Vulnerability to social engineering in social networks: a proposed user-centric framework

Social networking sites have billions of users who communicate and share their personal information every day. Social engineering is considered one of the biggest threats to information security nowadays. Social engineering is an attacker technique to manipulate and deceive users in order to access or gain privileged information. Such attacks are continuously developed to deceive a high number of potential victims. The number of social engineering attacks has risen dramatically in the past few years, causing unpleasant damage both to organizations and individuals. Yet little research has discussed social engineering in the virtual environments of social networks. One approach to counter these exploits is through research that aims to understand why people fall victim to such attacks. Previous social engineering and deception research have not satisfactory identified the factors that influence the users' ability to detect attacks. Characteristics that influence users' vulnerability must be investigated to address this issue and help to build a profile for vulnerable users in order to focus on increasing the training programs and education for those users. In this context, the present study proposes a user-centric framework to understand the user's susceptibility, relevant factors and dimensions.

[1]  Michael Workman,et al.  Wisecrackers: A theory-grounded investigation of phishing and pretext social engineering threats to information security , 2008, J. Assoc. Inf. Sci. Technol..

[2]  Yada Zhu,et al.  Social Phishing , 2018, Encyclopedia of Social Network Analysis and Mining. 2nd Ed..

[3]  Detmar W. Straub,et al.  Security lapses and the omission of information security measures: A threat control model and empirical test , 2008, Comput. Hum. Behav..

[4]  Ponnurangam Kumaraguru,et al.  Who falls for phish?: a demographic analysis of phishing susceptibility and effectiveness of interventions , 2010, CHI.

[5]  Lorrie Faith Cranor,et al.  Behavioral response to phishing risk , 2007, eCrime '07.

[6]  Sven Übelacker,et al.  The Social Engineering Personality Framework , 2014, 2014 Workshop on Socio-Technical Aspects in Security and Trust.

[7]  Nasir D. Memon,et al.  Phishing, Personality Traits and Facebook , 2013, ArXiv.

[8]  M. Becker,et al.  Sociobehavioral Determinants of Compliance with Health and Medical Care Recommendations , 1975, Medical care.

[9]  Ray Dawson,et al.  A Culture of Trust Threatens Security and Privacy in Qatar , 2010, 2010 10th IEEE International Conference on Computer and Information Technology.

[10]  Ge Gao,et al.  How and to whom people share: the role of culture in self-disclosure in online communities , 2012, CSCW.

[11]  Yue Xu,et al.  Social Engineering in Social Networking Sites: The Art of Impersonation , 2014, 2014 IEEE International Conference on Services Computing.

[12]  Lorrie Faith Cranor,et al.  Lessons from a real world evaluation of anti-phishing training , 2008, 2008 eCrime Researchers Summit.

[13]  Starr Roxanne Hiltz,et al.  Trust and Privacy Concern Within Social Networking Sites: A Comparison of Facebook and MySpace , 2007, AMCIS.

[14]  R. W. Rogers,et al.  A Protection Motivation Theory of Fear Appeals and Attitude Change1. , 1975, The Journal of psychology.

[15]  Greg Aaron The state of phishing , 2010 .

[16]  Hannes Holm,et al.  Using phishing experiments and scenario-based surveys to understand security behaviours in practice , 2014, Inf. Manag. Comput. Secur..

[17]  Taizan Chan,et al.  What Is the Influence of Users’ Characteristics on Their Ability to Detect Phishing Emails? , 2015 .

[18]  Michael Workman,et al.  A field study of corporate employee monitoring: Attitudes, absenteeism, and the moderating influences of procedural justice perceptions , 2009, Inf. Organ..

[19]  Mathias Ekstedt,et al.  Investigating personal determinants of phishing and the effect of national culture , 2015, Inf. Comput. Secur..

[20]  Lauren I. Labrecque,et al.  Toward an Understanding of the Online Consumer's Risky Behavior and Protection Practices , 2009 .

[21]  Deirdre K. Mulligan,et al.  Doctrine for Cybersecurity , 2011, Daedalus.

[22]  L. A. Jackson,et al.  Predicting Social Networking Site (SNS) use: Personality, attitudes, motivation and Internet self-efficacy , 2015 .

[23]  Joey F. George,et al.  Cross-cultural deception in social networking sites and face-to-face communication , 2008, Comput. Hum. Behav..

[24]  Khaled Saleh Al Omoush,et al.  The impact of Arab cultural values on online social networking: The case of Facebook , 2012, Comput. Hum. Behav..

[25]  Calton Pu,et al.  Reverse Social Engineering Attacks in Online Social Networks , 2011, DIMVA.

[26]  Jukka Vuorinen,et al.  Dissecting social engineering , 2013, Behav. Inf. Technol..

[27]  Ali Darwish,et al.  Towards understanding phishing victims' profile , 2012, 2012 International Conference on Computer Systems and Industrial Informatics.

[28]  R. Cialdini Influence: Science and Practice , 1984 .

[29]  Arun Vishwanath,et al.  Habitual Facebook Use and its Impact on Getting Deceived on Social Media , 2015, J. Comput. Mediat. Commun..

[30]  Oliver Günther,et al.  Self-disclosure and Privacy Calculus on Social Networking Sites: The Role of Culture , 2012, WI 2012.

[31]  Hui Chen,et al.  Relationship between Motivation and Behavior of SNS User , 2012, J. Softw..