Abstract Insider social engineering is emerging as a critical yet underexplored dimension of cybersecurity, while unintentional insider threats are still predominantly conceptualised as negligent or careless behaviour. A particularly overlooked vector is insider-induced reverse social engineering, where malicious insiders deliberately manufacture problems and manipulate unsuspecting colleagues into initiating contact, thereby establishing trust and enabling exploitation. This study reframes unintentional insiders as active conduits of insider social engineering and proposes integrative socio-technical defences. A systematic literature review of 39 peer-reviewed articles published between 2014 and 2025 was conducted using PRISMA guidelines. The review consolidates fragmented conceptualisations of unintentional insider threats, classifies vulnerabilities across psychological, organisational, and socio-technical domains, and synthesises existing mitigation strategies. The analysis identifies three enduring shortcomings: the absence of a coherent conceptualisation of unintentional insiders as enablers of social engineering, the weak integration of technical and socio-technical countermeasures, and the lack of frameworks addressing insider and reverse social engineering. To address these gaps, the study contributes a taxonomy of vulnerabilities and mechanisms underpinning insider and reverse social engineering, a problem–solution mapping that aligns vulnerabilities with technical, socio-technical, and hybrid mitigation strategies, and a multi-layered socio-technical framework that integrates anomaly detection with behavioural and procedural indicators. These contributions advance conceptual clarity, reposition unintentional insiders as critical enablers of social engineering, and provide actionable foundations for hybrid socio-technical defences.
Galadima et al. (Sun,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: