Abdullah Algarni

Social engineering in social networking sites : phase-based and source-based models

Social networking sites (SNSs), with their large numbers of users and large information base, seem to be perfect breeding grounds for exploiting the vulnerabilities of people, the weakest link in security. Deceiving, persuading, or influencing people to provide information or to perform an action that will benefit the attacker is known as “social engineering.” While technology-based security has been addressed by research and may be well understood, social engineering is more challenging to understand and manage, especially in new environments such as SNSs, owing to some factors of SNSs that reduce the ability of users to detect the attack and increase the ability of attackers to launch it. This work will contribute to the knowledge of social engineering by presenting the first two conceptual models of social engineering attacks in SNSs. Phase-based and source-based models are presented, along with an intensive and comprehensive overview of different aspects of social engineering threats in SNSs.

An empirical study on the susceptibility to social engineering in social networking sites: the case of Facebook

Research suggests that social engineering attacks pose a significant security risk, with social networking sites (SNSs) being the most common source of these attacks. Recent studies showed that social engineers could succeed even among those organizations that identify themselves as being aware of social engineering techniques. Although organizations recognize the serious risks of social engineering, there is little understanding and control of such threats. This may be partly due to the complexity of human behaviors in failing to recognize attackers in SNSs. Due to the vital role that impersonation plays in influencing users to fall victim to social engineering deception, this paper aims to investigate the impact of source characteristics on users’ susceptibility to social engineering victimization on Facebook. In doing so, we identify source credibility dimensions in terms of social engineering on Facebook, Facebook-based source characteristics that influence users to judge an attacker as per these dimensions, and mediation effects that these dimensions play between Facebook-based source characteristics and susceptibility to social engineering victimization.

Measuring Source Credibility of Social Engineering Attackers on Facebook

Past research has suggested that social networking sites are the most common source for social engineering-based attacks. Persuasion research shows that people are more likely to obey and accept a message when the sources presentation appears to be credible. However, many factors can impact the perceived credibility of a source, depending on its type and the characteristics of the environment. Our previous research showed that there are four dimensions of source credibility in terms of social engineering on Facebook: perceived sincerity, perceived competence, perceived attraction, and perceived worthiness. Because the dimensionalities of source credibility as well as their measurement scales can fluctuate from one type of source to another and from one type of context to another, our aim in this study includes validating the existence of those four dimensions toward the credibility of social engineering attackers on Facebook and developing a valid measurement scale for every dimension of them.