What makes deceptive attacks on social media particularly virulent is the likelihood of a contagion effect, where a perpetrator takes advantage of the connections among people to deceive them. To examine this, the current study experimentally stimulates a phishing type attack, termed as farcing, on Facebook users. Farcing attacks occur in two stages: a first stage where phishers use a phony profile to friend victims, and a second stage, where phishers solicit personal information directly from victims. In the present study, close to one in five respondents fell victim to the first stage attack and one in ten fell victim to the second stage attack. Individuals fell victim to a level 1 attack because they relied primarily on the number of friends or the picture of the requester as a heuristic cue and made snap judgments. Victims also demonstrated a herd mentality, gravitating to a phisher whose page showed more connections. Such profiles caused an upward information cascade, where each victim attracted many more victims through a social contagion effect. Individuals receiving a level 2 information request on Facebook peripherally focused on the source of the request by using the sender’s picture in the message as a credibility cue.
This is a preview of subscription content, log in to check access.
Buy single article
Instant access to the full article PDF.
Price includes VAT for USA
Subscribe to journal
Immediate online access to all issues from 2019. Subscription will auto renew annually.
This is the net price. Taxes to be calculated in checkout.
Research questions 1, 2, and 5 examined whether the cues in the farcing request significantly predicted the individuals’ likelihood to get deceived. The moderating effect of gender was tested in each of these models. In testing gender effects in research question 1, the 2 × 2 × 2 ordinal regression (picture x friend x gender) was significant (χ2 (6) = 16.40, p < .05) but the gender effects were not significant (β = 0.19, SE = .59, Wald (1) = .09, p = .75). In testing research question 2, the logistic model was not significant (χ2 (3) = 9.70, p = .08) and the main effects of gender were also not significant (β = −.02, SE = .51, Wald (1) = .001, p = .97). Finally, in testing research question 5, the 2 × 2 × 2 ordinal regression that included gender in the model was not significant χ2 (6) = 4.40, p = .62, and the gender effects were also not significant (β = 0.38, SE = .58, Wald (1) = .42, p = .52).
A two-way ANOVA alternatively tested the influence of picture cues vs. friend cues on the likely response to the friend-request. The 2 × 2 ANOVA was significant (F(3,140) = 4.92, p < .05, η2 = .10). The main effect of friend cues was significant (F(1,140) = 10.75, p < .05, η2 = .07) and the follow-up contrasts suggested that individuals were significantly more likely to consider accepting a friend-request (M = 1.98, SD = 0.71) when the request came from a stranger with many friends than one without no friends (M = 1.63, SD = 0.71). The interaction effects were also significant (F(1,140) = 4.22, p < .05, η2 = .03). The interaction tests indicated that in the absence of a picture of the sender, individuals were significantly more likely to consider friend-requests from a stranger with many friends (M = 2.16, SD = .65) rather than from a sender with no friends (M = 1.52, SE = .68).
As an alternative to the ordinal regression, a 2 × 2 (friend cues vs. picture cues) ANCOVA with prior response to the friend request as the covariate was estimated. The overall model was significant (F(4,138) = 6.39, p < .05, η2 = .16. The main effect of picture cues and friend cues and the interaction effects were non-significant. Only the covariate effect was significant (F(1,138) = 22.76, p < .05, η2 = .14, indicating that individual response to the level 2 information request was influenced by their response to the level 1 attack.
Aral, S., Muchnik, L., & Sundararajan, A. (2009). Distinguishing influence-based contagion from homophily-driven diffusion in dynamic networks. Proceedings of the National Academy of Sciences, 106(51), 21544–21549.
Arora, A., Telang, R., & Xu, H. (2005). Optimal policy for software vulnerability disclosure.
Banerjee, A. V. (1992). A simple model of herd behavior. The Quarterly Journal of Economics, 107(3), 797–817.
Bose, I., & Leung, A. C. M. (2007). Unveiling the mask of phishing: Threats, preventive measures, and responsibilities. Communications of AIS, 19(1), 544–566.
Brenner, J. (2012). Social networking. Pew Internet & American Life Project, November 13, 2012, http://pewinternet.org/Commentary/2012/March/Pew-Internet-Social-Networking-full-detail.aspx, accessed on November 28, 2012.
Brios, D. P., George, J. F., & Zmund, R. W. (2002). Inducing sensitivity to deception in order to improve decision making performance: A field study. MIS Quarterly, 26, 119–144.
Chaiken, S. (1980). Heuristic versus systematic information processing and the use of source versus message cues in persuasion. Journal of Personality and Social Psychology, 39(5), 752.
Chaiken, S. (1987). The heuristic model of persuasion.
Chaiken, S., & Eagly, A. H. (1989). Heuristic and systematic information processing within and. Unintended Thought, 212.
Chaiken, S., & Trope, Y. (1999). Dual-process theories in social psychology. New York: Guilford Press.
Chen, S., & Chaiken, S. (1999). The heuristic-systematic model in its broader context. Dual-Process Theories in Social Psychology, 73–96.
Clogg, C. C., Petkova, E., & Haritou, A. (1995). Statistical methods for comparing regression coefficients between models. American Journal of Sociology, 1261–1293.
Cohen, A. (1983). Comparing regression coefficients across subsamples. Sociological Methods & Research, 12(1), 77–94.
Cummings, J. N., Butler, B., & Kraut, R. (2002). The quality of online social relationships. Communications of the ACM, 45(7), 103–108.
Dholakia, U. M., Basuroy, S., & Soltysinski, K. (2002). Auction or agent (or both)? A study of moderators of the herding bias in digital auctions. International Journal of Research in Marketing, 19(2), 115–130.
Dvorak, J. C. (2011, January 19). LinkedIn account hacked, from http://www.pcmag.com/article2/0,2817,2375983,00.asp.
Ellison, N. B., Steinfield, C., & Lampe, C. (2007). The benefits of Facebook “friends:” Social capital and college students’ use of online social network sites. Journal of Computer-Mediated Communication, 12(4), 1143–1168.
Fichman, R. G. (1992). Information technology diffusion: A review of empirical research.
Gross, R., & Acquisti, A. (2005). Information revelation and privacy in online social networks.
Hall, A. (2010). Top German firms ban Facebook and Twitter from workplace over industrial espionage fears. Mail Online.
Herbeck, D., & Besecker, A. (2011). Hardworking teacher masked his sinster side, The Buffalo News.
Ingram, M. (2010). Mary Meeker: Mobile Internet Will Soon Overtake Fixed Internet (Morgan Stanley Report), from http://gigaom.com/2010/04/12/mary-meeker-mobile-internet-will-soon-overtake-fixed-internet/.
IBM X-Force Trend and Risk Report (2012)
Jakobsson, M. (2007). The human factor in phishing. Privacy & Security of Consumer Information.
Jakobsson, M., Tsow, A., Shah, A., Blevis, E., & Lim, Y.-K. (2007). What Instills Trust? A Qualitative Study of Phishing. Paper presented at the Usable Security (USEC’07), Lowlands, Scarborough, Trinidad/Tobago.
Johnson, P. E., Grazioli, S., Jamal, K., & Berryman, G. (2001). Detecting deception: Adversarial problem solving in a Low base rate world. Cognitive Science, 25(3), 355–392.
Johnston, V. S., & Franklin, M. (1993). Is beauty in the eye of the beholder? Ethology and Sociobiology, 14(3), 183–199.
Koh, Y. J., & Sundar, S. S. (2010). Heuristic versus systematic processing of specialist versus generalist sources in online media. Human Communication Research, 36(2), 103–124.
Madden, M. (2010). Older adults and social media: Pew Internet & American Life Project.
Miller, S. (2012). Sen. Grassley’s Twitter Account Hacked by SOPA Protesters, from http://abcnews.go.com/blogs/politics/2012/01/sen-grassleys-twitter-account-hacked-by-sopa-protesters/.
Nairn, G. (2011). Your Wall Has Ears. The Wall Street Journal from http://online.wsj.com/article/SB10001424052970204226204576600531532461052.html.
Payne, J. W., & Bettman, J. R. (2008). Walking with the scarecrow: The information-processing approach to decision research. In D. J. Koehler & N. Harvey (Eds.), Blackwell handbook of judgment and decision making (pp. 110–123). Malden: Blackwell Publishing Ltd.. doi:10.1002/9780470752937.ch6.
Prince, B. (2009). Phishing attacks cost millions despite low success rate, from http://www.eweek.com/c/a/Security/Phishing-Attacks-Cost-Millions-Despite-Low-Success-Rate-879602/.
Protalinski, E. (2012). Chinese spies used fake Facebook profile to friend NATO officials., from http://www.zdnet.com/blog/facebook/chinese-spies-used-fake-facebook-profile-to-friend-nato-officials/10389.
Quinn, R. (2011). Fake soldiers scam Facebook users. Retrieved from http://www.newser.com/story/113000/fake-soldiers-scam-facebook-users.html.
Ratneshwar, S., & Chaiken, S. (1991). Comprehension’s role in persuasion: The case of its moderating effect on the persuasive impact of source cues. Journal of Consumer Research, 52–62.
Roche, J. L. (2011). Bank Of America Just Had The Ultimate Social Media Fail, from http://articles.businessinsider.com/2011-11-15/wall_street/30400487_1_google-bank-tarp.
Rogers, E. M. (1995). Diffusion of innovations: Free Pr.
Shiller, R. J. (1995). Conversation, information, and herd behavior. The American Economic Review, 85(2), 181–185.
Simon, H. A. (1955). A behavioral model of rational choice. Quarterly Journal of Economics, 69, 99–118.
Smith, A. (2012). Nearly half of american adults are smartphone owners: Pew center & American life project.
Stroebe, W., Insko, C. A., Thompson, V. D., & Layton, B. D. (1971). Effects of physical attractiveness, attitude similarity, and sex on various aspects of interpersonal attraction. Journal of Personality and Social Psychology, 18(1), 79.
Sundar, S. S. (2007). The MAIN model: A heuristic approach to understanding technology effects on credibility. The John D. and Catherine T. MacArthur foundation series on digital media and learning, 73–100.
Sundar, S. S., Knobloch Westerwick, S., & Hastall, M. R. (2007). News cues: Information scent and cognitive heuristics. Journal of the American Society for Information Science and Technology, 58(3), 366–378.
Valente, T. W. (1996). Network models of the diffusion of innovations. Computational and Mathematical Organization Theory, 2(2), 163–164.
Verser, R., & Wicks, R. H. (2006). Managing voter impressions: The use of images on presidential candidate web sites during the 2000 campaign. Journal of Communication, 56(1), 178–197.
Vishwanath, A. (2003). Comparing online information effects. Communication Research, 30(6), 579–598.
Vishwanath, A., Herath, T., Chen, R., Wang, J., & Rao, H. R. (2011). Why do people get phished? Testing individual differences in phishing vulnerability within an integrated, information processing model. Decision Support Systems, 51(3), 576–586.
Wang, J., Chen, R., Herath, T., and Rao, H.R. . (2008). An Empirical Exploration Of The Design Pattern Of Phishing Attacks. In S. J. Upadhyaya, and H.R. Rao (Ed.), Annals of Emerging Research in Information Assurance, Security and Privacy Services: Elsevier.
Washer, P. (2004). Representations of SARS in the British newspapers. Social Science & Medicine, 59(12), 2561–2571.
Winton, A. B. A. R. (2009, October 29). More celebrities targeted by alleged ‘bling ring’, Los Angeles Times. Retrieved from http://articles.latimes.com/2009/oct/29/local/me-celebrity-burglaries29.
Wright, P. H. (1988). Interpreting research on gender differences in friendship: a case for moderation and a plea for caution. Journal of Social and Personal Relationships, 5(3), 367–373.
Zuckerman, A., & Chaiken, S. (1998). A heuristic‐systematic processing analysis of the effectiveness of product warning labels. Psychology and Marketing, 15(7), 621–642.
About this article
Cite this article
Vishwanath, A. Diffusion of deception in social media: Social contagion effects and its antecedents. Inf Syst Front 17, 1353–1367 (2015). https://doi.org/10.1007/s10796-014-9509-2
- IT diffusion and adoption
- Social contagion
- Computer-mediated communication and collaboration
- Laboratory experiments
- Social media
- Online deception