Deceptive Previews: A Study of the Link Preview Trustworthiness in Social Platforms

Stivala, Giada; Pellegrino, Giancarlo

doi:10.14722/ndss.2020.24252

Cited by 8 publications

(3 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our work falls within the scope of the latter, so this section will provide an overview of research in this area, focusing on the mobile context. However, it is interesting to note that MIM apps do not provide any automated means for detecting and blocking links [5].…”

Section: Literature Reviewmentioning

confidence: 99%

“…This is not surprising considering the popularity of these apps, with recent data showing that 3.09B mobile phone users communicated using these apps in 2021 [4]. The lack of countermeasures to protect MIM app users from phishing [5] and functions like sharing and forwarding links, creating and joining private and public groups advertised online actually facilitate phishing. The small screen size of mobile devices and the fact that users are likely to check messages while engaged in other activities may also affect users' ability to assess message validity and spot phishing thus increasing their susceptibility.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Understanding Phishing in Mobile Instant Messaging: A Study into User Behaviour Toward Shared Links

Ahmad

Terzis

2022

Human Aspects of Information Security and Assurance

View full text Add to dashboard Cite

In recent years, users of Mobile Instant Messaging (MIM) apps like WhatsApp and Telegram are being targeted by phishing attacks. While user susceptibility to phishing in other media is well studied, the literature currently lacks studies on phishing susceptibility in MIM apps. This paper presents a study that offers the first insights into the susceptibility of users of MIM apps to phishing by investigating their behaviour towards shared links. Using an online survey, we collected data from 111 users of MIM apps and found that participants frequently click and forward links during instant messaging, while factors such as the user's relationship with the sender and the group context of the communication influence these behaviours. The results show that behaviours of most users towards shared links try to reduce their risk to phishing by trusting their friends, family and colleagues to protect them. This raises some interesting questions for further research on the effectiveness and reliability of their strategy.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Understanding Phishing in Mobile Instant Messaging: A Study into User Behaviour Toward Shared Links

Ahmad

Terzis

2022

Human Aspects of Information Security and Assurance

View full text Add to dashboard Cite

show abstract

“…Orthogonally to spam and account hijacking, researchers have also investigated the security side-effects of allowing users to change their usernames on popular social network platforms [34] as well as whether attackers can confuse users about the nature of posted URLs via web cloaking [40].…”

Section: Related Workmentioning

confidence: 99%

To Err.Is Human: Characterizing the Threat of Unintended URLs in Social Media

Kaleli¹,

Kondracki²,

Egele³

et al. 2021

Proceedings 2021 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

To make their services more user friendly, online social media platforms automatically identify text that corresponds to URLs and render it as clickable links. In this paper, we show that the techniques used by such services to recognize URLs are often too permissive and can result in unintended URLs being displayed in social network messages. Among others, we show that popular platforms (such as Twitter) will render text as a clickable URL if a user forgets a space after a full stop at the end of a sentence, and the first word of the next sentence happens to be a valid Top Level Domain. Attackers can take advantage of these unintended URLs by registering the corresponding domains and exposing millions of Twitter users to arbitrary malicious content. To characterize the threat that unintended URLs pose to social media users, we perform a large-scale study of unintended URLs in tweets over a period of 7 months. By designing a classifier capable of differentiating between intended and unintended URLs posted in tweets, we find more than 26K unintended URLs posted by accounts with tens of millions of followers. As part of our study, we also register 45 unintended domains and quantify the traffic that attackers can get by merely registering the right domains at the right time. Finally, due to the severity of our findings, we propose a lightweight browser extension which can, on the fly, analyze the tweets that users compose and alert them of potentially unintended URLs and raise a warning, allowing users to fix their mistake before the tweet is posted.

show abstract

Investigating Mobile Instant Messaging Phishing: A Study into User Awareness and Preventive Measures

Ahmad

Terzis

Renaud

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Deceptive Previews: A Study of the Link Preview Trustworthiness in Social Platforms

Cited by 8 publications

References 21 publications

Understanding Phishing in Mobile Instant Messaging: A Study into User Behaviour Toward Shared Links

Understanding Phishing in Mobile Instant Messaging: A Study into User Behaviour Toward Shared Links

To Err.Is Human: Characterizing the Threat of Unintended URLs in Social Media

Investigating Mobile Instant Messaging Phishing: A Study into User Awareness and Preventive Measures

Contact Info

Product

Resources

About