An empirical study on the susceptibility to social engineering in social networking sites: the case of Facebook

Abstract

Research suggests that social engineering attacks pose a significant security risk, with social networking sites (SNSs) being the most common source of these attacks. Recent studies showed that social engineers could succeed even among those organizations that identify themselves as being aware of social engineering techniques. Although organizations recognize the serious risks of social engineering, there is little understanding and control of such threats. This may be partly due to the complexity of human behaviors in failing to recognize attackers in SNSs. Due to the vital role that impersonation plays in influencing users to fall victim to social engineering deception, this paper aims to investigate the impact of source characteristics on users’ susceptibility to social engineering victimization on Facebook. In doing so, we identify source credibility dimensions in terms of social engineering on Facebook, Facebook-based source characteristics that influence users to judge an attacker as per these dimensions, and mediation effects that these dimensions play between Facebook-based source characteristics and susceptibility to social engineering victimization.