Paper ID
2464
Paper Type
short
Description
By disguising as an in-network individual, socially engineered spear-phishing (SESP) attacks are highly successful and prevalent, especially with the vast availability of social information exposed on online social networks (OSN). However, SESP is scarcely researched. Existing studies often focus on simple phishing messages and ignore the role of ostensible senders on users’ vulnerability to phishing attacks, which cannot explain and predict which SESP messages users are especially vulnerable to. Against this backdrop, we draw from social network analysis to explain users’ vulnerability to SESP attacks. We suggest that users’ vulnerability depends on users’ relationship to the ostensible sender and to which extent the message content is consistent with expectations formed by previous communication exchanges. This study contributes to phishing literature by providing a novel conceptualization of sender characteristics and message content, adding theoretical nuance to the problem that aids the development of preventive measures such as training and OSN policies.
Recommended Citation
Wei, Jia and Schuetz, Sebastian, "A Social Network Analysis Perspective on Users’ Vulnerability to Socially Engineered Phishing Attacks" (2019). ICIS 2019 Proceedings. 37.
https://aisel.aisnet.org/icis2019/cyber_security_privacy_ethics_IS/cyber_security_privacy/37
A Social Network Analysis Perspective on Users’ Vulnerability to Socially Engineered Phishing Attacks
By disguising as an in-network individual, socially engineered spear-phishing (SESP) attacks are highly successful and prevalent, especially with the vast availability of social information exposed on online social networks (OSN). However, SESP is scarcely researched. Existing studies often focus on simple phishing messages and ignore the role of ostensible senders on users’ vulnerability to phishing attacks, which cannot explain and predict which SESP messages users are especially vulnerable to. Against this backdrop, we draw from social network analysis to explain users’ vulnerability to SESP attacks. We suggest that users’ vulnerability depends on users’ relationship to the ostensible sender and to which extent the message content is consistent with expectations formed by previous communication exchanges. This study contributes to phishing literature by providing a novel conceptualization of sender characteristics and message content, adding theoretical nuance to the problem that aids the development of preventive measures such as training and OSN policies.