Habitual Facebook users more likely to be caught in phishing scams

Washington, DC (September 17, 2014) – Receiving an email that claims you are the recipient of a large sum of money from an unknown deceased relative immediately raises a red flag. These email scams are often trashed or filtered through spam folders. But what about on social networks where there is no filter? Where people can learn about your personal life with a few clicks? A recent study published in the Journal of Computer-Mediated Communication by a researcher at the University at Buffalo – State University of New York found that people who habitually use Facebook were more susceptible to being victims of online scams.

Arun Vishwanath (Associate Professor of Communication, University at Buffalo – State University of New York) subjected 150 college students to real phishing attacks on Facebook. At the beginning of the semester students were asked to participate in an online survey on general technology use, buried among these questions were measures for their Facebook usage habits. Six weeks after the survey, the participants were located on Facebook and each student was sent a friend-request from a phony Facebook account. Two weeks later, an information-request was sent to them from that profile. This communication asked for the participants' student ID number, e-mail username, and date of birth.

Vishwanath found that Facebook users in the sample who had large social networks, used Facebook more frequently than their peers, and those who were unable to control their impulsive use of the platform were were much more likely to inadvertently accept the friend-request and hand over their personal information when phished. Facebook by design promotes repeated interaction with its platform. It makes users keep posting updates and checking-in on other people's feeds, and in many ways fosters habit formation. The findings of the study reveal that people who tend to engage in too much of such Facebook use, when coupled with an inability to regulate their behavior, are particularly vulnerable to social media phishing.

Social media phishing is the attack mode of choice among cyber criminals and has been implicated in crimes ranging from home invasion to cyber bullying, illegal impersonation, and espionage. This is the first to subject Facebook users to a real social media phishing attack and assess how individual Facebook use-patterns and habits influence their deception-likelihood.

"Habitual Facebook use is an understudied issue and as such there are no interventions aimed at correcting it. We need to develop techniques to identify individuals who posses this problem early on, and we now know its behavioral and personality markers," said Vishwanath. "We need to next develop remedial interventions that target such individuals and help them develop better cyber-hygiene. This would not only help them but it will also protect all of us from phishing attacks, since the Pew Center has estimated that the average Facebook user can reach anywhere from 70,000-150,000 other people through their friends networks."

Source: International Communication Association