The popularity of social networking sites has attracted billions of users from around the world to engage with and share their information on these networks. The vast amount of circulating data and information exposes these networks to several security risks. Social engineering is one of the most common types of threat that may face social network users. Social engineering is an attack technique for manipulating and deceiving users in order to access or gain privileged information. Training and increasing users’ awareness of such threats is essential for maintaining continuous and safe use of social networking services. Identifying the most vulnerable users in order to target them for these training programs is desirable for increasing the effectiveness of such programs. In this context, the present research investigates user characteristics that impact on susceptibility to social engineering-based attacks, using a sequential exploratory mixed methods approach designed in three study phases.The first study phase proposed and validated a user-centric framework that was formulated on the basis of four different perspectives: socio-psychological, habitual, perceptual, and socio-emotional. The measurement scales for the selected user-centric characteristics were developed and validated in the second study phase. The third study phase constructed a conceptual model that predicts users’ susceptibility to social engineering victimisation. According to the scenario-based experiment that was conducted to test the proposed conceptual model, there are direct and indirect effects of users’ characteristics on their susceptibility to social engineering-based attacks on social networks. Users’ trust, level of involvement, and experience with cybercrime were found to be the strongest predictors of users’ vulnerability; while personality traits and users’ motivation to use social network were found to have an indirect impact on their vulnerability and to be mediated by other factors in the model.This research contributes to the existing knowledge of social engineering in social networks, particularly by augmenting the research area of predicting user behaviour towards security threats with the proposal of a novel framework and model to show how user vulnerability to social engineering-based attacks can be predicted. Socio-emotional and perceptual factors, which have been given less attention in previous literature, were revealed by the findings of this research as critical aspects in predicting users’ vulnerability. Social network users have different personalities, experiences, and backgrounds. The present research has considered these differences and offers personalised advice that targets the individual user’s needs by designing an architecture for a semi-automated security advisory system which provides new insight into combatting social engineering threats.
|Date of Award||19 Sep 2019|
- University Of Strathclyde
|Supervisor||George Weir (Supervisor) & John N. Wilson (Supervisor)|