2023 International Conference for Advancement in Technology (ICONAT)

Goa, India. Jan 24-26, 2023

Attacks on Social Media Networks and

Prevention Measures *
2023 International Conference for Advancement in Technology (ICONAT) | 978-1-6654-7517-4/23/$31.00 ©2023 IEEE | DOI: 10.1109/ICONAT57137.2023.10080106

1st Purba Pal 2nd Sharmila Ghosh 3rd Dr. Nirmalya Kar
Dept. of CSE Dept. of CSE Dept. of CSE
NIT Agartala, INDIA NIT Agartala, INDIA NIT Agartala, INDIA
purnagayatri.pal@gmail.com sharmilaghosh098@gmail.com nirmalya@nita.ac.in

Abstract—Social Media, usually referred to as a social space, instance, users are prone to employing unauthorized programs,
provides the best platform for people from various physical places abusing corporate PCs, accessing unauthorized networks, and
to communicate, share images, interests and ideas or meet new publishing sensitive information on insecure networks.[3][16]
friends. And due to this, the number of users is also increasing
day by day. Social Media Networks confront a concerning rate II. S OCIAL M EDIA N ETWORKING
of rise in cyber threats due to their enormous user base and
quick rise in popularity. The producers of Social Media Networks
intend to protect their users, but hackers and invaders are able
to get beyond the security mechanisms by employing a variety
of ways to exploit users’ privacy, identity, and confidentiality.
It’s possible that the majority of users of social networking
sites are ignorant of the presence of these serious hazards. The
primary security concerns relating to online social networks are
highlighted in this paper including the existing techniques for
preventing those cyber attacks.
Index Terms—Social Media Networks, Categorisation of Social
Media Attacks, Prevention Mechanisms

I. I NTRODUCTION
In the last few decades, the enormous growth in the us-
age of information technology and the growing reliance on
Social Media has become particularly significant, increasing
productivity, finding solutions to issues, and making life easier
on all levels in both the professional and personal spheres.
In addition to information sharing, e-mail, Social Media Net-
working sites, e-learning, and many other applications and uses
Fig. 1. Different Types of Social Media Networking Platforms
in the professional and non-professional sectors, an increasing
number of human interactions rely on technology for quick
The qualities and goals of Social Media networking sites
and continuous communication. Online social networking has
vary, and they can be categorized into various types. Figure 1
become a new and exciting lifestyle for individuals because of
shows different types of Social Media platforms. From them,
the rising ubiquity of mobile devices and applications mixed
the top 10 Social Media platforms of 2022 are- Facebook,
with social networking technologies. As a result, monitoring
YouTube, WhatsApp, Instagram, TikTok, Snapchat, Pinterest,
information technology becomes more and more necessary.
Reddit, LinkedIn, and Twitter.[22] Analysis from the global
Attacks and threats have escalated, obstructing development
platform datareportal.com shows that at least 300 million
and preventing total control over data and information.[18][5]
individuals were engaged on 17 Social Media sites in October
The complexity of malicious programs is constantly growing
2022.[23]. There are 2.934 billion active Facebook users each
and spreading in a variety of ways, making it increasingly chal-
month. The potential audience for YouTube advertising is
lenging to reverse their detrimental and frequently destructive
2.515 billion. Every month, at least 2 billion individuals use
impacts[12]. Institutions and individual users are given special
WhatsApp. There are 1.386 billion potential customers for
consideration in a number of crucial areas, including data pri-
Instagram advertising.WeChat has 1.299 billion active users
vacy. When utilizing social network services, users frequently
every month. There are 700 million monthly active users of
assume a number of risks with their personal information; for
Telegram[23]. Social media networking is the use of a par-
ticular internet platform to connect with, communicate with,
and collaborate with people who have interests similar to your

978-1-6654-7517-4/23/$31.00 ©2023 IEEE 1

Authorized licensed use limited to: Universitas Indonesia. Downloaded on August 04,2023 at 06:34:42 UTC from IEEE Xplore. Restrictions apply.
own. This includes peers, friends, and family. Popular social
media platforms like Facebook, Yelp, Twitter, and Instagram
enable people to keep in touch with one another, remain
informed, and access as well as share a plethora of knowledge.
By promoting their brands on these websites, marketers can
also reach their target customers. We have broadly classified
the Social Media platforms mainly into 4 parts. They are
discussed below-
A. Traditional Social Networks
The major goals of this website are information sharing
and friend-to-friend communication, as well as the expansion
of user groups with shared interests. The LinkedIn website
is an illustration of a Social Media site that links friends and
classmates to build a network that can assist users in advancing
their careers. Other examples are Facebook, Twitter, etc.
Fig. 2. Classification of Social Media Networking Threats
B. Media Sharing Networks
On media-sharing networks, there are many different types
of visual content, including infographics, pictures, both short-
and long-form videos, and also texts. Some examples of this
type of Social Media platforms are WhatsApp, Facebook,
Twitter, Instagram, etc.
C. Social Blogging Networks
Nowadays many people want to share their life stories with
other people and for that, they write personal blogs which are
a type of personal journal. Blogs always focus on a particular
slot or awareness. Some commonly used blogging sites are-
Medium, WordPress.org, web.com, Tumbler, Blogger, etc.
2
Authorized licensed use limited to: Universitas Indonesia. Downloaded on August 04,2023 at 06:34:42 UTC from IEEE Xplore. Restrictions apply.
D. Discussion Networks
Not always are social media sites like Facebook or In-
stagram the greatest places for people who want to discuss
a topic in-depth or have specific questions. For a number
of objectives, people can access and create material on a
variety of platforms. However, users frequently use services
like Reddit or Discord to communicate with groups of people
who share their interests and look for solutions.
With the growth in the number of Social Media network-
ing sites and users in recent years, the frequency of piracy
has significantly increased on these sites. 18 out of every
100 Indians reportedly had their personal contact information
compromised, according to Surfshark. According to the VPN
service, India is the sixth most frequently penetrated country
in the world in terms of cyber attacks. 254.9 million of the 15
billion compromised accounts worldwide belong to individuals
in India[5][18]. In addition, 962.7 million Indian data points,
the majority of which are passwords, have been exposed. The
problem, according to the business, is quite concerning given
that out of every ten accounts in India that are leaked, half are
also stolen with a password[9]. Basic security approaches are
given in Table I
TABLE I
S ECURITY A PPROACHES OF OSN
Security Description
Approaches
Watchdog A residential network can incorporate these tools. It also
and social acts as a link between the user and the OSN vendor.
enabler Additionally, it helps parents defend their children against
dangers posed by teenagers.
User-control These applications allow users to control their settings.
Users are given control over what can be shared.
Structural With this method, it is possible to monitor user behavior
anomaly while building a probabilistic model. To identify abnor-
detection mal events, they use observations.
Virtual Data storage on individual private servers is made pos-
individual sible by individual virtual servers, which limit access to
servers data by anonymous users.
Reputation The trust relationship is the true foundation of the rep-
mechanisms utation mechanism. It plays a significant role in P2P
communication.
Proxy-based These protect the user in real-time by blocking access to
protection harmful websites.
• Avoid using simple passwords since they are easy to crack
and avoid using the same password across many websites
because a breach on one site can lead to a breach on all
websites.
• Use a strong, complicated password that is difficult to
guess.
• To store and manage passwords, make use of apps like
ZOHO, Keeper, and Dashlane[21].
III. ATTACK M ETHODOLOGIES IN S OCIAL M EDIA
N ETWORKING
Many internet trends—commercial, professional, social, or
otherwise—are largely determined by how users of social
networks engage with one another. Additionally, a lot of
organizations, businesses, and people have learned how to
 TABLE II
C LASSIC T HREATS IN S OCIAL M EDIA

Attack Scope of Attack Description

Name
Cross- Web applications Attacker injects malicious code runs in the user’s browser. XSS can affect victims, steal
site cookies, modify websites, conquer clipboards content, keylogging, port scanning, dynamic
script- downloads[6]
ing(Xss)
Internet WhatsApp, Facebook, It entails using the Internet to deceive and con people., such as when someone logs into
fraud Twitter, Instagram another user’s account and demands that they transfer money to a certain bank account[7]
Spammer Facebook, Instagram, Attackers of this kind can submit comments to pages that many users view on Social Media
Twitter accounts as well as send a harmful message, such as advertisements, to various users by
setting up fictitious accounts[25]
Malware WhatsApp, Facebook, The hacker creates malicious software with the goal of taking over the user’s device and
attack Twitter, Instagram, using it to carry out some illegal operations like stealing user’s information etc[21]
LinkedIn
Phishing LinkedIn, Facebook The technique of an attacker posing as a trustworthy person in an electronic conversation
attack and Twitter in an effort to gain sensitive data such as passwords, usernames, credit card numbers, and
occasionally money[10]
SQL Web applications with Attackers can gain full access to database programs that handle sensitive data due to SQL
injection a database, Gmail Ac- injection attacks. Targets of SQL injection attacks include data extraction, remote command
attack counts, Hotmail Ac- execution, data modification, denial of service, database fingerprinting etc
counts, Yahoo Ac-
counts, and Outlook
Accounts
DDoS Twitter, Facebook, DDoS is the main method of attack against the social networking infrastructure that directly
attack YouTube, impacts the users[24].
LiveJournal, Google’s
Blogger

engage with coworkers and clients through Social Media sites
like Facebook, Twitter, and LinkedIn[13][17]. The result is
the quick rise in the popularity of social networking sites,
risks including spyware, computer viruses, and malicious
software have become more prevalent, posing a threat to data
security and confidentiality. Internet and social networking
risks come in two flavors: traditional threats and contemporary
threats. Because of the Social Media infrastructure, which can
endanger user privacy and security, modern threats are relevant
to users of online social networks[12]. Classic risks make all
users on a given network vulnerable to attacks.OSN threats
can be broadly classified into three categories shown in figure
2. They are classic threats, modern threats, and adolescent
threats.
A. Classic Threats
Traditional/classic threats have existed since the invention
of the Internet, and those threats grew as the Internet and
social networking applications evolved[15]. The Social Media
networking structure and existence make it simple for classic
threats to circulate among users in the network and spread
gradually. By obtaining the user’s personal information, classic
threats frequently harm the user’s profile and credentials.
When a person inadvertently clicks on that malicious code or
link, it might propagate among users[11][14]. This malware
has obtained the user’s login information, allowing it to post
messages on the user’s behalf and alter personal content. The
classic threats, which include malware, cross-site scripting
(XSS), spam, phishing attacks, and others, are still present
despite previous attempts to address them. These threats
threaten users’ Social Media accounts and data, as well as
the content of users and their connections[15]. Table II lists
many sorts of classic attacks.
B. Modern Threats
These specific threats are linked to Social Media platforms.
These threats aim to access private and sensitive information
belonging to users and the friends they follow and interact
with. For instance, hackers target users who have particular
privacy settings in order to reveal and compromise their
personal data. Clickjacking, fake profiles, deanonymization,
face recognition, and identity clone attacks are the most recent
dangers. The tracking and gathering of user information for
individuals, groups, organizations, and businesses are done
through the monitoring of social networking sites, sometimes
referred to as listing and measuring. For instance, Facebook
granted Cambridge Analytica access to millions of profiles
without asking users’ permission so that company could use
the data for political campaigning. Millions of individuals’
Social Media posts were allegedly examined by the corpora-
tion in order to construct psychological profiles of those users,
which were later used to target messages to influence voting
patterns[4]. Table III lists various forms of modern attacks on
Social Media.
C. Adolescent Threats
An opponent may use the fear of a social threat to frighten
and pursue users of social networking platforms. Young users,
primarily teens, are the primary target of this type of threat.
These risks are substantial, thus certain countermeasures are
needed to deal with them. Table IV describes different types
of adolescent attacks[21].

3
Authorized licensed use limited to: Universitas Indonesia. Downloaded on August 04,2023 at 06:34:42 UTC from IEEE Xplore. Restrictions apply.
 TABLE III
M ODERN T HREATS IN S OCIAL M EDIA

Attack Scope of Attack Description

Name
Clickjacking Facebook, Twitter, In- Clickjacking is an interface-based attack in which users are tricked into clicking executable
stagram, LinkedIn content on a hidden website by clicking other content on a decoy website
Social-bots Facebook, Twitter, Attacks using automated accounts on Social Media are a form of organized crime that
and Instagram could endanger public opinion, democracy, public health, the stock market, and other
fields
Fake profiles Facebook, Twitter, In- In a fake profile attack, a profile is made on a social network by an attacker using
stagram false information—such as a name, interests, social security number, photos, and other
details—and sending messages to specific users. They want to get user information as
their goal[20][8]
Location and Facebook, Twitter, In- It poses a threat to privacy and promotes online Social Media users to publish their
information stagram location on online social networking due to the popularity of using smartphone devices
leakage and ease of usage. As a result, there is a greater chance that someone else or an attacker
will learn where online Social Media users are[2]

TABLE IV
A DOLESCENT T HREATS IN S OCIAL M EDIA

Attack Scope of Attack Description

Name
Cyberbullying Instagram, Cyberbullying is when an individual or group of individuals use the internet, mobile
Facebook, Twitter phones, or other digital technology to terrorize, tease, or otherwise harm a victim. Faming,
denigration, harassing, outing, trickery, impersonation, and cyberstalking are some of the
several sorts of cyberbullying attacks
Online Instagram, Online grooming attacks occur when an adult approaches a teenager with the goal of
grooming Facebook, Twitter seducing them
attacks

The most crucial stage of any Social Media attack is
information collecting. Effective information gathered at this
point will determine whether the attack is successful in every
way. So, when choosing sources from which to gather infor-
mation, be careful. The majority of the time, the attacker uses
company websites, Social Media, search engines, well-known
lunch locations, and dumpster diving to gather information
and do physical research[5]. These are the several sources
that people consult most frequently. These sources are used to
gather data on perception, personality, preferences, and other
personal characteristics.
IV. C OUNTER M EASURES TO P REVENT S OCIAL M EDIA
N ETWORKING ATTACKS
In this section, we’ll give an overview of the human-based
and tool-based prevention measures employed by both industry
and academia to counteract cyber attacks. The fundamental
security systems that must be present in a company or on
a user’s device in order to prevent manipulating attacks are
among the countermeasures for Social Media network attacks.
The Social Media attack target both technology and human
expertise, therefore each step of the security process needs
to incorporate protection measures. Technologies need to be
regularly updated in order to limit the accessibility of infor-
mation via the internet. Additionally, consistent training and
awareness programs are required to reduce the manipulation of
the human component. The countermeasures must be put into
action on each level[5][6]. Attacks on Social Media frequently
succeed because of the effect of human-based variables.
Users frequently aren’t aware of the misleading strategies
used by social engineers, according to research. Therefore,
it is crucial to raise user knowledge in order to prevent
the occurrence of Social Media attacks on the human level.
To reduce Social Media attacks, it is necessary to conduct
ongoing staff training as Social Media networking strategies
change. Examples of human-based countermeasures include
user awareness initiatives, auditing and monitoring, identity
management and access control, and training programs to
improve awareness of how to respond to threats[19]. A sender
policy framework, the use of scanning software, the adoption
of content-based filtering tools, the use of biometric systems,
and the implementation of intrusion detection systems are
some of the vital technological instruments to stop threats
related to Social Media Networks[19]. Implementing efficient
security technologies is crucial for detecting attacks in their
early stages and preventing them. It’s important to distinguish
between legitimate files and those that have malware because
attackers use a variety of advanced techniques, including
smartphones, websites, email, and Social Media. And due
to this, there is a need for a sophisticated scheme to give
sufficient security levels as well as raise user awareness and
knowledge of cybersecurity risks/threats in order to bridge the
gap in existing protection measures. After reviewing 25 papers,
we have classified several tool-based preventative measures
and some preventive advice associated with different types of
attacks that occur in Social Media Networks is provided in
Table V.

4
Authorized licensed use limited to: Universitas Indonesia. Downloaded on August 04,2023 at 06:34:42 UTC from IEEE Xplore. Restrictions apply.
 TABLE V
P REVENTION M EASURES OF S OCIAL M EDIA ATTACKS

Domain Attack Category Prevention Mechanisms

of
Attack
Classic Malware Attack Install updated antivirus. Pay close attention to a website’s URL.Malware detection methods
based on anomaly and signature analysis. N-grams, API/system calls, assembly instructions, and
hybrid features are examples of techniques
Phishing Attack Do not give personal or financial information in response to unauthorized calls, emails, or visits.
Use: CAPTCHA, digital certificates, genetic and attribute-based anti-phishing algorithms, one-
time passwords (OTP), and OTP. Techniques: C4.5 Algorithm, IREP, and Neural Networks
Social Any DDoS attack attempt must be stopped by network security Use: Continuous Monitor-
networking ing(CM), DDos based detection, Decision tree algorithm, Bayesian theorem
infrastructure
Attack (DDoS
Attack)
Internet fraud Biometrics, three-factor authentication, and identity theft protection tools like LifeLock. Tech-
niques: Outlier detection, evolutionary algorithms, hidden Markov models, SD and CD algo-
rithms, and logistic regression
XSS Attack Fingerprinting, XSS-GUARD Technique: Content security policy, Cross-site scripting detection
SQL injection Filtering, Cloudflare website protection, Use HTTPS, Monitor SQL statements, Don’t use
dynamic SQL, Encryption
Modern Cllickjacking Use: FrameKiller, Confirmation, User Interface Randomization, Opaque overlay policy, Visibility
detection on click, Browser based solutions
Social-bots Social-bots detection approaches- Graph-based approaches, Machine learning approaches, NLP,
Digital DNA-based approaches, etc
Fake profiles Fake Profile Recognizer (FPR), Software components used: User Identity Generator(UIG),
Identity Profile Recognizer(IPR)
Location- Disable the GPS on your smartphone. Till you return, keep your vacation photos and status
information private. Use web tools like tool.geoimgr.com to check whether a picture has geolocations and
leakage to get rid of them. Technique: SVM classifiers
Adolescent Cyberbullying As much proof as you can collect and document. Block the cyberstalker and notify the authorities.
Techniques: text mining, signature-based data mining[1], association rule mining, and rule-based
JRip
Online grooming Filtering out and rejecting unwanted calls and messages. Use: Digital forensics, end-to-end-
encrypted applications

V. C ONCLUSION [3] Wu-Chen Su. “Integrating and mining virtual commu-

Social Media Networks have developed into the hub of the
online community that links billions of diverse people for
interpersonal contact. Since users may freely distribute content
amongst friends and followers on this dynamic platform,
hackers are seriously utilizing it for illegal purposes. In this
study, numerous reasons for targeting Social Media users have
been addressed, along with some suggestions for prevention.
Despite all of these preventative measures, there are a lot
of hackers using the platform. This study aims to better
understand the various attack types linked to Social Media
Networks and some of the available countermeasures. In the
future, the authors intend to develop a security feature and
design with the goal of raising end users’ awareness.
R EFERENCES
[1] Muazzam Ahmed Siddiqui. Data mining methods for
malware detection. University of Central Florida, 2008.
[2] Ubaid Ur Rehman et al. “On detection and preven-
tion of clickjacking attack for osns”. In: 2013 11th
International Conference on Frontiers of Information
Technology. IEEE. 2013, pp. 160–165.
nities across multiple online social networks: Concepts,
approaches and challenges”. In: 2014 Fourth Interna-
tional Conference on Digital Information and Com-
munication Technology and its Applications (DICTAP).
IEEE. 2014, pp. 199–204.
[4] Ian Brown. “Social media surveillance”. In: The in-
ternational encyclopedia of digital communication and
society (2015), pp. 1–7.
[5] G NaliniPriya and M Asswini. “A survey on vulnerable
attacks in online social networks”. In: International
confernce on innovation information in computing tech-
nologies. IEEE. 2015, pp. 1–6.
[6] Dimitris Mitropoulos et al. “How to train your browser:
Preventing XSS attacks using contextual script finger-
prints”. In: ACM Transactions on Privacy and Security
(TOPS) 19.1 (2016), pp. 1–31.
[7] M Milton Joe and B Ramakrishnan. “Novel authenti-
cation procedures for preventing unauthorized access
in social networks”. In: Peer-to-Peer Networking and
Applications 10.4 (2017), pp. 833–843.
[8] Ali M Meligy, Hani M Ibrahim, and Mohamed F Torky.
“Identity verification mechanism for detecting fake pro-
files in online social networks”. In: Int. J. Comput. Netw.
Inf. Secur.(IJCNIS) 9.1 (2017), pp. 31–39.

5
Authorized licensed use limited to: Universitas Indonesia. Downloaded on August 04,2023 at 06:34:42 UTC from IEEE Xplore. Restrictions apply.
 [9] A Praveena and S Smys. “Prevention of inference at- [23] URL : https://datareportal.com/reports/tag/Simon+Kemp.
tacks for private information in social networking sites”. (accessed: 20.12.2022).
In: 2017 International Conference on Inventive Systems [24] URL: https : / / phoenixnap . com / blog / prevent - ddos -
and Control (ICISC). IEEE. 2017, pp. 1–7. attacks. (accessed: 24.11.2022).
[10] Akansha Priya and Er Meenakshi. “Detection of phish- [25] SRIJAN SENGUPTA, MICHIN HONG, and
ing websites using C4. 5 data mining algorithm”. In: TANUSHREE MITRA. “Online Social Deception
2017 2nd IEEE International Conference on Recent and Its Countermeasures: A Survey”. In: ().
Trends in Electronics, Information & Communication
Technology (RTEICT). IEEE. 2017, pp. 1468–1472.
[11] Sanyuj Singh Gupta, Abha Thakral, and Tanupriya
Choudhury. “Social media security analysis of threats
and security measures”. In: 2018 International Confer-
ence on Advances in Computing and Communication
Engineering (ICACCE). IEEE. 2018, pp. 115–120.
[12] TR Soumya and S Revathy. “Survey on threats in online
social media”. In: 2018 International Conference on
Communication and Signal Processing (ICCSP). IEEE.
2018, pp. 0077–0081.
[13] Zhiyong Zhang and Brij B Gupta. “Social media secu-
rity and trustworthiness: overview and new direction”.
In: Future Generation Computer Systems 86 (2018),
pp. 914–925.
[14] Rasim M Alguliyev, Ramiz M Aliguliyev, and Fargana
J Abdullayeva. “Deep learning method for prediction
of DDoS attacks on social media”. In: Advances in
Data Science and Adaptive Analysis 11.01n02 (2019),
p. 1950002.
[15] Hilal Almarabeh and Amjad Sulieman. “The impact
of cyber threats on social networking sites.” In: Inter-
national Journal of Advanced Research in Computer
Science 10.2 (2019).
[16] Somya Ranjan Sahoo and Brij Bhooshan Gupta. “Clas-
sification of various attacks and their defence mecha-
nism in online social networks: a survey”. In: Enterprise
Information Systems 13.6 (2019), pp. 832–864.
[17] Fatima Salahdine and Naima Kaabouch. “Social engi-
neering attacks: A survey”. In: Future Internet 11.4
(2019), p. 89.
[18] Tariq Rahim Soomro and Mumtaz Hussain. “Social
Media-Related Cybercrimes and Techniques for Their
Prevention.” In: Appl. Comput. Syst. 24.1 (2019), pp. 9–
17.
[19] Hussain Aldawood and Geoffrey Skinner. “An advanced
taxonomy for social engineering attacks”. In: Interna-
tional Journal of Computer Applications 177.30 (2020),
pp. 1–11.
[20] Majd Latah. “Detection of malicious social bots: A
survey and a refined taxonomy”. In: Expert Systems with
Applications 151 (2020), p. 113383.
[21] Sarah Almalki et al. “Social Media Security and At-
tacks”. In: International Journal of Computer Science
& Network Security 21.1 (2021), pp. 174–183.
[22] URL: https : / / www . searchenginejournal . com / social -
media / biggest - social - media - sites / #close. (accessed:
10.12.2022).

6
Authorized licensed use limited to: Universitas Indonesia. Downloaded on August 04,2023 at 06:34:42 UTC from IEEE Xplore. Restrictions apply.