Abstract
The evolution of anthropomorphism and affective design principles in Social Medial has allowed friends and colleagues to create content across organizational settings that now provision for emotions through the popular use of emoji. Of concern to information systems security practitioners is that the use emoji can be effective in social engineering through facilitating escalated malevolent attacks to unsuspecting victims. The article applies theories from social psychology, criminology and information systems while using the Elaboration Likelihood Model (ELM) to determine the possibility of using emoji as tools for effective social engineering. A university setting was used and student–actors enlisted to execute social engineering scenarios under carefully controlled environments. Screen shots of social engineering using emoji were taken by student-actors and sent to researcher for analysis. Qualitative data analysis involved prepossessing emoji data through tokenization and normalization. Results reveal two important findings. Firstly, that the effective use of emoji is more likely to persuade victims because of unsuspecting emotional appeal. Secondly, more time was taken to persuade a victim when only textual words instead of emoji were used in the interaction process. The results of findings are discussed in the main article.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Zuber, M.: A survey of data mining techniques for social network analysis. Int. J. Res. Comput. Eng. Electron. 3(6) (2014)
Pohl, H., Domin, C., Rohs, M.: Beyond just text: semantic emoji similarity modeling to support expressive communication. ACM Trans. Comput. Hum. Interact. (TOCHI) 24(1), 6 (2017)
Shin, D.-H.: The effects of trust, security and privacy in social networking: a security-based approach to understand the pattern of adoption. Interact. Comput. 22(5), 428–438 (2010)
Workman, M.: Wisecrackers: a theory-grounded investigation of phishing and pretext social engineering threats to information security. J. Am. Soc. Inform. Sci. Technol. 59(4), 662–674 (2008)
Barlow, J.B., et al.: Don’t make excuses! Discouraging neutralization to reduce IT policy violation. Comput. Secur. 39, 145–159 (2013)
Browne, S., Lang, M., Golden, W.: The insider threat-understanding the aberrant thinking of the rogue“trusted agent”. In: ECIS (2015)
D’Arcy, J., Hovav, A., Galletta, D.: User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach. Inf. Syst. Res. 20(1), 79–98 (2009)
Bulgurcu, B., Cavusoglu, H., Benbasat, I.: Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Q. 34(3), 523–548 (2010)
Warkentin, M., Malimage, N., Malimage, K.: Impact of Protection motivation and deterrence on IS security policy compliance: a multi-cultural view. In: Proceedings of the Pre-ICIS Workshop on Information Security and Privacy, Orlando, Paper (2012)
DiSalvo, C., Gemperle, F.: From seduction to fulfillment: the use of anthropomorphic form in design. In: Proceedings of the 2003 International Conference on Designing Pleasurable Products and Interfaces. ACM (2003)
Mogicons. Emoticons for Facebook (2017). https://www.mogicons.com/en/. Accessed 5 May 2017
Mitnick, K.D., Simon, W.L.: The Art of Deception: Controlling the Human Element of Security. Wiley, New York (2011)
Granger, S.: Social engineering fundamentals, part I: hacker tactics. SecurityFocus 18 (2001)
Palumbo, J.: Social engineering: what is it, why is so little said about it and what can be done? SANS Institute (2000)
Gao, W., Kim, J.: Robbing the cradle is like taking candy from a baby. In: Proceedings of the Annual Conference of the Security Policy Institute (GCSPI) (2007)
Calluzzo, V.J., Cante, C.J.: Ethics in information technology and software use. J. Bus. Ethics 51(3), 301–312 (2004)
Hu, X., et al.: Unsupervised sentiment analysis with emotional signals. In: Proceedings of the 22nd international conference on World Wide Web. ACM (2013)
Cialdini, R.B.: Science and Practice (2001)
Pak, A., Paroubek, P.: Twitter as a corpus for sentiment analysis and opinion mining. In: LREC (2010)
Bifet, A., Frank, E.: Sentiment knowledge discovery in twitter streaming data. In: International Conference on Discovery Science. Springer, Heidelberg (2010)
Kouloumpis, E., Wilson, T., Moore, J.D.: Twitter sentiment analysis: the good the bad and the omg! ICWSM 11(538–541), 164 (2011)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Njenga, K. (2018). Social Media Information Security Threats: Anthropomorphic Emoji Analysis on Social Engineering. In: Kim, K., Kim, H., Baek, N. (eds) IT Convergence and Security 2017. Lecture Notes in Electrical Engineering, vol 450. Springer, Singapore. https://doi.org/10.1007/978-981-10-6454-8_24
Download citation
DOI: https://doi.org/10.1007/978-981-10-6454-8_24
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-6453-1
Online ISBN: 978-981-10-6454-8
eBook Packages: EngineeringEngineering (R0)