poster

Poster: Understanding User's Decision to Interact with Potential Phishing Posts on Facebook using a Vignette Study

Authors:

Sovantharith Seng,

Huzeyfe Kocabas,

Mahdi Nasrullah Al-Ameen,

Matthew WrightAuthors Info & Claims

CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

Pages 2617 - 2619

https://doi.org/10.1145/3319535.3363270

Published: 06 November 2019 Publication History

Abstract

Facebook remains the largest social media platform on the Internet with over one billion active monthly users. A variety of personal and sensitive data is shared on the platform, which makes it a prime target for attackers. Increasingly, we see phishing attacks that take advantage of users' lack of security knowledge, deceiving victims by using fake or compromised accounts to share malicious posts. These attacks may slip undetected by the Facebook defense system, exposing users to potentially be phished or have their devices infected with drive-by downloads and malware. Only a few studies have been conducted to date to understand how users interact with attacks like this in Facebook. In our prior work, we conducted a study to address this challenge using a simulated interface and think-aloud protocol. In this study, we aim to make further progress in understanding the impact of different factors on users' clicking decision in social media through a vignette study that encourages participants to think about realistic scenarios that they might face.

References

[1]

Safwan Alam and Khalil El-Khatib. 2016. Phishing Susceptibility Detection Through Social Media Analytics. In Proceedings of the 9th International Conference on Security of Information and Networks (SIN '16). ACM, New York, NY, USA, 61--64. https://doi.org/10.1145/2947626.2947637

Digital Library

[2]

Yazan Boshmaf, Ildar Muslukhov, Konstantin Beznosov, and Matei Ripeanu. 2011. The Socialbot Network: When Bots Socialize for Fame and Money. In Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC '11). ACM, New York, NY, USA, 93--102. https://doi.org/10.1145/2076732.2076746

Digital Library

[3]

Rachna Dhamija, J. D. Tygar, and Marti Hearst. 2006. Why phishing works. In Proceedings of the 24th SIGCHI Conference on Human Factors in Computing Systems (CHI '06). ACM, Montreal, Quebec, Canada, 581--590. https://doi.org/10.1145/1124772.1124861

Digital Library

[4]

Susan Gonzalez. 2019. The Facebook phishing scam you should know about. https://www.thedenverchannel.com/news/national/the-facebook-phishing-scam-you-should-know-about

[5]

Tom N. Jagatic, Nathaniel A. Johnson, Markus Jakobsson, and Filippo Menczer. 2007. Social phishing. Communication of the ACM, Vol. 50, 10 (Oct. 2007), 94--100. https://doi.org/10.1145/1290958.1290968

Digital Library

[6]

Adam N. Joinson. 2008. Looking at, Looking Up or Keeping Up with People?: Motives and Use of Facebook. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '08). ACM, New York, NY, USA, 1027--1036. https://doi.org/10.1145/1357054.1357213

Digital Library

[7]

Cliff A.C. Lampe, Nicole Ellison, and Charles Steinfield. 2007. A Familiar Face(Book): Profile Elements As Signals in an Online Social Network. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '07). ACM, New York, NY, USA, 435--444. https://doi.org/10.1145/1240624.1240695

Digital Library

[8]

Ben Litton. 2017. Study Finds Social Media Phishing Scams To Be The Most Dangerous. https://www.excaltech.com/study-finds-social-media-phishing-scams-dangerous/

[9]

Phil Muncaster. 2017. Social Media Phishing Attacks Soar 500%. https://www.infosecurity-magazine.com/news/social-media-phishing-attacks-soar/

[10]

Lindsey O'Donnell. 2019. Ultra-Sneaky Phishing Scam Swipes Facebook Credentials. https://threatpost.com/sneaky-phishing-scam-facebook/141869/

[11]

Sameer Patil. 2012. Will You Be My Friend?: Responses to Friendship Requests from Strangers. In Proceedings of the 2012 iConference (iConference '12). ACM, New York, NY, USA, 634--635. https://doi.org/10.1145/2132176.2132318

Digital Library

[12]

Sovantharith Seng, Mahdi Nasrullah Al-Ameen, and Matthew Wright. 2018. Understanding users' decision of clicking on posts in Facebook with implications for phishing. In Workshop on Technology and Consumer Protection (ConPro 18). https://www.ieee-security.org/TC/SPW2018/ConPro/papers/seng-conpro18.pdf

[13]

Michail Tsikerdekis and Sherali Zeadally. 2014. Online deception in social media. Communication of the ACM, Vol. 57, 9 (Sept. 2014), 72--80. https://doi.org/10.1145/2629612

Digital Library

[14]

Verizon. 2019. Data Breach Investigations Report 2019. https://enterprise.verizon.com/resources/reports/dbir/

[15]

Arun Vishwanath. 2014. Habitual Facebook Use and its Impact on Getting Deceived on Social Media. Journal of Computer-Mediated Communication, Vol. 20, 1 (2014), 83--98. https://doi.org/10.1111/jcc4.12100

Cited By

Shrestha AFlood ASohrawardi SWright MAl-Ameen M(2024)A First Look into Targeted Clickbait and its Countermeasures: The Power of StorytellingProceedings of the CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642301(1-23)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642301
Al-Ameen MKocabas HNandy STamanna T(2021)“We, three brothers have always known everything of each other”: A Cross-cultural Study of Sharing Digital Devices and Online AccountsProceedings on Privacy Enhancing Technologies10.2478/popets-2021-00672021:4(203-224)Online publication date: 23-Jul-2021
https://doi.org/10.2478/popets-2021-0067
Kocabas HNandy STamanna TAl-Ameen M(2021)Understanding User’s Behavior and Protection Strategy upon Losing, or Identifying Unauthorized Access to Online AccountHCI for Cybersecurity, Privacy and Trust10.1007/978-3-030-77392-2_20(310-325)Online publication date: 3-Jul-2021
https://doi.org/10.1007/978-3-030-77392-2_20
Show More Cited By

Index Terms

Poster: Understanding User's Decision to Interact with Potential Phishing Posts on Facebook using a Vignette Study
1. Security and privacy
  1. Human and societal aspects of security and privacy
    1. Social aspects of security and privacy
  2. Software and application security
    1. Social network security and privacy

Recommendations

The Janus face of Facebook: Positive and negative sides of social networking site use
Abstract
There is an increasing awareness that social networking site (SNS) use includes a socio-psychologically positive and a negative side. However, research remains largely silent on which side dominates in driving SNS use. To address this ...
Highlights
- We investigate the two sides of self-presentation and need to belong in SNSs.
- ...
Follow Me: Exploring the Effect of Personality and Stranger Connections on Instagram Use

Recent research suggests that the relationship between personality and Facebook use is mediated by the need for belonging and self-presentation. It is uncertain, however, whether these relationships also hold for other social networking sites SNSs, for ...
Voices that cannot be heard: Can shyness explain how we communicate on Facebook versus face-to-face?

Social networking sites have gained popularity among all populations, especially young adults. Personality traits were found to be predictive of how individuals use social media. Therefore, this study sought to examine the association between shyness ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

November 2019

2755 pages

ISBN:9781450367479

DOI:10.1145/3319535

General Chairs:
Lorenzo Cavallaro
King's College London, UK
,
Johannes Kinder
Bundeswehr University Munich, Germany
,
Program Chairs:
XiaoFeng Wang
Indiana University, USA
,
Jonathan Katz
George Mason University, USA

Copyright © 2019 Owner/Author.

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 November 2019

Check for updates

Author Tags

Qualifiers

Poster

Conference

CCS '19

Sponsor:

SIGSAC

CCS '19: 2019 ACM SIGSAC Conference on Computer and Communications Security

November 11 - 15, 2019

London, United Kingdom

Acceptance Rates

CCS '19 Paper Acceptance Rate 149 of 934 submissions, 16%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
409
Total Downloads

Downloads (Last 12 months)36
Downloads (Last 6 weeks)2

Reflects downloads up to 11 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Shrestha AFlood ASohrawardi SWright MAl-Ameen M(2024)A First Look into Targeted Clickbait and its Countermeasures: The Power of StorytellingProceedings of the CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642301(1-23)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642301
Al-Ameen MKocabas HNandy STamanna T(2021)“We, three brothers have always known everything of each other”: A Cross-cultural Study of Sharing Digital Devices and Online AccountsProceedings on Privacy Enhancing Technologies10.2478/popets-2021-00672021:4(203-224)Online publication date: 23-Jul-2021
https://doi.org/10.2478/popets-2021-0067
Kocabas HNandy STamanna TAl-Ameen M(2021)Understanding User’s Behavior and Protection Strategy upon Losing, or Identifying Unauthorized Access to Online AccountHCI for Cybersecurity, Privacy and Trust10.1007/978-3-030-77392-2_20(310-325)Online publication date: 3-Jul-2021
https://doi.org/10.1007/978-3-030-77392-2_20
Al-Ameen MTamanna TNandy SKocabas H(2021)Understanding User Behavior, Information Exposure, and Privacy Risks in Managing Old DevicesHCI for Cybersecurity, Privacy and Trust10.1007/978-3-030-77392-2_18(281-296)Online publication date: 3-Jul-2021
https://doi.org/10.1007/978-3-030-77392-2_18

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents