Vulnerability to social engineering in social networks: a proposed user-centric framework

Abstract

Social networking sites have billions of users who communicate and share their personal information every day. Social engineering is considered one of the biggest threats to information security nowadays. Social engineering is an attacker technique to manipulate and deceive users in order to access or gain privileged information. Such attacks are continuously developed to deceive a high number of potential victims. The number of social engineering attacks has risen dramatically in the past few years, causing unpleasant damage both to organizations and individuals. Yet little research has discussed social engineering in the virtual environments of social networks. One approach to counter these exploits is through research that aims to understand why people fall victim to such attacks. Previous social engineering and deception research have not satisfactory identified the factors that influence the users' ability to detect attacks. Characteristics that influence users' vulnerability must be investigated to address this issue and help to build a profile for vulnerable users in order to focus on increasing the training programs and education for those users. In this context, the present study proposes a user-centric framework to understand the user's susceptibility, relevant factors and dimensions.