Paper ID

2464

Paper Type

short

Description

By disguising as an in-network individual, socially engineered spear-phishing (SESP) attacks are highly successful and prevalent, especially with the vast availability of social information exposed on online social networks (OSN). However, SESP is scarcely researched. Existing studies often focus on simple phishing messages and ignore the role of ostensible senders on users’ vulnerability to phishing attacks, which cannot explain and predict which SESP messages users are especially vulnerable to. Against this backdrop, we draw from social network analysis to explain users’ vulnerability to SESP attacks. We suggest that users’ vulnerability depends on users’ relationship to the ostensible sender and to which extent the message content is consistent with expectations formed by previous communication exchanges. This study contributes to phishing literature by providing a novel conceptualization of sender characteristics and message content, adding theoretical nuance to the problem that aids the development of preventive measures such as training and OSN policies.

Share

COinS
 

A Social Network Analysis Perspective on Users’ Vulnerability to Socially Engineered Phishing Attacks

By disguising as an in-network individual, socially engineered spear-phishing (SESP) attacks are highly successful and prevalent, especially with the vast availability of social information exposed on online social networks (OSN). However, SESP is scarcely researched. Existing studies often focus on simple phishing messages and ignore the role of ostensible senders on users’ vulnerability to phishing attacks, which cannot explain and predict which SESP messages users are especially vulnerable to. Against this backdrop, we draw from social network analysis to explain users’ vulnerability to SESP attacks. We suggest that users’ vulnerability depends on users’ relationship to the ostensible sender and to which extent the message content is consistent with expectations formed by previous communication exchanges. This study contributes to phishing literature by providing a novel conceptualization of sender characteristics and message content, adding theoretical nuance to the problem that aids the development of preventive measures such as training and OSN policies.