Information Systems Frontiers

, Volume 17, Issue 6, pp 1353–1367 | Cite as

Diffusion of deception in social media: Social contagion effects and its antecedents

Article

Abstract

What makes deceptive attacks on social media particularly virulent is the likelihood of a contagion effect, where a perpetrator takes advantage of the connections among people to deceive them. To examine this, the current study experimentally stimulates a phishing type attack, termed as farcing, on Facebook users. Farcing attacks occur in two stages: a first stage where phishers use a phony profile to friend victims, and a second stage, where phishers solicit personal information directly from victims. In the present study, close to one in five respondents fell victim to the first stage attack and one in ten fell victim to the second stage attack. Individuals fell victim to a level 1 attack because they relied primarily on the number of friends or the picture of the requester as a heuristic cue and made snap judgments. Victims also demonstrated a herd mentality, gravitating to a phisher whose page showed more connections. Such profiles caused an upward information cascade, where each victim attracted many more victims through a social contagion effect. Individuals receiving a level 2 information request on Facebook peripherally focused on the source of the request by using the sender’s picture in the message as a credibility cue.

Keywords

IT diffusion and adoption Social contagion Computer-mediated communication and collaboration Laboratory experiments Social media Online deception Phishing 

Supplementary material

10796_2014_9509_MOESM1_ESM.gif (63 kb)
ESM 1(GIF 62 kb)
10796_2014_9509_MOESM2_ESM.gif (15 kb)
ESM 2(GIF 14 kb)

References

  1. Aral, S., Muchnik, L., & Sundararajan, A. (2009). Distinguishing influence-based contagion from homophily-driven diffusion in dynamic networks. Proceedings of the National Academy of Sciences, 106(51), 21544–21549.CrossRefGoogle Scholar
  2. Arora, A., Telang, R., & Xu, H. (2005). Optimal policy for software vulnerability disclosure.Google Scholar
  3. Banerjee, A. V. (1992). A simple model of herd behavior. The Quarterly Journal of Economics, 107(3), 797–817.Google Scholar
  4. Bose, I., & Leung, A. C. M. (2007). Unveiling the mask of phishing: Threats, preventive measures, and responsibilities. Communications of AIS, 19(1), 544–566.Google Scholar
  5. Brenner, J. (2012). Social networking. Pew Internet & American Life Project, November 13, 2012, http://pewinternet.org/Commentary/2012/March/Pew-Internet-Social-Networking-full-detail.aspx, accessed on November 28, 2012.
  6. Brios, D. P., George, J. F., & Zmund, R. W. (2002). Inducing sensitivity to deception in order to improve decision making performance: A field study. MIS Quarterly, 26, 119–144.CrossRefGoogle Scholar
  7. Chaiken, S. (1980). Heuristic versus systematic information processing and the use of source versus message cues in persuasion. Journal of Personality and Social Psychology, 39(5), 752.CrossRefGoogle Scholar
  8. Chaiken, S. (1987). The heuristic model of persuasion.Google Scholar
  9. Chaiken, S., & Eagly, A. H. (1989). Heuristic and systematic information processing within and. Unintended Thought, 212.Google Scholar
  10. Chaiken, S., & Trope, Y. (1999). Dual-process theories in social psychology. New York: Guilford Press.Google Scholar
  11. Chen, S., & Chaiken, S. (1999). The heuristic-systematic model in its broader context. Dual-Process Theories in Social Psychology, 73–96.Google Scholar
  12. Clogg, C. C., Petkova, E., & Haritou, A. (1995). Statistical methods for comparing regression coefficients between models. American Journal of Sociology, 1261–1293.Google Scholar
  13. Cohen, A. (1983). Comparing regression coefficients across subsamples. Sociological Methods & Research, 12(1), 77–94.CrossRefGoogle Scholar
  14. Cummings, J. N., Butler, B., & Kraut, R. (2002). The quality of online social relationships. Communications of the ACM, 45(7), 103–108.CrossRefGoogle Scholar
  15. Dholakia, U. M., Basuroy, S., & Soltysinski, K. (2002). Auction or agent (or both)? A study of moderators of the herding bias in digital auctions. International Journal of Research in Marketing, 19(2), 115–130.CrossRefGoogle Scholar
  16. Dvorak, J. C. (2011, January 19). LinkedIn account hacked, from http://www.pcmag.com/article2/0,2817,2375983,00.asp.
  17. Ellison, N. B., Steinfield, C., & Lampe, C. (2007). The benefits of Facebook “friends:” Social capital and college students’ use of online social network sites. Journal of Computer-Mediated Communication, 12(4), 1143–1168.CrossRefGoogle Scholar
  18. Fichman, R. G. (1992). Information technology diffusion: A review of empirical research.Google Scholar
  19. Gross, R., & Acquisti, A. (2005). Information revelation and privacy in online social networks.Google Scholar
  20. Hall, A. (2010). Top German firms ban Facebook and Twitter from workplace over industrial espionage fears. Mail Online. Google Scholar
  21. Herbeck, D., & Besecker, A. (2011). Hardworking teacher masked his sinster side, The Buffalo News. Google Scholar
  22. Ingram, M. (2010). Mary Meeker: Mobile Internet Will Soon Overtake Fixed Internet (Morgan Stanley Report), from http://gigaom.com/2010/04/12/mary-meeker-mobile-internet-will-soon-overtake-fixed-internet/.
  23. IBM X-Force Trend and Risk Report (2012)Google Scholar
  24. Jakobsson, M. (2007). The human factor in phishing. Privacy & Security of Consumer Information. Google Scholar
  25. Jakobsson, M., Tsow, A., Shah, A., Blevis, E., & Lim, Y.-K. (2007). What Instills Trust? A Qualitative Study of Phishing. Paper presented at the Usable Security (USEC’07), Lowlands, Scarborough, Trinidad/Tobago.Google Scholar
  26. Johnson, P. E., Grazioli, S., Jamal, K., & Berryman, G. (2001). Detecting deception: Adversarial problem solving in a Low base rate world. Cognitive Science, 25(3), 355–392.CrossRefGoogle Scholar
  27. Johnston, V. S., & Franklin, M. (1993). Is beauty in the eye of the beholder? Ethology and Sociobiology, 14(3), 183–199.CrossRefGoogle Scholar
  28. Koh, Y. J., & Sundar, S. S. (2010). Heuristic versus systematic processing of specialist versus generalist sources in online media. Human Communication Research, 36(2), 103–124.CrossRefGoogle Scholar
  29. Madden, M. (2010). Older adults and social media: Pew Internet & American Life Project.Google Scholar
  30. Miller, S. (2012). Sen. Grassley’s Twitter Account Hacked by SOPA Protesters, from http://abcnews.go.com/blogs/politics/2012/01/sen-grassleys-twitter-account-hacked-by-sopa-protesters/.
  31. Nairn, G. (2011). Your Wall Has Ears. The Wall Street Journal from http://online.wsj.com/article/SB10001424052970204226204576600531532461052.html.
  32. Opsahl, K. (2010). Facebook’s Eroding Privacy Policy: A Timeline from Electronic Frontier Foundation http://www.eff.org/deeplinks/2010/04/facebook-timeline.
  33. Payne, J. W., & Bettman, J. R. (2008). Walking with the scarecrow: The information-processing approach to decision research. In D. J. Koehler & N. Harvey (Eds.), Blackwell handbook of judgment and decision making (pp. 110–123). Malden: Blackwell Publishing Ltd.. doi:10.1002/9780470752937.ch6.Google Scholar
  34. Prince, B. (2009). Phishing attacks cost millions despite low success rate, from http://www.eweek.com/c/a/Security/Phishing-Attacks-Cost-Millions-Despite-Low-Success-Rate-879602/.
  35. Protalinski, E. (2012). Chinese spies used fake Facebook profile to friend NATO officials., from http://www.zdnet.com/blog/facebook/chinese-spies-used-fake-facebook-profile-to-friend-nato-officials/10389.
  36. Quinn, R. (2011). Fake soldiers scam Facebook users. Retrieved from http://www.newser.com/story/113000/fake-soldiers-scam-facebook-users.html.
  37. Ratneshwar, S., & Chaiken, S. (1991). Comprehension’s role in persuasion: The case of its moderating effect on the persuasive impact of source cues. Journal of Consumer Research, 52–62.Google Scholar
  38. Roche, J. L. (2011). Bank Of America Just Had The Ultimate Social Media Fail, from http://articles.businessinsider.com/2011-11-15/wall_street/30400487_1_google-bank-tarp.
  39. Rogers, E. M. (1995). Diffusion of innovations: Free Pr.Google Scholar
  40. Shiller, R. J. (1995). Conversation, information, and herd behavior. The American Economic Review, 85(2), 181–185.Google Scholar
  41. Simon, H. A. (1955). A behavioral model of rational choice. Quarterly Journal of Economics, 69, 99–118.CrossRefGoogle Scholar
  42. Smith, A. (2012). Nearly half of american adults are smartphone owners: Pew center & American life project.Google Scholar
  43. Stroebe, W., Insko, C. A., Thompson, V. D., & Layton, B. D. (1971). Effects of physical attractiveness, attitude similarity, and sex on various aspects of interpersonal attraction. Journal of Personality and Social Psychology, 18(1), 79.CrossRefGoogle Scholar
  44. Sundar, S. S. (2007). The MAIN model: A heuristic approach to understanding technology effects on credibility. The John D. and Catherine T. MacArthur foundation series on digital media and learning, 73–100.Google Scholar
  45. Sundar, S. S., Knobloch Westerwick, S., & Hastall, M. R. (2007). News cues: Information scent and cognitive heuristics. Journal of the American Society for Information Science and Technology, 58(3), 366–378.CrossRefGoogle Scholar
  46. Valente, T. W. (1996). Network models of the diffusion of innovations. Computational and Mathematical Organization Theory, 2(2), 163–164.CrossRefGoogle Scholar
  47. Verser, R., & Wicks, R. H. (2006). Managing voter impressions: The use of images on presidential candidate web sites during the 2000 campaign. Journal of Communication, 56(1), 178–197.CrossRefGoogle Scholar
  48. Vishwanath, A. (2003). Comparing online information effects. Communication Research, 30(6), 579–598.CrossRefGoogle Scholar
  49. Vishwanath, A., Herath, T., Chen, R., Wang, J., & Rao, H. R. (2011). Why do people get phished? Testing individual differences in phishing vulnerability within an integrated, information processing model. Decision Support Systems, 51(3), 576–586.CrossRefGoogle Scholar
  50. Wang, J., Chen, R., Herath, T., and Rao, H.R. . (2008). An Empirical Exploration Of The Design Pattern Of Phishing Attacks. In S. J. Upadhyaya, and H.R. Rao (Ed.), Annals of Emerging Research in Information Assurance, Security and Privacy Services: Elsevier.Google Scholar
  51. Washer, P. (2004). Representations of SARS in the British newspapers. Social Science & Medicine, 59(12), 2561–2571.CrossRefGoogle Scholar
  52. Winton, A. B. A. R. (2009, October 29). More celebrities targeted by alleged ‘bling ring’, Los Angeles Times. Retrieved from http://articles.latimes.com/2009/oct/29/local/me-celebrity-burglaries29.
  53. Wright, P. H. (1988). Interpreting research on gender differences in friendship: a case for moderation and a plea for caution. Journal of Social and Personal Relationships, 5(3), 367–373.Google Scholar
  54. Zuckerman, A., & Chaiken, S. (1998). A heuristic‐systematic processing analysis of the effectiveness of product warning labels. Psychology and Marketing, 15(7), 621–642.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2014

Authors and Affiliations

  1. 1.Communication, Management Science & SystemsSUNY at BuffaloBuffaloUSA

Personalised recommendations