A Survey on Deceptive Phishing Attacks in Social Networking Environments

“…Before beginning, participants received one of three types of training: no training, training with text only, or training with text-and-image. We hypothesized that (1) shoppers who use Instagram more frequently would be less likely to recommend products in phishing ads compared to shoppers with less frequency of use, similar to what was found in email phishing attacks (Alseadoon et al, 2012); (2) shoppers would not be able to distinguish between phished and legitimate ads without training due to specified content in the ads for the user (Ali et al, 2020); (3) both forms of training would help users from falling victim to social media phishing attacks since these training techniques reduce susceptibility to phishing attacks in emails (Baki & Verma, 2022); and specifically, (4) training with text-and-image would be more effective than training with text only since cybersecurity training can be efficiently relayed through images and text in comparison to text (Kumaraguru et al, 2007).…”

“…As a result, email phishing attacks target a wider age range of victims when compared to social media phishing attacks, the latter of which mainly target younger victims (Frauenstein & Flowerday, 2020). In terms of content, email phishing attacks normally distribute similar fraudulent content, including phishing links, to large numbers of random email inboxes while social media phishing attacks provide more specified content to the target audience, filtering out victims with less interest in its content (Alkhalil et al, 2021; Ali et al, 2020). Including specified content for the target increases the success rate of the attack and enlarges its spread through reposting.…”

Phishing in Social Media: Investigating Training Techniques on Instagram Shop

“…Before beginning, participants received one of three types of training: no training, training with text only, or training with text-and-image. We hypothesized that (1) shoppers who use Instagram more frequently would be less likely to recommend products in phishing ads compared to shoppers with less frequency of use, similar to what was found in email phishing attacks (Alseadoon et al, 2012); (2) shoppers would not be able to distinguish between phished and legitimate ads without training due to specified content in the ads for the user (Ali et al, 2020); (3) both forms of training would help users from falling victim to social media phishing attacks since these training techniques reduce susceptibility to phishing attacks in emails (Baki & Verma, 2022); and specifically, (4) training with text-and-image would be more effective than training with text only since cybersecurity training can be efficiently relayed through images and text in comparison to text (Kumaraguru et al, 2007).…”

“…As a result, email phishing attacks target a wider age range of victims when compared to social media phishing attacks, the latter of which mainly target younger victims (Frauenstein & Flowerday, 2020). In terms of content, email phishing attacks normally distribute similar fraudulent content, including phishing links, to large numbers of random email inboxes while social media phishing attacks provide more specified content to the target audience, filtering out victims with less interest in its content (Alkhalil et al, 2021; Ali et al, 2020). Including specified content for the target increases the success rate of the attack and enlarges its spread through reposting.…”

Phishing in Social Media: Investigating Training Techniques on Instagram Shop

Internet-Based Social Engineering Psychology, Attacks, and Defenses: A Survey