News Release

Habitual Facebook users more likely to be caught in phishing scams

Users with large social networks, frequent Facebook use, and inability to regulate media use are more susceptible to accepting strangers as friends and giving them information

Peer-Reviewed Publication

International Communication Association

Washington, DC (September 17, 2014) – Receiving an email that claims you are the recipient of a large sum of money from an unknown deceased relative immediately raises a red flag. These email scams are often trashed or filtered through spam folders. But what about on social networks where there is no filter? Where people can learn about your personal life with a few clicks? A recent study published in the Journal of Computer-Mediated Communication by a researcher at the University at Buffalo – State University of New York found that people who habitually use Facebook were more susceptible to being victims of online scams.

Arun Vishwanath (Associate Professor of Communication, University at Buffalo – State University of New York) subjected 150 college students to real phishing attacks on Facebook. At the beginning of the semester students were asked to participate in an online survey on general technology use, buried among these questions were measures for their Facebook usage habits. Six weeks after the survey, the participants were located on Facebook and each student was sent a friend-request from a phony Facebook account. Two weeks later, an information-request was sent to them from that profile. This communication asked for the participants' student ID number, e-mail username, and date of birth.

Vishwanath found that Facebook users in the sample who had large social networks, used Facebook more frequently than their peers, and those who were unable to control their impulsive use of the platform were were much more likely to inadvertently accept the friend-request and hand over their personal information when phished. Facebook by design promotes repeated interaction with its platform. It makes users keep posting updates and checking-in on other people's feeds, and in many ways fosters habit formation. The findings of the study reveal that people who tend to engage in too much of such Facebook use, when coupled with an inability to regulate their behavior, are particularly vulnerable to social media phishing.

Social media phishing is the attack mode of choice among cyber criminals and has been implicated in crimes ranging from home invasion to cyber bullying, illegal impersonation, and espionage. This is the first to subject Facebook users to a real social media phishing attack and assess how individual Facebook use-patterns and habits influence their deception-likelihood.

"Habitual Facebook use is an understudied issue and as such there are no interventions aimed at correcting it. We need to develop techniques to identify individuals who posses this problem early on, and we now know its behavioral and personality markers," said Vishwanath. "We need to next develop remedial interventions that target such individuals and help them develop better cyber-hygiene. This would not only help them but it will also protect all of us from phishing attacks, since the Pew Center has estimated that the average Facebook user can reach anywhere from 70,000-150,000 other people through their friends networks."


"Habitual Facebook Use and its Impact on Getting Deceived on Social Media," by Arun Vishwanath; Journal of Computer-Mediated Communication DOI: 10.1111/jcc4.12100

Contact: To schedule an interview with the author or receive a copy of the research, please contact John Paul Gutierrez,

About ICA

The International Communication Association is an academic association for scholars interested in the study, teaching, and application of all aspects of human and mediated communication. With more than 4,300 members in 80 countries, ICA includes 27 Divisions and Interest Groups and publishes the Communication Yearbook and five major, peer-reviewed journals: Journal of Communication, Communication Theory, Human Communication Research, Communication, Culture & Critique, and the Journal of Computer-Mediated Communication. For more information, visit

Disclaimer: AAAS and EurekAlert! are not responsible for the accuracy of news releases posted to EurekAlert! by contributing institutions or for the use of any information through the EurekAlert system.