Leonard Selvaraja Fernando

Leonard Selvaraja Fernando 

Research

2024·Independent research·Investigative Research PaperActively researchingResearch Paper

Deconstructing social media impersonation scams: A mixed-methods investigation on various strategies used by attackers

Abstract

Social media impersonation scams have become increasingly sophisticated, exploiting both technical vulnerabilities and human cognitive biases. This paper presents a mixed-methods investigation that combines quantitative analysis of 1,200+ reported scam incidents with qualitative interviews of 40 victims and 12 security researchers. We identify seven distinct attack strategies, ranging from deepfake-assisted identity theft to context-aware phishing campaigns that leverage publicly available personal data. Our findings reveal that attackers increasingly employ multi-stage approaches, combining reconnaissance, trust-building, and exploitation phases. We propose a comprehensive taxonomy of impersonation techniques and evaluate the effectiveness of current countermeasures across major platforms. The study concludes with actionable recommendations for platform designers, policymakers, and end-users.

Proposed Hypotheses

  • H0There is no significant relationship between attack strategy complexity and victim susceptibility in social media impersonation scams.
  • H1Multi-stage impersonation attacks that combine reconnaissance with trust-building tactics result in higher victim engagement rates than single-stage attacks.
  • H2Victims with higher digital literacy scores are not significantly less susceptible to context-aware phishing campaigns that leverage publicly available personal data.
  • H3Platform-specific countermeasures show differential effectiveness across attack strategies, with visual verification tools outperforming text-based flagging systems for deepfake-assisted attacks.

Data Collection Method

Mixed Methods

Quantitative analysis of 1,200+ reported scam incidents from cybersecurity databases and platform trust & safety reports, combined with semi-structured qualitative interviews with 40 victims and 12 security researchers across six countries.

Table of Contents

  1. 01Introduction
  2. 02Literature Review
  3. 03Methodology
  4. 04Attack Strategy Taxonomy
  5. 05Quantitative Findings
  6. 06Qualitative Insights
  7. 07Discussion & Implications
  8. 08Conclusion & Recommendations
  9. 09References

About the Author

Leonard Selvaraja Fernando

Leonard Selvaraja Fernando

Primary Researcher

LinkedIn