• by Erik Sass , Staff Writer @eriksass1, September 16, 2014

People who use Facebook a lot are more likely to fall for phishing attacks, for example by giving up sensitive personal information like usernames, passwords, or credit card details to cyber-criminals masquerading as trustworthy institutions. That’s according to a new study titled “Habitual Facebook Use and its Impact on Getting Deceived on Social Media,” published in the Journal of Computer-Mediated Communication.

The study focused on people who might be called “Facebook addicts,” in that they are apparently unable to regulate their own use of the social media platform, hypothesizing that frequent use leads to knee-jerk responses by which the individual makes him or herself vulnerable -- “because once a media behavior becomes habitual, it usually leads to patterned actions that are enacted whenever the situation or urge presents itself, without further reflection on the merits of the behavior.” In other words, “it is likely that individuals who are habitual Facebook users have formed ritualized patterns of usage and have relaxed their cognitive involvement while utilizing the platform.”

To test this hypothesis the author, Dr. Arun Vishwanath, surveyed 150 undergraduate students in the University of Buffalo’s Department of Communication about their Facebook usage, then six weeks later subjected them to various types of Facebook phishing attacks, progressing from exploratory messages to more invasive attempts to get them to share information.

After analyzing these results and matching them against Facebook usage, Vishwanath found that subjects who had agreed with statements like “I feel my Facebook usage has gotten out of control,” or “I feel tense, moody, or irritable when my Facebook friends do no respond to my posts on my Facebook account,” were indeed more susceptible to phishing attacks. Likewise, people with more Facebook friends were also more likely to fall for the phishing attacks.

In addition to unreflective “automatic” behaviors, Vishwanath suggested that habitual Facebook users are also more likely to succumb to “normative” social pressures in their interactions with phishers -- for example feeling compelled to accept friend requests and then respond to requests for information.