Study shows: Social media users are high-risk group for cyber attacks

Press release
Researchers at Darmstadt University of Technology, in collaboration with IT-Seal, have now found that social media users are significantly more vulnerable to cyberattacks than non-social media users.

New study by TU Darmstadt and IT-Seal GmbH shows: social media users are high-risk group for cyber attacks.

Darmstadt, Germany, May 19, 2021 - Researchers at Darmstadt University of Technology, in collaboration with IT-Seal, have found that social media users are significantly more vulnerable to cyberattacks than non-social media users.

Current job, education, certificates, hobbies and colleagues – all this data and information from social networks is in many cases freely available on the Internet. Cyber criminals use this information to create targeted phishing emails, among other things, that generate a high level of credibility among their victims when equipped with real information.

A study by the Information Systems & E-Services (ISE) department at TU Darmstadt, which will be presented at the European Conference on Information Systems in June 2021, has now investigated whether users who are very active on social media are also more vulnerable to cyberattacks.

The answer is clear: "Social media users are to be regarded as high-risk groups with regard to phishing attacks," explains Anjuli Franz from TU Darmstadt. "On the one hand, it comes to bear that more information about them can be viewed online and thus more targeted attacks are possible. On the other hand, social media users are more susceptible to phishing attacks because they develop certain habits through intensive use, for example responding directly and automatically to triggers, prompts and notices. Phishing emails that generate high "message involvement," i.e., appear as if they are of high personal relevance to the recipient, therefore achieve significantly higher click-through rates among social media users than among non-social-media users. This confirms what has already been shown in previous research: Social media users are less likely to use "slow rational thinking" and do not evaluate information critically as often."

These research findings are particularly relevant in light of the recent data leaks from LinkedIn and Facebook, each of which published half a billion user profile data. Cybercriminals are being handed data from a large number of users on a silver platter. "Social media users and IT security managers in companies must prepare themselves for particularly nasty and targeted phishing attacks in the coming months," is the assessment of IT-Seal CEO David Kelm.

But not only social media users are affected: In the corporate context, public information on employer evaluation portals such as Kununu and Glassdoor also plays a role. This information is used by criminals to target even those users who do not use social media. These types of attacks also mean an increased risk for companies, as the TU Darmstadt was able to find out in the study: "The higher the generated "message involvement" of a phishing email, the higher the click rate - this applies to recipients with and without a social media profile," says Franz.

After the Corona-related phishing wave and the shutdown of the EMOTET network, companies are now facing a new phishing wave that is likely to gain momentum in the coming months. It will be interesting to see whether this will top the damage caused by ransomware (encryption Trojans), which in 2020 caused damage of around four billion US dollars in Germany alone.

Below you can download the TU Darmstadt study "WHO BITES THE HOOK? INVESTIGATING EMPLOYEES' SUSCEPTIBILITY TO PHISHING: A RANDOMIZED FIELD EXPERIMENT" and download it. In addition, you will find two examples of phishing simulations by IT-Seal GmbH using publicly available information from Kununu and LinkedIn, respectively.

(458 words/ 3.615 characters with spaces)

About the Technical University of Darmstadt:

The Department of Information Systems & E-Services (ISE) at TU Darmstadt is headed by Prof. Dr. Alexander Benlian, one of the most research-intensive business informatics professors in the German-speaking world. The researchers of ISE deal, for example, with user decisions in the contexts of security, e-commerce or artificial intelligence.

About IT-Seal:

IT-Seal GmbH is considered one of the most successful German cyber security startups, specializing in sustainable security culture and security awareness training, including through authentic phishing simulations. With the patented spear phishing engine and the scientific, patent-pending "Employee Security Index", security culture can be measured and benchmarked across industries. For enterprises and public sector organizations, IT-Seal provides an easy-to-use workflow to individually and reliably train their employees to recognize phishing emails and protect their organizations from cyber threats.

Cooperation TU Darmstadt and IT-Seal:

Since 2019, TU Darmstadt has been cooperating with the university spin-off IT-Seal to research the topic of IT security culture in a corporate context. IT-Seal provides access to companies and public institutions from a wide range of sectors with the aim of understanding and strengthening the IT security culture in companies and public institutions.

For questions and further information please contact us:

Laura Stephan
Press coordination
Hilpertstr. 31
64295 Darmstadt
Telephone: +49 (6151) 4938978