Getting phished on social media

The study experimentally simulated a level-1 social networking-based phishing (SNP) attack, where a phisher using a phony profile attempts to friend an individual on Facebook, and a level-2 SNP attack, where a phisher attempts to extract information directly. The results implicate the use of cognitive shortcuts triggered by the cues afforded in Facebook's interface. Individuals appeared to be using the phisher's friend count as a heuristic for judging the authenticity of a level-1 request. They, thus, responded to a phisher displaying a large friend count even in the absence of a profile picture. Interestingly, the affordance of smartphones used to access social media-an issue that has received little academic attention-increased the odds of considering such requests sevenfold.