specializes in information security identifi es four social engineer attack vectors based on the following human psychological vulnerabilities: 1) careless attack vector, which exploits user's indiff erence to take corresponding defensive countermeasures; 2) comfort zone attack vector that is aimed at intruding the environment the user feels comfortable in; 3) helpful attack vector, which employs the user's natural desire to be in assistance; 4) fear attack vector that manipulates the user's fears (Lively & Charles, 2003). Though describing the main attack vectors, this study, unfortunately, does not analyze the means used by social engineers to infl uence the behavior of an object of attack.
From our perspective, discussing the phenomenon of social engineering is impossible without mentioning the global cybersecurity culture, which, according to Resolution adopted by the General Assembly, includes such components as (a) awareness; (b) responsibility; (c) response; (d) ethics; (e) democracy; (f) risk assessment; (g) security design and implementation; (h) security management; (i) reassessment (UN Documents. Creation of a Global Culture of Cybersecurity: Resolution Adopted by the General Assembly, http).
It is worth to note that existing research does not address the issues of social engineering, their psycholinguistic aspects, and the way these aspects can be used to create a common system of personal data protection.
Moreover, this problem has not been investigated in psycholinguistics as well: there are no studies trying to analyze or sort out the impact of spoken and written speech on the user's behavior and the mechanisms developed to counteract such impact.
Based on the abovementioned, we suppose that the formation of the cybersecurity culture associated with cyberattack counteraction mechanisms at the human-factor level should be considered by various fi elds of scientifi c study, including psycholinguistics. In this regard, psycholinguistics examines what words, phrases, and expressions social engineers exploit to infl uence and manipulate user's behavior and cognitive processes. The results obtained will be very useful for generating techniques to counter social engineering attacks.
In a two-stage design, we will analyze social engineers' activities in terms of using morphological, lexical, syntactical, etc. forms to intervene and infl uence the user's consciousness (the psycholinguistic aspect of the problem), then we will develop countermeasure mechanisms, based on the data obtained at the fi rst stage.
The paper manifests the results of the fi rst stage of the conducted study, i.e. the analysis of typical methods applied by social engineers in their work and scrutiny of how they use language to infl uence user's thought and action.
The goal of this paper is to analyze the methods and techniques employed by social engineers in their malicious activity and its features from a psycholinguistic point of view for further development of counteraction mechanisms.

Methods and Techniques of Research
In the study, we used the following research methods: primary source analysis, analysis of spoken and written speech and speech products, and intent analysis.
Considering the psycholinguistic aspects of social engineering, we emphasize that this type of cyberthreat is based on manipulations in the communication process and is widely used by attackers to infl uence the user's cognitive processes (critical thinking, logic, situation analysis, etc.) forcing him to perform their desired actions.
The distinctive feature of the social engineer's activity is the lack of face-to-face interaction with another person. Taking the abovementioned into account, we will interpret social engineer's activity as a subjectobject interaction in terms of Alexei Leontiev's (1975) classical activity theory and Lev Vygotsky's (2005) cultural-historical activity theory.
The practical applicability of the activity theory is the main reason for exercising it to analyze the social engineer's actions. Indeed, many fi elds of knowledge use the activity theory to analyze, determine problems and improve the work of particular branches. Despite the activity theory is mainly theoretical in domestic science, it has gained huge popularity in the practical studies of foreign scientists and has proven to be an eff ective tool for analyzing the activities of both individuals and organizations. For example, in the early 1990s, it was intensively used to create user-friendly interfaces to optimize and improve performance in computer-related industries (human-computer interaction). Yrjö Engeström, based on the cultural-historical activity theory, constructed the empirical activity triangle and summarized the principles to analyze the activity in an organization. Cultural-historical activity theory helps to understand the relationship between human and material, social and cultural environment (Cole, 1996;Cole & Engeström, 1993;Wertsch, 1993Wertsch, , 1994Engeström, 1999).
Hence, time-tested activity theory has proven to be an eff ective tool able to identify the general patterns of activity, tools, and ways of its implementation, as well as the motives, objectives, and means used to achieve the goal.
We describe social engineering through activities that involve the subject or the attacker (the social engineer himself), the object or the user (any person the social engineer communicates with), and the mediators. Since the social engineer's activity is as a subject-object interaction, mediators are represented by tools and/or signs (Vygotsky, 2005). Tools include computers, cell phones, USB fl ash drives, program software, etc., while signs are psychological factors, language, speech, concepts, and symbols (Carrol, 2003: 291-324). It should be noted that specifi ed subject-object interaction will be scrutinized through the prism of external factors (cultural, historical, mental, and social) and the environment.
Thus, this study is based on the activity theory and explanation of cultural mediators within the framework of Lev Vygotsky's culturalhistorical activity theory that serves as a methodological foundation for investigating the social engineer's activity. Our task is to identify and analyze the methods applied by social engineers in their work and to examine the speech and language tools used to manipulate and infl uence the user's consciousness and mental state (Vygotskyi, 2005).

Results and Discussions
The interaction between subject and object and various aspects of their behavior leads to the formation of an entire structure, so the survey of individual manifestations of activities and actions can be considered as just a single stage of a comprehensive study. The key motive of each social engineer's action is to divulge confi dential information, which can be successful or vice versa. The social engineer's attack is apparently a hierarchically organized triad including motive -specifi c actions and operations -fi nal result. The analysis of the products of oral and written speech allows to determine the main directions of communicative activity and to visualize the system picture, which contains linguistic, psychological, social, and cultural factors. Based on Alexei Leontiev's activity theory and clarifi cation of cultural mediators within the framework of Lev Vygotsky's cultural-historical activity theory (2005), we worked out a scheme depicting subject-object interaction during a successful social engineer's attack (Fig. 1).

Fig. 1. Interaction scheme of a successful social engineer's cyberattack S -subject, O -object, T -tools, SGN -signs
The subject (attacker) infl uences the object (user) using modern telecommunication technologies and either written or verbal means of language. According to the scheme, the subject's primary goal is to obtain the necessary data through communication to manipulate the object's behavior. The attacker usually develops certain communication strategies depending on the current situation, the user's individual characteristics (determined by analyzing his responses, reactions, and pauses), cultural, historical, mental, social factors, and the environment of his activity.
After scrutinizing a wide array of social engineering-related cases, it is possible to conclude that the subject's (attacker/social engineer) main actions performed to infl uence the object are connected with the use of oral and written products, apps, program software or USB fl ash drives.
Based on the type of communication involved, we divided the social engineer's main actions (attacks) into direct (oral) and indirect (written).

I. Actions through written speech (indirect attacks).
Indirect communication is related to provoking mechanical actions like opening a fi le, connecting an unknown USB fl ash drive to your computer, downloading program software or an application. Besides, the indirect attack includes a preliminary collection of data about the user and his environment. Indirect communication implies the selection of written language means able to induce the user to provide cybercriminals with access to «sensitive data» (private emails and messages, passwords, bank accounts, etc.).

II. Actions through spoken speech (direct attack).
Direct communication is the process of exchanging information through oral speech.
As for the social engineer's activity, oral or written text is a refl ection of the subject's activity structure, his objectives, motives, and the means used to achieve the goal. The techniques exploited to infl uence user's cognitive processes are based on the distinctive features of spoken and written speech, linguistic factors, object's psychological characteristics, and the environment he lives in, historical and cultural aspects of a certain society. By conducting a comprehensive analysis of primary sources and systematically examining the subjects' speech activity at diff erent communicative levels, we have singled out methods of social engineer's infl uence on the user's cognitive processes, involving direct and indirect actions: a) one of the principal methods is to aff ect the emotional and sensual sphere by creating texts or messages able to provoke a certain reaction and manipulate the object's consciousness. For instance, overlypositive or overly-angry post has an emotional eff ect on social network users being shared, commented, and liked. The given fact can be easily explained by psychology and physiology. The use of verbal constructs that elicit mental images and situations appeals to a person's emotionalaff ective sphere and blocks the rational zones of the cognitive-rational sphere. According to J.G. Nicholls, A.R. Martin, B.G. Wallace, and P.A. Fuchs, it is primarily connected with the major action of adrenaline and noradrenaline that being released prepare a person for «fi ght or fl ight» response in stress, vigorous or sudden action (Nicholls, Martin, Wallace & Fuchs, 2008). From the point of view of psychology, the social engineer's activity must fi rst and foremost have an impact on the emotional sphere. A.R. Damasio (2001), T.E. Nygren et al. (1996), and other researchers accentuate that the emotional and sensual sphere is an important chain that infl uences the result of the activity. When the social engineer and the user converse with each other, be it a direct or telephonic conversation, the communication process helps to reveal the user's distinctive psychological features and traits developed under the infl uence of cultural and historical peculiarities of the given society and organizational principles of an enterprise he works at; b) methods of infl uence aimed at creating situations that limit the user's critical perception by drawing his attention to details he might be interested in (for example, a «Salary»-scripted USB fl ash drive which obviously causes a desire to open it immediately); c) methods of infl uence that help to block the cognitive processes of rational and critical thinking. Such methods do not allow the user to analyze and critically evaluate events and fi nd solutions in a nonstandard situation (for instance, the urgency of the situation, authoritative sources of information to convince the recipient in something, etc.). In this case, social engineers select linguistic means able to cause anxiety and stress, to limit the time for deliberating over the situation, to create a sense of urgency or fear in victims; d) speech actions which contain positive incentives that have an interest to a user, like «promotion», «win», «positive impression», etc. Social engineers widely exploit lexical and stylistic devices to formulate a request, praise, encouragement, and so on. Such attacks are targeted at manipulating user's moral attitudes (the desire to assist, to be helpful).
Depending on the type of communication and the methods of infl uencing the user's cognitive process, we have categorized the general techniques applied by social engineers as follows: 1) techniques related to the use of spoken speech; 2) techniques related to the use of written speech; 3) techniques related to the use of USB fl ash drives, applications, and program software.
Techniques related to the use of verbal speech include actions that block the cognitive processes of rational and critical thinking and persuade the object to make wrong decisions, thereby providing access to his sensitive data (phishing, vishing, smishing, creating limited-time situations).
Techniques related to the use of written language aimed at forming lexical and conceptual structures able: -to provoke the subject to perform certain actions (for example, to open a fi le, to fi ll in a form containing personal data); -to block rational thinking zones (for instance, when the object is forced to focus on events that evoked a particular emotion, no matter positive or negative (joy of winning, worrying about a family member); -to infl uence the emotional and aff ective sphere (for example, phishing using SMS, threatening letters, virus warning emails, etc.).
Techniques related to the use of USB fl ash drives, applications, and program software exploit special words or phrases to make the user download the desired apps or program to his PC, for example, an antivirus update message or «Bonus» written on a «lost» USB fl ash drive, which defi nitely may arouse user's interest or curiosity.
The wide application of the abovementioned methods, actions, and techniques results in the leakage of personal data and confi dential («sensitive») information, downloading harmful, spyware or viral fi les (apps and programs) to a computer.

Conclusion
Therefore, cybersecurity cannot be viewed only as a set of security measures to preserve the confi dentiality of information, since it involves communication-related activities. In this regard, it is crucial to teach people to recognize and confront the techniques used by social engineers to get access to «sensitive» data and to improve their information security awareness.
In this paper, social engineering is considered as a negative socio-technological phenomenon, which poses a threat to the personal confi dential data of both individuals and corporations. Commonly, social engineering implies communication between the attacker (subject/social engineer) and the user (object of attacks) that invokes fear, urgency, anger or positive emotions, leading the user to reveal confi dential information, open a malicious fi le or click a malicious link.
We proved that social engineers widely employ oral and written texts or deep knowledge in psychology to infl uence and manipulate the user. Having analyzed the actions (attacks) and techniques used by social engineers, we singled out speech and language means able to aff ect the user's cognitive processes and alter his behavior. Depending on the type of communication, the principal actions (attacks) of social engineering can be divided into 1) direct (oral) and 2) indirect (written) ones. In addition, we came to the conclusion that common methods of infl uence exploited by social engineers are aimed at governing the consciousness of the object of attack and his emotional-aff ective sphere, as well as blocking the processes of rational and critical thinking, manipulating person's moral and ethical attitudes. Furthermore, resting on the type of communication and the methods of infl uencing the user's cognitive process, we systematized the general techniques applied by social engineers to the objects of their attacks, explaining the prevailing psychological and linguistic aspects of this impact.
The fi ndings will be used for developing social engineering defense mechanisms and counteracting strategies. In our viewpoint, the combination of critical thinking skills with Internet safety rules is an eff ective tool to reduce the risk of «sensitive data» leakage.
A better understanding of social engineering methods and actions is a powerful tool that can be used for developing cyberattacks countermeasures and increasing cybersecurity literacy.