The dark side of social networking sites:Understanding phishing risks. (July 2016)
- Record Type:
- Journal Article
- Title:
- The dark side of social networking sites:Understanding phishing risks. (July 2016)
- Main Title:
- The dark side of social networking sites:Understanding phishing risks
- Authors:
- Silic, Mario
Back, Andrea - Abstract:
- Abstract: LinkedIn, with over 1.5 million Groups, has become a popular place for business employees to create private groups to exchange information and communicate. Recent research on social networking sites (SNSs) has widely explored the phenomenon and its positive effects on firms. However, social networking's negative effects on information security were not adequately addressed. Supported by the credibility, persuasion and motivation theories, we conducted 1) a field experiment, demonstrating how sensitive organizational data can be exploited, followed by 2) a qualitative study of employees engaged in SNSs activities; and 3) interviews with Chief Information Security Officers (CISOs). Our research has resulted in four main findings: 1) employees are easily deceived and susceptible to victimization on SNSs where contextual elements provide psychological triggers to attackers; 2) organizations lack mechanisms to control SNS online security threats, 3) companies need to strengthen their information security policies related to SNSs, where stronger employee identification and authentication is needed, and 4) SNSs have become important security holes where, with the use of social engineering techniques, malicious attacks are easily facilitated. Highlights: Organizations lack the mechanisms to control SNS phishing risks. Phishing effectiveness is facilitated by the influence technique of liking. SNSs are important security hole where the malicious attacks are greatlyAbstract: LinkedIn, with over 1.5 million Groups, has become a popular place for business employees to create private groups to exchange information and communicate. Recent research on social networking sites (SNSs) has widely explored the phenomenon and its positive effects on firms. However, social networking's negative effects on information security were not adequately addressed. Supported by the credibility, persuasion and motivation theories, we conducted 1) a field experiment, demonstrating how sensitive organizational data can be exploited, followed by 2) a qualitative study of employees engaged in SNSs activities; and 3) interviews with Chief Information Security Officers (CISOs). Our research has resulted in four main findings: 1) employees are easily deceived and susceptible to victimization on SNSs where contextual elements provide psychological triggers to attackers; 2) organizations lack mechanisms to control SNS online security threats, 3) companies need to strengthen their information security policies related to SNSs, where stronger employee identification and authentication is needed, and 4) SNSs have become important security holes where, with the use of social engineering techniques, malicious attacks are easily facilitated. Highlights: Organizations lack the mechanisms to control SNS phishing risks. Phishing effectiveness is facilitated by the influence technique of liking. SNSs are important security hole where the malicious attacks are greatly facilitated. Organizational IS security policies should be adapted to SNS realities. … (more)
- Is Part Of:
- Computers in human behavior. Volume 60(2016)
- Journal:
- Computers in human behavior
- Issue:
- Volume 60(2016)
- Issue Display:
- Volume 60, Issue 2016 (2016)
- Year:
- 2016
- Volume:
- 60
- Issue:
- 2016
- Issue Sort Value:
- 2016-0060-2016-0000
- Page Start:
- 35
- Page End:
- 43
- Publication Date:
- 2016-07
- Subjects:
- Social networking sites -- Field experiment -- Deception -- Employee psychology
Interactive computer systems -- Periodicals
Man-machine systems -- Periodicals
004.019 - Journal URLs:
- http://www.sciencedirect.com/science/journal/07475632 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.chb.2016.02.050 ↗
- Languages:
- English
- ISSNs:
- 0747-5632
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.921600
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 2044.xml