
Leonard Selvaraja Fernando
Research
Abstract
Social media impersonation scams have become increasingly sophisticated, exploiting both technical vulnerabilities and human cognitive biases. This paper presents a mixed-methods investigation that combines quantitative analysis of 1,200+ reported scam incidents with qualitative interviews of 40 victims and 12 security researchers. We identify seven distinct attack strategies, ranging from deepfake-assisted identity theft to context-aware phishing campaigns that leverage publicly available personal data. Our findings reveal that attackers increasingly employ multi-stage approaches, combining reconnaissance, trust-building, and exploitation phases. We propose a comprehensive taxonomy of impersonation techniques and evaluate the effectiveness of current countermeasures across major platforms. The study concludes with actionable recommendations for platform designers, policymakers, and end-users.
Proposed Hypotheses
- There is no significant relationship between attack strategy complexity and victim susceptibility in social media impersonation scams.
- Multi-stage impersonation attacks that combine reconnaissance with trust-building tactics result in higher victim engagement rates than single-stage attacks.
- Victims with higher digital literacy scores are not significantly less susceptible to context-aware phishing campaigns that leverage publicly available personal data.
- Platform-specific countermeasures show differential effectiveness across attack strategies, with visual verification tools outperforming text-based flagging systems for deepfake-assisted attacks.
Data Collection Method
Table of Contents
- 01Introduction
- 02Literature Review
- 03Methodology
- 04Attack Strategy Taxonomy
- 05Quantitative Findings
- 06Qualitative Insights
- 07Discussion & Implications
- 08Conclusion & Recommendations
- 09References