{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,9]],"date-time":"2026-04-09T03:17:02Z","timestamp":1775704622828,"version":"3.50.1"},"reference-count":45,"publisher":"MDPI AG","issue":"2","license":[{"start":{"date-parts":[[2025,2,19]],"date-time":"2025-02-19T00:00:00Z","timestamp":1739923200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Information"],"abstract":"<jats:p>The widespread adoption of social networking sites (SNSs) has brought social-engineering victimisation (SEV) to the forefront as a significant concern in recent years. Common examples of social-engineering attacks include phishing websites, fake user accounts, fraudulent messages, impersonation of close friends, and malicious links shared through comments or posts on SNS platforms. The increasing number of SNS users is closely linked to a rise in SEV incidents. Consequently, it is essential to explore relevant theories, frameworks, and contributing factors to better understand this phenomenon. This study systematises and analyses 47 scholarly works on SEV in SNSs, examining theories, frameworks, and influencing factors. A total of 90 independent variables were identified and grouped into seven perspectives: socio-demographics, personality traits, socio-emotional factors, habitual factors, perceptual\/cognitive factors, message characteristics, and sender characteristics; these were considered alongside mediating variables. The correlations between these variables and victimisation outcomes were evaluated, uncovering factors that increase vulnerability and highlighting contradictory findings in existing studies. This systematised analysis emphasises the limitations in current research and identifies future research directions in order to deepen the understanding of the factors influencing SEV. By addressing these gaps, this study aims to advance mitigation strategies and provide actionable insights to reduce SEV in SNS contexts.<\/jats:p>","DOI":"10.3390\/info16020153","type":"journal-article","created":{"date-parts":[[2025,2,19]],"date-time":"2025-02-19T08:36:46Z","timestamp":1739954206000},"page":"153","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Understanding Social Engineering Victimisation on Social Networking Sites: A Comprehensive Review of Factors Influencing User Susceptibility to Cyber-Attacks"],"prefix":"10.3390","volume":"16","author":[{"ORCID":"https:\/\/orcid.org\/0009-0006-4070-7707","authenticated-orcid":false,"given":"Saad S.","family":"Alshammari","sequence":"first","affiliation":[{"name":"Department of Computer Science and Information Technology, School of Computing, Engineering and Mathematical Sciences, La Trobe University, Bundoora, VIC 3086, Australia"},{"name":"Department of Computer Science, Faculty of Computer Science & Engineering, Hail University, Hail 55476, Saudi Arabia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9519-886X","authenticated-orcid":false,"given":"Ben","family":"Soh","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Information Technology, School of Computing, Engineering and Mathematical Sciences, La Trobe University, Bundoora, VIC 3086, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Alice","family":"Li","sequence":"additional","affiliation":[{"name":"La Trobe Business School, La Trobe University, Bundoora, VIC 3086, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2025,2,19]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Al-Thani, N.A. (2022, January 29\u201331). Adolescents\u2019 and Social Engineering: The Role of Psychometrics Factors in Determining Vulnerability and Designing Inter-ventions. Proceedings of the 2022 9th International Conference on Behavioural and Social Computing (BESC), Matsuyama, Japan.","DOI":"10.1109\/BESC57393.2022.9995705"},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Alqarni, Z., Algarni, A., and Xu, Y. (July, January 27). Toward Predicting Susceptibility to Phishing Victimization on Facebook. Proceedings of the 2016 IEEE International Conference on Services Computing (SCC), San Francisco, CA, USA.","DOI":"10.1109\/SCC.2016.61"},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Algarni, A., Xu, Y., and Chan, T. (July, January 27). Social Engineering in Social Networking Sites: The Art of Impersonation. Proceedings of the 2014 IEEE International Conference on Services Computing, Anchorage, AK, USA.","DOI":"10.1109\/SCC.2014.108"},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1186\/s13673-018-0128-7","article-title":"User Characteristics That Influence Judgment of Social Engineering Attacks in Social Networks","volume":"8","author":"Albladi","year":"2018","journal-title":"Hum. Centric Comput. Inf. Sci."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"5738969","DOI":"10.1155\/2022\/5738969","article-title":"Are You a Soft Target for Cyber Attack? Drivers of Susceptibility to Social Engineering-Based Cyber Attack (SECA): A Case Study of Mobile Messaging Application","volume":"2022","author":"Wulandari","year":"2022","journal-title":"Hum. Behav. Emerg. Technol."},{"key":"ref_6","unstructured":"(2024, December 28). Statista Internet and Social Media Users in the World 2024. Available online: https:\/\/www.statista.com\/statistics\/617136\/digital-population-worldwide\/."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"661","DOI":"10.1057\/s41303-017-0057-y","article-title":"An Empirical Study on the Susceptibility to Social Engineering in Social Networking Sites: The Case of Facebook","volume":"26","author":"Algarni","year":"2017","journal-title":"Eur. J. Inf. Syst."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"101862","DOI":"10.1016\/j.cose.2020.101862","article-title":"Susceptibility to Phishing on Social Network Sites: A Personality Information Processing Model","volume":"94","author":"Frauenstein","year":"2020","journal-title":"Comput. Secur."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Hamoud, A., and A\u00efmeur, E. (2020). Handling User-Oriented Cyber-Attacks: STRIM, a User-Based Security Training Model. Front. Comput. Sci., 2.","DOI":"10.3389\/fcomp.2020.00025"},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Frauenstein, E.D., and Flowerday, S.V. (2016, January 17\u201318). Social Network Phishing: Becoming Habituated to Clicks and Ignorant to Threats?. Proceedings of the 2016 Information Security for South Africa (ISSA), Johannesburg, South Africa.","DOI":"10.1109\/ISSA.2016.7802935"},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"11895","DOI":"10.1109\/ACCESS.2021.3051633","article-title":"Social Engineering in Cybersecurity: Effect Mechanisms, Human Vulnerabilities and Attack Methods","volume":"9","author":"Wang","year":"2021","journal-title":"IEEE Access"},{"key":"ref_12","unstructured":"(2024, December 28). Statista Social Media Main Cyber Threats 2023. Available online: https:\/\/www.statista.com\/statistics\/1499087\/social-media-main-cybersecurity-threats\/."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Kano, Y., and Nakajima, T. (2021, January 9\u201311). Trust Factors of Social Engineering Attacks on Social Networking Services. Proceedings of the 2021 IEEE 3rd Global Conference on Life Sciences and Technologies (LifeTech), Nara, Japan.","DOI":"10.1109\/LifeTech52111.2021.9391929"},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"7","DOI":"10.1186\/s42400-020-00047-5","article-title":"Predicting Individuals\u2019 Vulnerability to Social Engineering in Social Networks","volume":"3","author":"Albladi","year":"2020","journal-title":"Cybersecurity"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Albladi, S., and Weir, G. (2018, January 5\u20137). A Semi-automated Security Advisory System to Resist Cyber-Attack in Social Networks. Proceedings of the 10th International Conference, ICCCI 2018, Bristol, UK.","DOI":"10.1007\/978-3-319-98443-8_14"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Albladi, S.M., and Weir, G.R. (2017, January 23\u201324). Personality Traits and Cyber-Attack Victimisation: Multiple Mediation Analysis. Proceedings of the 2017 Internet of Things Business Models, Users, and Networks, Copenhagen, Denmark.","DOI":"10.1109\/CTTE.2017.8260932"},{"key":"ref_17","unstructured":"Mitnick, K.D., and Simon, W.L. (2002). The Art of Deception: Controlling the Human Element of Security, Wiley."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"e161","DOI":"10.1002\/spy2.161","article-title":"Understanding and Deciphering of Social Engineering Attack Scenarios","volume":"4","author":"Yasin","year":"2021","journal-title":"Secur. Priv."},{"key":"ref_19","first-page":"383","article-title":"Source Credibility in Twitter","volume":"22","author":"Alturki","year":"2022","journal-title":"Int. J. Comput. Sci. Netw. Secur."},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Banire, B., Al Thani, D., and Yang, Y. (2021). Investigating the Experience of Social Engineering Victims: Exploratory and User Testing Study. Electronics, 10.","DOI":"10.3390\/electronics10212709"},{"key":"ref_21","unstructured":"(2024, August 28). APWG Phishing Activity Trends Report. Available online: https:\/\/docs.apwg.org\/reports\/apwg_trends_report_q4_2014.pdf."},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"(2024, August 28). APWG Phishing Activity Trends Report. Available online: https:\/\/docs.apwg.org\/reports\/apwg_trends_report_q3_2019.pdf.","DOI":"10.1016\/S1361-3723(19)30025-9"},{"key":"ref_23","unstructured":"Algarni, A., Xu, Y., Chan, T., and Tian, Y.-C. (2014, January 24\u201328). Social Engineering in Social Networking Sites: How Good Becomes Evil. Proceedings of the 18th Pacific Asia Conference on Information Systems (PACIS), Chengdu, China."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Albladi, S., and Weir, G.R.S. (2016, January 12\u201314). Vulnerability to Social Engineering in Social Networks: A Proposed User-Centric Framework. Proceedings of the 2016 IEEE International Conference on Cybercrime and Computer Forensic (ICCCF), Vancouver, BC, Canada.","DOI":"10.1109\/ICCCF.2016.7740435"},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Collier, H. (2022, January 16\u201317). Including Human Behaviors Into IA Training Assessment: A Better Way Forward!. Proceedings of the 21st European Conference on Cyber Warfare and Security, Chester, UK.","DOI":"10.34190\/eccws.21.1.225"},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Algarni, A. (2019). What Message Characteristics Make Social Engineering Successful on Facebook: The Role of Central Route, Peripheral Route, and Perceived Risk. Information, 10.","DOI":"10.3390\/info10060211"},{"key":"ref_27","first-page":"1","article-title":"Social Engineering: IE Based Model of Human Weakness for Attack and Defense Investigations","volume":"9","author":"Fan","year":"2017","journal-title":"IJ Comput. Netw. Inf. Secur."},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"106930","DOI":"10.1016\/j.chb.2021.106930","article-title":"Performing Social Engineering: A Qualitative Study of Information Security Deceptions","volume":"124","author":"Steinmetz","year":"2021","journal-title":"Comput. Hum. Behav."},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"388","DOI":"10.1111\/spc3.12115","article-title":"Weapons of Influence Misused: A Social Influence Analysis of Why People Fall Prey to Internet Scams","volume":"8","author":"Muscanell","year":"2014","journal-title":"Soc. Personal. Psychol. Compass"},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Algarni, A., Xu, Y., and Chan, T. (2016, January 5\u20138). Measuring SOURCE credibility of Social Engineering Attackers on Facebook. Proceedings of the 2016 49th Hawaii International Conference on System Sciences (HICSS), Koloa, HI, USA.","DOI":"10.1109\/HICSS.2016.460"},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Kyi, E.L. (December, January 30). Stobert \u201cI don\u2019t Really Give Them Piece of Mind\u201d: User Perceptions of Social Engineering Attacks. Proceedings of the 2022 APWG Symposium on Electronic Crime Research (eCrime), Boston, MA, USA.","DOI":"10.1109\/eCrime57793.2022.10142113"},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"2049","DOI":"10.1016\/j.infsof.2013.07.010","article-title":"A Systematic Review of Systematic REVIEW Process research in Software Engineering","volume":"55","author":"Kitchenham","year":"2013","journal-title":"Inf. Softw. Technol."},{"key":"ref_33","unstructured":"Kitchenham, B., and Charters, S. (2007). Guidelines for Performing Systematic Literature Reviews in Software Engineering, Keele University. Keele University and Durham University Joint Report."},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Wohlin, C. (2014, January 13\u201314). Guidelines for Snowballing in Systematic Literature Studies and A Replication in Software Engineering. Proceedings of the 18th International Conference on Evaluation and Assessment in Software Engineering, London, UK.","DOI":"10.1145\/2601248.2601268"},{"key":"ref_35","unstructured":"(2024, June 07). Covidence Covidence\u2014Better Systematic Review Management. Available online: https:\/\/www.covidence.org\/."},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"103858","DOI":"10.1016\/j.im.2023.103858","article-title":"Unraveling the Behavioral Influence of Social Media on Phishing Susceptibility: A Personality-Habit-Information Processing Model","volume":"60","author":"Frauenstein","year":"2023","journal-title":"Inf. Manag."},{"key":"ref_37","doi-asserted-by":"crossref","first-page":"1","DOI":"10.4102\/sajim.v22i1.1176","article-title":"Contributing Factors to Increased Susceptibility to Social Media Phishing Attacks","volume":"22","author":"Parker","year":"2020","journal-title":"S. Afr. J. Inf. Manag."},{"key":"ref_38","doi-asserted-by":"crossref","first-page":"1353","DOI":"10.1007\/s10796-014-9509-2","article-title":"Diffusion of Deception in Social Media: Social Contagion Effects and Its Antecedents","volume":"17","author":"Vishwanath","year":"2015","journal-title":"Inf. Syst. Front."},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"185","DOI":"10.1007\/978-981-10-6454-8_24","article-title":"Social Media Information Security Threats: Anthropomorphic Emoji Analysis on Social Engineering","volume":"Volume 450","author":"Njenga","year":"2018","journal-title":"IT Convergence and Security 2017"},{"key":"ref_40","doi-asserted-by":"crossref","first-page":"123","DOI":"10.1089\/cyber.2016.0714","article-title":"Risk Factors for Social Networking Site Scam Victimization among Malaysian Students","volume":"21","author":"Kirwan","year":"2018","journal-title":"Cyberpsychol. Behav. Soc. Netw."},{"key":"ref_41","doi-asserted-by":"crossref","unstructured":"Uebelacker, S.S. (2014, January 18). Quiel The Social Engineering Personality Framework. Proceedings of the 2014 Workshop on Socio-Technical Aspects in Security and Trust, Vienna, Austria.","DOI":"10.1109\/STAST.2014.12"},{"key":"ref_42","doi-asserted-by":"crossref","first-page":"97383","DOI":"10.1109\/ACCESS.2020.2995619","article-title":"Algarni Factors Influencing Players\u2019 Susceptibility to Social Engineering in Social Gaming Networks","volume":"8","author":"Alturki","year":"2020","journal-title":"IEEE Access"},{"key":"ref_43","doi-asserted-by":"crossref","first-page":"103084","DOI":"10.1016\/j.apergo.2020.103084","article-title":"Email Phishing and Signal Detection: How Persuasion Principles and Personality Influence Response Patterns and Accuracy","volume":"86","author":"Lawson","year":"2020","journal-title":"Appl. Ergon."},{"key":"ref_44","doi-asserted-by":"crossref","unstructured":"Collier, H., Morton, C., Alharthi, D., and Kleiner, J. (2023, January 22\u201323). Cultural Influences on Information Security. Proceedings of the 22nd European Conference on Cyber Warfare and Security, Piraeus, Greece.","DOI":"10.34190\/eccws.22.1.1127"},{"key":"ref_45","doi-asserted-by":"crossref","first-page":"83","DOI":"10.1111\/jcc4.12100","article-title":"Habitual Facebook Use and Its Impact on Getting Deceived on Social Media","volume":"20","author":"Vishwanath","year":"2015","journal-title":"J. Comput. Mediat. Commun."}],"container-title":["Information"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2078-2489\/16\/2\/153\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,9]],"date-time":"2025-10-09T16:38:01Z","timestamp":1760027881000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2078-2489\/16\/2\/153"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,2,19]]},"references-count":45,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2025,2]]}},"alternative-id":["info16020153"],"URL":"https:\/\/doi.org\/10.3390\/info16020153","relation":{},"ISSN":["2078-2489"],"issn-type":[{"value":"2078-2489","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,2,19]]}}}