LOW USER AWARENESS AGAINST SOCIAL MALWARE: AN EMPIRICAL STUDY AND DESIGN OF A SECURITY AWARENESS APPLICATION

Abstract.

During the past few years, in harmony with the fast growing rate of user population in Online Social Networks (OSNs), a trend for malware writers has been to take advantage of the social relationships of OSN users, in order to lure them into following malicious URLs that lead to malware infection. One reason for the success of such Social Engineering (SE)-based malware has been the low security awareness of OSN users. Indeed, it can be shown that, on the average, OSN users do not have sufficient knowledge of the malicious link threats they may come up against, and thus are easy victims of SE attacks. In this paper we conduct an empirical investigation which, on the one hand, demonstrates Facebook users' low awareness of malicious link threats, and on the other hand explores the views of OSN users on the desirable properties of a security application that protects them against social malware. Furthermore, we design and describe the architecture of a security application which intends to raise Facebook users' security awareness by informing them about (possibly) malicious posts on their walls before or after they get infected. Our application acts proactively by helping users to not get infected by malicious posts, and reactively by helping the users who got infected to gain an understanding of the threat and become more alerted towards identifying malware links.

Keywords: Social Engineering, OSN users' security awareness, Social malware;

Download: (pdf)