Bang of Social Engineering in Social Networking Sites

Social networking sites have deeply changed the perception of the web in the last years. Although the current approach to build social networking systems is to create huge centralized systems owned by a single company, such strategy has many drawbacks, e.g., lack of privacy, lack of anonymity, risks of censorship and operating costs. These issues contrast with some of the main requirements of information systems, including: (i) confidentiality, i.e., the interactions between a user and the system must remain private unless explicitly public; (ii) integrity; (iii) accountability; (iv) availability; (v) identity and anonymity. Moreover, social networking platforms are vulnerable to many kind of attacks: (i) masquerading, which occurs when a user disguises his identity and pretends to be another user; (ii) unauthorized access; (iii) denial of service; (iv) repudiation, which occurs when a user participates in an activity and later claims he did not; (v) eavesdropping; (vi) alteration of data; (vii) copy and replay attacks; and, in general, (viii) attacks making use of social engineering techniques. In order to overcome both the intrinsic defects of centralized systems and the general vulnerabilities of social networking platforms, many different approaches have been proposed, both as federated (i.e., consisting of multiple entities cooperating to provide the service, but usually distinct from users) or peer-to-peer systems (with users directly cooperating to provide the service); in this work the most interesting ones were reviewed. Eventually, the authors present their own approach to create a solid distributed social networking platform consisting in a novel peer-to-peer system that leverages existing, widespread and stable technologies such as distributed hash tables and BitTorrent. The topics considered in detail are: (i) anonymity and resilience to censorship; (ii) authenticatable contents; (iii) semantic interoperability using activity streams and weak semantic data formats for contacts and profiles; and (iv) data availability.

Download Full-text

Social Engineering in Social Networking Sites: Phase-Based and Source-Based Models

International Journal of e-Education e-Business e-Management and e-Learning ◽

10.7763/ijeeee.2013.v3.278 ◽

2013 ◽

Cited By ~ 7

Author(s):

Abdullah Algarni

Keyword(s):

Social Networking ◽

Social Networking Sites ◽

Social Engineering

Download Full-text

Social Engineering Using Social Networking Sites

Encyclopedia of Criminal Activities and the Deep Web ◽

10.4018/978-1-5225-9715-5.ch054 ◽

2020 ◽

pp. 810-822

Author(s):

Roberto Marmo

Keyword(s):

Social Networking ◽

Social Networking Sites ◽

Personal Information ◽

Social Engineering ◽

Cyber Attacks ◽

Social Networking Site ◽

Social Environments ◽

Online Platform ◽

Security Industry ◽

Industry Survey

Social engineering is a process that cyber criminals use to psychologically manipulate an unsuspecting person into divulging sensitive details. Social engineering is an extremely powerful tool that can be deployed to exploit the human's element of security and inherently psychological manipulation. According to a security industry survey, social engineering tops the list of the 10 most popular hacking methods. The first step in any social engineering attack is to collect information about the attacker's target. A social networking site is an online platform that allows users to create a public profile and interact with other users on the website. They are also a hotbed for social engineering cyber attacks to personal information; they are a relevant source of wealth of personal and organisational information that can be found within these social environments. This article defines social engineering and some techniques of social engineering attacks based on social networking sites, drawbacks on a users' privacy, and arising implications.

Download Full-text

An empirical study on the susceptibility to social engineering in social networking sites: the case of Facebook

European Journal of Information Systems ◽

10.1057/s41303-017-0057-y ◽

2017 ◽

Vol 26 (6) ◽

pp. 661-687 ◽

Cited By ~ 11

Author(s):

Abdullah Algarni ◽

Yue Xu ◽

Taizan Chan

Keyword(s):

Empirical Study ◽

Social Networking ◽

Social Networking Sites ◽

Social Engineering

Download Full-text

Towards Automating Social Engineering Using Social Networking Sites

2009 International Conference on Computational Science and Engineering ◽

10.1109/cse.2009.205 ◽

2009 ◽

Cited By ~ 35

Author(s):

Markus Huber ◽

Stewart Kowalski ◽

Marcus Nohlberg ◽

Simon Tjoa

Keyword(s):

Social Networking ◽

Social Networking Sites ◽

Social Engineering

Download Full-text

A personality-based behavioural model: Susceptibility to phishing on social networking sites

10.21504/10962/190306 ◽

2021 ◽

Author(s):

◽

Edwin Donald Frauenstein

Keyword(s):

Information Processing ◽

Social Norms ◽

Social Networking ◽

Personality Traits ◽

Social Networking Sites ◽

Self Efficacy ◽

Social Engineering ◽

Primary Data ◽

Phishing Attacks ◽

Computer Self Efficacy

The worldwide popularity of social networking sites (SNSs) and the technical features they offer users have created many opportunities for malicious individuals to exploit the behavioral tendencies of their users via social engineering tactics. The self-representation and social interactions on SNSs encourage users to reveal their personalities in a way which characterises their behaviour. Frequent engagement on SNSs may also reinforce the performance of certain activities, such as sharing and clicking on links, at a “habitual” level on these sites. Subsequently, this may also influence users to overlook phishing posts and messages on SNSs and thus not apply sufficient cognitive effort in their decision-making. As users do not expect phishing threats on these sites, they may become accustomed to behaving in this manner which may consequently put them at risk of such attacks. Using an online survey, primary data was collected from 215 final-year undergraduate students. Employing structural equation modelling techniques, the associations between the Big Five personality traits, habits and information processing were examined with the aim to identify users susceptible to phishing on SNSs. Moreover, other behavioural factors such as social norms, computer self-efficacy and perceived risk were examined in terms of their influence on phishing susceptibility. The results of the analysis revealed the following key findings: 1) users with the personality traits of extraversion, agreeableness and neuroticism are more likely to perform habitual behaviour, while conscientious users are least likely; 2) users who perform certain behaviours out of habit are directly susceptible to phishing attacks; 3) users who behave out of habit are likely to apply a heuristic mode of processing and are therefore more susceptible to phishing attacks on SNSs than those who apply systematic processing; 4) users with higher computer self-efficacy are less susceptible to phishing; and 5) users who are influenced by social norms are at greater risk of phishing. This study makes a contribution to scholarship and to practice, as it is the first empirical study to investigate, in one comprehensive model, the relationship between personality traits, habit and their effect on information processing which may influence susceptibility to phishing on SNSs. The findings of this study may assist organisations in the customisation of an individual anti-phishing training programme to target specific dispositional factors in vulnerable users. By using a similar instrument to the one used in this study, pre-assessments could determine and classify certain risk profiles that make users vulnerable to phishing attacks.

Download Full-text