Diffusion of deception in social media: Social contagion effects and its antecedents
What makes deceptive attacks on social media particularly virulent is the likelihood of a contagion effect, where a perpetrator takes advantage of the connections among people to deceive them. To examine this, the current study experimentally stimulates a phishing type attack, termed as farcing, on Facebook users. Farcing attacks occur in two stages: a first stage where phishers use a phony profile to friend victims, and a second stage, where phishers solicit personal information directly from victims. In the present study, close to one in five respondents fell victim to the first stage attack and one in ten fell victim to the second stage attack. Individuals fell victim to a level 1 attack because they relied primarily on the number of friends or the picture of the requester as a heuristic cue and made snap judgments. Victims also demonstrated a herd mentality, gravitating to a phisher whose page showed more connections. Such profiles caused an upward information cascade, where each victim attracted many more victims through a social contagion effect. Individuals receiving a level 2 information request on Facebook peripherally focused on the source of the request by using the sender’s picture in the message as a credibility cue.
KeywordsIT diffusion and adoption Social contagion Computer-mediated communication and collaboration Laboratory experiments Social media Online deception Phishing
- Arora, A., Telang, R., & Xu, H. (2005). Optimal policy for software vulnerability disclosure.Google Scholar
- Banerjee, A. V. (1992). A simple model of herd behavior. The Quarterly Journal of Economics, 107(3), 797–817.Google Scholar
- Bose, I., & Leung, A. C. M. (2007). Unveiling the mask of phishing: Threats, preventive measures, and responsibilities. Communications of AIS, 19(1), 544–566.Google Scholar
- Brenner, J. (2012). Social networking. Pew Internet & American Life Project, November 13, 2012, http://pewinternet.org/Commentary/2012/March/Pew-Internet-Social-Networking-full-detail.aspx, accessed on November 28, 2012.
- Chaiken, S. (1987). The heuristic model of persuasion.Google Scholar
- Chaiken, S., & Eagly, A. H. (1989). Heuristic and systematic information processing within and. Unintended Thought, 212.Google Scholar
- Chaiken, S., & Trope, Y. (1999). Dual-process theories in social psychology. New York: Guilford Press.Google Scholar
- Chen, S., & Chaiken, S. (1999). The heuristic-systematic model in its broader context. Dual-Process Theories in Social Psychology, 73–96.Google Scholar
- Clogg, C. C., Petkova, E., & Haritou, A. (1995). Statistical methods for comparing regression coefficients between models. American Journal of Sociology, 1261–1293.Google Scholar
- Dvorak, J. C. (2011, January 19). LinkedIn account hacked, from http://www.pcmag.com/article2/0,2817,2375983,00.asp.
- Fichman, R. G. (1992). Information technology diffusion: A review of empirical research.Google Scholar
- Gross, R., & Acquisti, A. (2005). Information revelation and privacy in online social networks.Google Scholar
- Hall, A. (2010). Top German firms ban Facebook and Twitter from workplace over industrial espionage fears. Mail Online. Google Scholar
- Herbeck, D., & Besecker, A. (2011). Hardworking teacher masked his sinster side, The Buffalo News. Google Scholar
- Ingram, M. (2010). Mary Meeker: Mobile Internet Will Soon Overtake Fixed Internet (Morgan Stanley Report), from http://gigaom.com/2010/04/12/mary-meeker-mobile-internet-will-soon-overtake-fixed-internet/.
- IBM X-Force Trend and Risk Report (2012)Google Scholar
- Jakobsson, M. (2007). The human factor in phishing. Privacy & Security of Consumer Information. Google Scholar
- Jakobsson, M., Tsow, A., Shah, A., Blevis, E., & Lim, Y.-K. (2007). What Instills Trust? A Qualitative Study of Phishing. Paper presented at the Usable Security (USEC’07), Lowlands, Scarborough, Trinidad/Tobago.Google Scholar
- Madden, M. (2010). Older adults and social media: Pew Internet & American Life Project.Google Scholar
- Miller, S. (2012). Sen. Grassley’s Twitter Account Hacked by SOPA Protesters, from http://abcnews.go.com/blogs/politics/2012/01/sen-grassleys-twitter-account-hacked-by-sopa-protesters/.
- Nairn, G. (2011). Your Wall Has Ears. The Wall Street Journal from http://online.wsj.com/article/SB10001424052970204226204576600531532461052.html.
- Payne, J. W., & Bettman, J. R. (2008). Walking with the scarecrow: The information-processing approach to decision research. In D. J. Koehler & N. Harvey (Eds.), Blackwell handbook of judgment and decision making (pp. 110–123). Malden: Blackwell Publishing Ltd.. doi:10.1002/9780470752937.ch6.Google Scholar
- Prince, B. (2009). Phishing attacks cost millions despite low success rate, from http://www.eweek.com/c/a/Security/Phishing-Attacks-Cost-Millions-Despite-Low-Success-Rate-879602/.
- Protalinski, E. (2012). Chinese spies used fake Facebook profile to friend NATO officials., from http://www.zdnet.com/blog/facebook/chinese-spies-used-fake-facebook-profile-to-friend-nato-officials/10389.
- Quinn, R. (2011). Fake soldiers scam Facebook users. Retrieved from http://www.newser.com/story/113000/fake-soldiers-scam-facebook-users.html.
- Ratneshwar, S., & Chaiken, S. (1991). Comprehension’s role in persuasion: The case of its moderating effect on the persuasive impact of source cues. Journal of Consumer Research, 52–62.Google Scholar
- Roche, J. L. (2011). Bank Of America Just Had The Ultimate Social Media Fail, from http://articles.businessinsider.com/2011-11-15/wall_street/30400487_1_google-bank-tarp.
- Rogers, E. M. (1995). Diffusion of innovations: Free Pr.Google Scholar
- Shiller, R. J. (1995). Conversation, information, and herd behavior. The American Economic Review, 85(2), 181–185.Google Scholar
- Smith, A. (2012). Nearly half of american adults are smartphone owners: Pew center & American life project.Google Scholar
- Sundar, S. S. (2007). The MAIN model: A heuristic approach to understanding technology effects on credibility. The John D. and Catherine T. MacArthur foundation series on digital media and learning, 73–100.Google Scholar
- Wang, J., Chen, R., Herath, T., and Rao, H.R. . (2008). An Empirical Exploration Of The Design Pattern Of Phishing Attacks. In S. J. Upadhyaya, and H.R. Rao (Ed.), Annals of Emerging Research in Information Assurance, Security and Privacy Services: Elsevier.Google Scholar
- Winton, A. B. A. R. (2009, October 29). More celebrities targeted by alleged ‘bling ring’, Los Angeles Times. Retrieved from http://articles.latimes.com/2009/oct/29/local/me-celebrity-burglaries29.
- Wright, P. H. (1988). Interpreting research on gender differences in friendship: a case for moderation and a plea for caution. Journal of Social and Personal Relationships, 5(3), 367–373.Google Scholar