Social engineering in social networking sites : how good becomes evil

Algarni, Abdullah, Xu, Yue, Chan, Taizan, & Tian, Yu-Chu (2014) Social engineering in social networking sites : how good becomes evil. In Proceedings of The 18th Pacific Asia Conference on Information Systems (PACIS 2014), The Association for Information Systems (AIS), Chengdu, China.

View at publisher (open access)


Social Engineering (ES) is now considered the great security threat to people and organizations. Ever since the existence of human beings, fraudulent and deceptive people have used social engineering tricks and tactics to trick victims into obeying them. There are a number of social engineering techniques that are used in information technology to compromise security defences and attack people or organizations such as phishing, identity theft, spamming, impersonation, and spaying. Recently, researchers have suggested that social networking sites (SNSs) are the most common source and best breeding grounds for exploiting the vulnerabilities of people and launching a variety of social engineering based attacks. However, the literature shows a lack of information about what types of social engineering threats exist on SNSs. This study is part of a project that attempts to predict a persons’ vulnerability to SE based on demographic factors. In this paper, we demonstrate the different types of social engineering based attacks that exist on SNSs, the purposes of these attacks, reasons why people fell (or did not fall) for these attacks, based on users’ opinions. A qualitative questionnaire-based survey was conducted to collect and analyse people’s experiences with social engineering tricks, deceptions, or attacks on SNSs.

Impact and interest:

2 citations in Scopus
Search Google Scholar™

Citation counts are sourced monthly from Scopus and Web of Science® citation databases.

These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.

Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.

Full-text downloads:

456 since deposited on 06 Jul 2014
118 in the past twelve months

Full-text downloads displays the total number of times this work’s files (e.g., a PDF) have been downloaded from QUT ePrints as well as the number of downloads in the previous 365 days. The count includes downloads for all files if a work has more than one.

ID Code: 73379
Item Type: Conference Paper
Refereed: Yes
Additional URLs:
Keywords: social engineering, social networking sites, deception, privacy, trust, information security management, social media
Subjects: Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000)
Australian and New Zealand Standard Research Classification > TECHNOLOGY (100000)
Divisions: Current > Schools > School of Electrical Engineering & Computer Science
Past > Schools > Information Systems
Current > QUT Faculties and Divisions > Science & Engineering Faculty
Copyright Owner: Copyright 2014 The Authors
Deposited On: 06 Jul 2014 22:48
Last Modified: 22 Jul 2014 18:32

Export: EndNote | Dublin Core | BibTeX

Repository Staff Only: item control page