Social engineering and phishing: A semiotic perspective

Abstract

This paper examines social engineering and phishing through the analytical lens of semiotics, with the purpose of uncovering how deceptive digital messages manipulate signs and symbols to influence perception and behavior. The primary goal is to provide a deeper understanding of the communicative techniques that underlie phishing attacks by analyzing how attackers mimic trusted entities, exploit cognitive shortcuts, and manipulate emotional and contextual cues. Using qualitative semiotic analysis, the paper dissects real-world phishing examples—such as fraudulent emails, fake login pages, and spoofed interfaces—to identify the semiotic mechanisms at play. The study is organized around three thematic areas: the construction of deceptive signs and symbols, exploitation of perceptual shortcuts and imitation of interface iconography. By situating phishing within a semiotic framework, the paper aims not only to expose the techniques used by malicious actors but also to suggest strategies for what can be termed “defensive semiotics”—design and educational approaches that enhance users’ critical interpretation of digital signs. In doing so, this research contributes to a more nuanced understanding of digital deception and the symbolic construction of trust online.