Abstract
Research suggests that social engineering attacks pose a significant security risk, with social networking sites (SNSs) being the most common source of these attacks. Recent studies showed that social engineers could succeed even among those organizations that identify themselves as being aware of social engineering techniques. Although organizations recognize the serious risks of social engineering, there is little understanding and control of such threats. This may be partly due to the complexity of human behaviors in failing to recognize attackers in SNSs. Due to the vital role that impersonation plays in influencing users to fall victim to social engineering deception, this paper aims to investigate the impact of source characteristics on users’ susceptibility to social engineering victimization on Facebook. In doing so, we identify source credibility dimensions in terms of social engineering on Facebook, Facebook-based source characteristics that influence users to judge an attacker as per these dimensions, and mediation effects that these dimensions play between Facebook-based source characteristics and susceptibility to social engineering victimization.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Al Zamal F, Liu W and Ruths D (2012) Homophily and latent attribute inference: inferring latent attributes of Twitter users from neighbors. In Proceedings of the Sixth International AAAI Conference on Weblogs and Social Media (ICWSM), pp 387–390, Association for the Advancement of Artificial Intelligence, Dublin, Ireland.
Albaum G (1997) The Likert scale revisited. Journal-Market Research Society 39(2), 331–348.
Algarni A, Xu Y and Chan T (2014a) Social engineering in social networking sites: the art of impersonation. In Proceedings of the 2014 IEEE International Conference on Services Computing (SCC), pp 797–804, IEEE Computer Society, Anchorage, Alaska, USA.
Algarni A, Xu Y, Chan T and Tian Y-C (2014b) Social Engineering in Social Networking Sites: How Good Becomes Evil. In Proceedings of the 18th Pacific Asia Conference on Information Systems (PACIS 2014), Association for Information Systems, Paper-271, Chengdu, China.
Algarni A, Xu Y, Chan T and Tian Y-C (2013a) Social engineering in social networking sites: affect-based model. In Proceedings of the 8th International Conference for Internet Technology and Secured Transactions (ICITST), pp 508–515, IEEE Computer Society.
Algarni A, Xu Y, Chan T and Tian Y-C (2013b) Toward understanding social engineering. In Law & Practice: Critical Analysis and Legal Reasoning (Kierkegaard S Ed), pp 279–300, International Association of IT Lawyers, Copenhagen, Denmark.
Alowibdi JS, Buy UA, Yu P and Stenneth L (2014) Detecting deception in online social networks. In Proceedings of 2014 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM), pp 383–390, IEEE, Beijing, China.
Baltazar J, Costoya J and Flores R (2009) The real face of Koobface: the largest Web 2.0 Botnet explained. Trend Micro Research 5(9), 10.
Baron RM and Kenny DA (1986) The moderator–mediator variable distinction in social psychological research: conceptual, strategic, and statistical considerations. Journal of Personality and Social Psychology 51(6), 1173.
Baumhof V and Shipp A (2012) Zeus P2p Advancements and Mitb Attack Vectors. ThreatMetrix™ Labs Public Report. ThreatMetrix Inc., San Jose, CA.
Berlo DK, Lemert JB and Mertz RJ (1969) Dimensions for evaluating the acceptability of message sources. Public Opinion Quarterly 33(4), 563–576.
Braun R and Esswein W (2013) Towards a conceptualization of corporate risks in online social networks: a literature based overview of risks. In The Proceedings of the 17th IEEE International Enterprise Distributed Object Computing Conference (EDOC), pp 267–274, IEEE Computer Society, Vancouver, BC, Canada.
Brody RG (2012) Flying under the radar: social engineering. International Journal of Accounting and Information Management 20(4), 335–347.
Brown P and Levinson SC (1987) Politeness: Some Universals in Language Usage. Cambridge University Press, Cambridge, UK.
Burgoon JK (1976) The ideal source: a reexamination of source credibility measurement. Communication Studies 27(3), 200–206.
Burke K (1966) Language as Symbolic Action: Essays on Life, Literature, and Method. University of California Press, Oakland, CA.
Cao J, Basoglu KA, Sheng H and Lowry PB (2015) A systematic review of social networking research in information systems. Communications of the Association for Information Systems 36(1), 1–40.
Castillo C, Mendoza M, Poblete and B (2011) Information credibility on Twitter. In Proceedings of the 20th International Conference on the World Wide Web, pp 675–684, ACM, New York, USA.
Chai S and Kim M (2010) What makes bloggers share knowledge? An investigation on the role of trust. International Journal of Information Management 30(5), 408–415.
Chen Y-H and Barnes S (2007) Initial trust and online buyer behaviour. Industrial Management & Data Systems 107(1), 21–36.
Chitrey A, Singh D and Singh V (2012) A comprehensive study of social engineering based attacks in india to develop a conceptual model. International Journal of Information and Network Security (IJINS) 1(2), 45–53.
Chu Z, Gianvecchio S, Wang H and Jajodia S (2012) Detecting automation of Twitter accounts: are you a human, bot, or cyborg? IEEE Transactions on Dependable and Secure Computing 9(6), 811–824.
Cialdini RB (2001) Influence: Science and Practice, 4th edn. Allyn & Bacon, Boston.
Cialdini, RB, Wosinska W, Barrett DW, Butner J and Gornik-Durose M (1999) Compliance with a request in two cultures: the differential influence of social proof and commitment/consistency on collectivists and individualists. Personality and Social Psychology Bulletin 25(10), 1242–1253.
Clark K (2013) Five notorious Facebook attacks (learn how to protect yourself). Social media Retrieved 2/3/2015, 2015, from http://www.hongkiat.com/blog/five-facebook-attacks/.
Coates JF (1975) In defense of Delphi:. a review of Delphi assessment, expert opinion, forecasting, and group process by H. Sackman. Technological Forecasting and Social Change 7(2), 193–194.
Cohen J (1977) Statistical Power Analysis for the Behavioral Sciences. Academic Press, New York, USA.
Corina S (2006) Marketing communication in online social programs: Ohanian model of source credibility. Journal of Empirical Generalisations in Marketing 1(1), 778–784.
Couper M (2013) Is the sky falling? New technology, changing media, and the future of surveys. Survey Research Methods 7(3), 145–156.
Creswell JW (2012) Qualitative Inquiry and Research Design: Choosing among Five Approaches. Sage, Thousand Oaks, CA, USA.
Crisci, R and Kassinove, H (1973) Effect of Perceived Expertise, Strength of Advice, and Environmental Setting on Parental Compliance. The Journal of Social Psychology 89(2), 245–250.
Cugelman B, Thelwall M and Dawes P (2009) The dimensions of web site credibility and their relation to active trust and behavioural impact. Communications of the Association for Information Systems 24(1), 26.
D’Arcy J, Hovav A and Galletta D (2009) User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach. Information Systems Research 20(1), 79–98.
Dalkey N and Helmer O (1963) An experimental application of the delphi method to the use of experts. Management Science 9(3), 458–467.
Dam J-W and van de Michel V (2015) Online profiling and clustering of Facebook users. Decision Support Systems 70, 60–72.
DeVellis, R. F (2012) Scale Development: Theory and Applications. Sage, Thousand Oaks, CA, USA.
Dey A (1985) Orthogonal Fractional Factorial Designs. Wiley, New York, USA.
Dhamija R, Tygar JD and Hearst M (2006) Why phishing works. In Proceedings of the 2006 SIGCHI Conference on Human Factors in Computing Systems, pp 581–590, ACM, New York, USA.
Dimensional-Research (2011) The Risk of Social Engineering on Information Security: A Survey of It Professionals. Technical report, Long Beach, CA.
Dinev T (2006) Why spoofing is serious internet fraud. Communications of the ACM 49(10), 76–82.
Downs JS, Holbrook M and Cranor LF (2007) Behavioral response to phishing risk. In Proceedings of the Anti-Phishing Working Groups 2nd Annual eCrime Researchers Summit, pp 37–44, ACM, New York, USA.
Edwards C, Spence PR, Gentile CJ, Edwards A and Edwards A (2013) How much Klout do you have… A test of system generated cues on source credibility. Computers in Human Behavior 29(5), A12–A16.
Eisend M (2006) Source credibility dimensions in marketing communication—a generalized solution. Journal of Empirical Generalizations in Marketing 10(2), 1–33.
Ekman P (2007) Emotions Revealed: Recognizing Faces and Feelings to Improve Communication and Emotional Life. Henry Holt and Company, New York, USA.
Fire M, Goldschmidt R and Elovici Y (2014) Online social networks: threats and solutions. Communications Surveys & Tutorials, IEEE 16(4), 2019–2036.
Flick U (2004) Triangulation in Qualitative Research. A Companion to Qualitative Research, pp 178–183. London, UK: Sage Publications.
Furnell S (2007) Phishing: can we spot the signs? Computer Fraud & Security 2007(3), 10–15.
Furnell S and Clarke N (2012) Power to the people? The evolving recognition of human aspects of security. Computers & Security 31(8), 983–988.
Garland R (1990) A comparison of three forms of the semantic differential. Marketing Bulletin 1(1), 19–24.
Gaziano C and McGrath K (1986) Measuring the Concept of Credibility. Journalism Quarterly 63(3), 451–462.
Gibbins M (1992) Deception: a tricky issue for behavioral research in accounting and auditing. Auditing 11(2), 113.
Gragg D (2003) A multi-level defense against social engineering. SANS Reading Room, March (13).
Grazioli S (2004) Where did they go wrong? An analysis of the failure of knowledgeable internet consumers to detect deception over the internet. Group Decision and Negotiation 13(2), 149–172.
Gunst RF and Mason RL (2009) Fractional factorial design. Wiley Interdisciplinary Reviews: Computational Statistics 1(2), 234–244.
Hadnagy, C (2010) Social Engineering: The Art of Human Hacking. Wiley, New York, USA.
Hair JF, Black WC, Babin BJ, Anderson RE and Tatham RL (2006) Multivariate Data Analysis. Pearson Prentice Hall, Upper Saddle River, NJ, USA.
Haney C, Banks C and Zimbardo P (1973) Interpersonal dynamics in a simulated prison. International Journal of Criminology and Penology 1973(1), 69–97.
Herath T, Chen R, Wang J, Banjara K, Wilbur J and Rao HR (2014) Security services as coping mechanisms: an investigation into user intention to adopt an email authentication service. Information Systems Journal 24(1), 61–84.
Hooper D, Coughlan J and Mullen M (2008) Structural equation modelling: guidelines for determining model fit. Electronic Journal of Business Research Methods 6(1), 53–60.
Hovland CI, Janis IL and Kelley HH (1953) Communication and Persuasion; Psychological Studies of Opinion Change. Yale University Press, New Haven, CT, USA.
Hovland CI and Weiss W (1951) The influence of source credibility on communication effectiveness. Public Opinion Quarterly 15(4), 635–650.
Huber M, Kowalski S, Nohlberg M and Tjoa S (2009) Towards automating social engineering using social networking sites. In The proceedings of 2009 International Conference on Computational Science and Engineering, pp 117–124, IEEE, Miami, USA.
Jagatic TN, Johnson NA, Jakobsson M and Menczer F (2007) Social phishing. Communications of the ACM 50(10), 94–100.
Jecker J and Landy D (1969) Liking a person as a function of doing him a favour. Human Relations 22(4), 371–378.
Johnson HH and Izzett RR (1969) Relationship between authoritarianism and attitude change as a function of source credibility and type of communication. Journal of Personality and Social Psychology 13(4), 317.
Johnston AC, Warkentin M and Siponen M (2015) An enhanced fear appeal rhetorical framework: leveraging threats to the human asset through sanctioning rhetoric. MIS Quarterly 39(1), 113–134.
Joseph WB (1982) The credibility of physically attractive communicators: a review. Journal of Advertising 11(3), 15–24.
Kane GC, Alavi M, Labianca GJ and Borgatti SP (2014) What’s different about social media networks? A framework and research agenda. MIS Quarterly 38(1), 275–304.
Kelman HC and Hovland CI (1953) ‘Reinstatement’ of the communicator in delayed measurement of opinion change. The Journal of Abnormal and Social Psychology 48(3), 327.
Keren G (1993) Between or within subjects design: a methodological dilemma. In A Handbook for Data Analysis in the Behaviorial Sciences (Keren G and Lewis C, Eds), p 257, Psychology Press, New York.
Kimmel AJ (2000) Deception in Marketing Research: Ethical, Methodological, and Disciplinary Implications. London Business School, London.
Kirk RE (1982). Experimental design. Wiley, London.
Klebba JM and Unger LS (1983) The impact of negative and positive information on source credibility in a field setting. Advances in Consumer Research 10(1), 11–16.
Koslin BL, Stoops JW and Loh WD (1967) Source characteristics and communication discrepancy as determinants of attitude change and conformity. Journal of Experimental Social Psychology 3(3), 230–242.
Kumaraguru P, Cranshaw J, Acquisti A, Cranor LF, Hong J, Blair MA and Pham T (2009) School of phish: a real-word evaluation of anti-phishing training. In Proceedings of the 5th Symposium on Usable Privacy and Security, pp 1–12, ACM, New York, USA.
Kvedar D, Nettis M and Fulton SP (2010) The use of formal social engineering techniques to identify weaknesses during a computer vulnerability competition. Journal of Computing Sciences in Colleges 26(2), 80–87.
Lane D (2001) Spring 2001 Theory Workbook.
Liu W and Ruths D (2013) What’s in a name? Using first names as features for gender inference in Twitter. In AAAI Spring Symposium: Analyzing Microtext, pp 10–16, Association for the Advancement of Artificial Intelligence, Dublin, Ireland.
Lun J, Sinclair S, Whitchurch ER and Glenn C (2007) (Why) do i think what you think? Epistemic social tuning and implicit prejudice. Journal of Personality and Social Psychology 93(6), 957.
Luo XR, Zhang W, Burd S and Seazzu A (2012) Investigating phishing victimization with the heuristic-systematic model: a theoretical framework and an exploration. Computers & Security 38(1), 28–38.
MacKinnon DP, Krull JL and Lockwood CM (2000) Equivalence of the mediation, confounding and suppression effect. Prevention Science 1(4), 173–181.
Markham D (1968) The dimensions of source credibility of television newscasters. Journal of Communication 18(1), 57–64.
Martin DW (2007) Doing Psychology Experiments. Cengage Learning, Boston.
Marusca L (2014) What every body is saying an ex-FBI agent’s guide to speed-reading people. Journal of Media Research 7(3), 89–90.
Matook S, Brown SA and Rolf J (2015) Forming an intention to act on recommendations given via online social networks. European Journal of Information Systems, 24(1), 76–92.
Mazzuca T (2014) 7 scary findings from the 2014 Symantec internet security threat report. Property & Casualty 360.
McCord M and Chuah M (2011) Spam detection on Twitter using traditional classifiers. In Autonomic and Trusted Computing, pp 175–186, Springer, Berlin, Heidelberg.
McCroskey JC, Holdridge W and Toomb JK (1974) An instrument for measuring the source credibility of basic speech communication instructors. Communication Education 23(1), 26–33.
Metzger MJ, Flanagin AJ, Eyal K, Lemus DR and McCann RM (2003) Credibility for the 21st century: integrating perspectives on source, message, and media credibility in the contemporary media environment. Communication Yearbook 27, 293–336.
Mislove A, Lehmann S, Ahn Y-Y, Onnela J-P and Rosenquist JN (2011) Understanding the demographics of Twitter users. In Proceedings of the Fifth International AAAI Conference on Weblogs and Social Media, pp 1–4, Association for the Advancement of Artificial Intelligence, Barcelona, Spain.
Mitnick KD and Simon WL (2001) The Art of Deception: Controlling the Human Element of Security. Wiley, New York, USA.
Mixon D (1972) Instead of deception. Journal for the Theory of Social Behaviour 2(2), 145–178.
Mosier NR and Ahlgren A (1981) Credibility of precision journalism. Journalism & Mass Communication Quarterly 58(3), 375–518.
Myers MD (1997) Qualitative research in information systems. Management Information Systems Quarterly 21(2), 241–242.
Nagy J and Pecho P (2009) social networks security. In Proceedings of the Third International Conference on Emerging Security Information, Systems and Technologies, pp 321–325, IEEE, Athens, Glyfada.
O’Connor J and Seymour J (2011) Introducing Nlp: Psychological Skills for Understanding and Influencing People. Conari Press, San Francisco, USA.
O’Leary CJ, Willis FN and Tomich E (1970) Conformity under deceptive and non-deceptive techniques. The Sociological Quarterly 11(1), 87–93.
Ohanian R (1990) Construction and validation of a scale to measure celebrity endorsers’ perceived expertise, trustworthiness, and attractiveness. Journal of Advertising 19(3), 39–52.
Olson T and Christiansen G (1966) Thirty-One Hours: The Grindstone Experiment. Canadian Friends Service Committee, Toronto.
Osborne J and Waters E (2002) Four assumptions of multiple regression that researchers should always test. Practical Assessment, Research & Evaluation 8(2), 1–9.
Parks R, Xu H, Chu C and Lowry P (2017) Examining the intended and unintended consequences of organisational privacy safeguards enactment in healthcare: a grounded theory investigation. European Journal of Information Systems 26(1), 37–65.
Parrish Jr JL, Bailey JL and Courtney JF (2009) A Personality Based Model for Determining Susceptibility to Phishing Attacks, pp 285–296. University of Arkansas, Little Rock.
Pattinson M, Jerram C, Parsons K, McCormac A and Butavicius M (2012) Why do some people manage phishing e-mails better than others? Information Management & Computer Security 20(1), 18–28.
Pennacchiotti, M and Popescu, A-M (2011) A machine learning approach to Twitter user classification. In Proceedings of the Fifth International AAAI Conference on Weblogs and Social Media, pp 281–288, Association for the Advancement of Artificial Intelligence, Barcelona, Spain.
Petty RE and Cacioppo JT (1986) The elaboration likelihood model of persuasion. In Communication and Persuasion (Petty RE and Cacioppo JT, Eds), pp 1–24, Springer, New York, USA.
Plapp T and Werner U (2006) Understanding risk perception from natural hazards: examples from Germany. Risk 21, 101–108.
Pornpitakpan C (2004) The persuasiveness of source credibility: a critical review of five decades’ evidence. Journal of Applied Social Psychology 34(2), 243–281.
Porter SR and Whitcomb ME (2003) The impact of lottery incentives on student survey response rates. Research in Higher Education 44(4), 389–407.
Posey C, Roberts T, Lowry PB, Bennett B and Courtney J (2013) Insiders’ protection of organizational information assets: development of a systematics-based taxonomy and theory of diversity for protection-motivated behaviors. MIS Quarterly 37(4), 1189–1210.
Posey C, Roberts TL, Lowry PB and Hightower RT (2014) Bridging the divide: a qualitative comparison of information security thought patterns between information security professionals and ordinary organizational insiders. Information & Management 51(5), 551–567.
Pyszczynski T, Greenberg J and Solomon S (1997) Why Do we need what we need? A terror management perspective on the roots of human social motivation. Psychological Inquiry 8(1), 1–20.
Qi T (2007) An investigation of heuristics of human judgment in detecting deception and potential implications in countering social engineering. In Intelligence and Security Informatics, 2007 IEEE, pp 152–159, IEEE.
Rao D, Yarowsky D, Shreevats A, Gupta M (2010) Classifying latent user attributes in Twitter. In Proceedings of the 2nd International Workshop on Search and Mining User-Generated Contents, Toronto, Canada, pp 37–44.
Recker J (2012) Scientific Research in Information Systems: A Beginner’s Guide. Springer, Berlin.
Rosenstock IM (1974) Historical origins of the health belief model. Health Education & Behavior 2(4), 328–335.
Rucker DD, Preacher KJ, Tormala ZL and Petty RE (2011) Mediation analysis in social psychology: current practices and new recommendations. Social and Personality Psychology Compass 5(6), 359–371.
Ryan TP and Morgan JP (2007) Modern experimental design. Journal of Statistical Theory and Practice 1(3–4), 501–506.
Sadeghian A, Zamani M and Shanmugam B (2013) Security threats in online social networks. In 2013 International Conference on Informatics and Creative Multimedia (ICICM), pp 254–258, IEEE.
Salwen MB (1987) Credibility of newspaper opinion polls: source, source intent and precision. Journalism & Mass Communication Quarterly 64(4), 813–819.
Seiter R and Gass J (2010). Persuasion, Social Influence, and Compliance Gaining. Allyn & Bacon, Boston, USA.
Sheng S, Holbrook M, Kumaraguru P, Cranor LF and Downs J (2010) Who falls for phish? A demographic analysis of phishing susceptibility and effectiveness of interventions. In Proceedings of the 2010 SIGCHI Conference on Human Factors in Computing Systems, pp 373–382, ACM, New York, USA.
Sherif M and Hovland CI (1961) Social Judgment: Assimilation and Contrast Effects in Communication and Attitude Change. Yale University Press, Oxford, England.
Shrout PE and Bolger N (2002) Mediation in experimental and nonexperimental studies: new procedures and recommendations. Psychological Methods 7(4), 422.
Singh PV, Sahoo N and Mukhopadhyay T (2014) How to attract and retain readers in enterprise blogging? Information Systems Research 25(1), 35–52.
Singletary MW (1976) Components of credibility of a favorable news source. Journalism & Mass Communication Quarterly 53(2), 316–319.
Sivo SA., Saunders C, Chang Q and Jiang JJ (2006) How low should you go? Low response rates and the validity of inference in IS questionnaire research. Journal of the Association for Information Systems 7(6), 351–414.
Stringhini G, Kruegel C and Vigna G (2010) Detecting spammers on social networks. In Proceedings of the 26th Annual Computer Security Applications Conference, pp 1–9, ACM, Austin, USA.
Sussman SW and Siegal WS (2003) Informational influence in organizations: an integrated approach to knowledge adoption. Information Systems Research 14(1), 47–65.
Tabachnick BG and Fidell LS (2001) Using Multivariate Statistics, 4th edn. Allyn and Bacon, Boston, USA.
Tashakkori A and Teddlie C (2003) Handbook of Mixed Methods in Social & Behavioral Research. Sage Publications, Thousand Oaks, CA, USA.
Thomas K, McCoy D, Grier C, Kolcz A and Paxson V (2013) Trafficking fraudulent accounts: the role of the underground market in Twitter spam and abuse. In Proceedings of the 22nd Annual USENIX Security Symposium (Usenix Sec 2013), pp 195–210, Citeseer, Washington DC, USA.
Thomas, K and Nicol DM (2010) The Koobface Botnet and the rise of social malware. In Proceedings of the 5th International Conference on Malicious and Unwanted Software (MALWARE), pp 63–70, IEEE, Nancy Lorraine, France.
Thornburgh T (2004) Social engineering: the dark art. In Proceedings of the 1st Annual Conference on Information Security Curriculum Development, pp 133–135, ACM, New York, USA.
Tseng S and Fogg B (1999) Credibility and computing technology. Communications of the ACM 42(5), 39–44.
Urquhart C, Lehmann H and Myers MD (2010) Putting the ‘theory’ back into grounded theory: guidelines for grounded theory studies in information systems. Information Systems Journal 20(4), 357–381.
Vance A, Anderson BB, Kirwan CB and Eargle D (2014) Using measures of risk perception to predict information security behavior: insights from electroencephalography (EEG). Journal of the Association for Information Systems 15(10), 679–722.
Vance A, Elie-Dit-Cosaque C and Straub DW (2008) Examining trust in information technology artifacts: the effects of system quality and culture. Journal of Management Information Systems 24(4), 73–100.
Vishwanath A (2014) Diffusion of deception in social media: social contagion effects and its antecedents. Information Systems Frontiers 17(6), 1–15.
Wang AH (2010) Don’t follow me: spam detection in Twitter. In the Proceedings of the 2010 International Conference on Security and Cryptography (SECRYPT), pp 1–10, IEEE, Athens, Greece.
Wang J, Gupta M and Raj R (2015) Insider threats in a financial institution: analysis of attack-proneness of information systems applications. Management Information Systems Quarterly 39(1), 91–112.
Westerman D, Spence PR and Van Der Heide B (2014) Social media as information source: recency of updates and credibility of information. Journal of Computer-Mediated Communication 19(2), 171–183.
Willison R and Warkentin M (2013) Beyond deterrence: an expanded view of employee computer abuse. Mis Quarterly 37(1), 1–20.
Workman, M (2007) Gaining access with social engineering: an empirical study of the threat. Information Systems Security 16(6), 315–331.
Workman M (2008) Wisecrackers: a theory-grounded investigation of phishing and pretext social engineering threats to information security. Journal of the American Society for Information Science and Technology 59(4), 662–674.
Wright RT, Jensen ML, Thatcher JB, Dinger M and Marett K (2014) Research note—influence techniques in phishing attacks: an examination of vulnerability and resistance. Information Systems Research 25(2), 385-400.
Yardley-Matwiejczuk KM (1997) Role Play: Theory and Practice. Sage Publications, London, UK.
Zhao X, Lynch JG and Chen Q (2010) Reconsidering Baron and Kenny: myths and truths about mediation analysis. Journal of Consumer Research 37(2), 197–206.
Author information
Authors and Affiliations
Corresponding author
Additional information
Special Issue Editors: Paul Benjamin Lowry, Tamara Dinev, Robert Willison.
Appendices
Rights and permissions
About this article
Cite this article
Algarni, A., Xu, Y. & Chan, T. An empirical study on the susceptibility to social engineering in social networking sites: the case of Facebook. Eur J Inf Syst 26, 661–687 (2017). https://doi.org/10.1057/s41303-017-0057-y
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1057/s41303-017-0057-y