Studi Keamanan Akun Media Sosial Mahasiswa Terhadap Serangan Phising Berbasis Social Engineering
DOI:
https://doi.org/10.62671/jikum.v2i2.194Abstract
The massive use of social media among university students provides convenience in communication, information exchange, and academic activities. However, this condition also increases the risk of cybercrime, particularly phishing attacks based on social engineering. Phishing exploits psychological manipulation to deceive victims into revealing sensitive information such as passwords, OTP codes, and personal data. This study aims to analyze students’ awareness of social media account security, identify common forms of phishing attacks experienced, and determine factors contributing to students’ vulnerability. This research employs a quantitative descriptive method by distributing online questionnaires to active university students. The collected data were analyzed using descriptive statistics to identify behavioral patterns and security awareness levels. The results indicate that most students have moderate to low digital security awareness, reflected in password reuse across platforms and low adoption of two-factor authentication. Furthermore, most respondents have encountered phishing messages in the form of fake links, prize scams, and account verification requests. The main vulnerability factors include limited cybersecurity literacy, high levels of trust, and lack of information verification. This study highlights the importance of digital security education and improved cybersecurity literacy among students to reduce the risk of social engineering-based phishing attacks.
References
prevention. Journal of Information Security and Applications, 53, 102-114. https://doi.org/10.1016/j.jisa.2020.102-114
APJII. (2022). Laporan survei internet Indonesia 2022. Jakarta: Asosiasi Penyelenggara Jasa Internet Indonesia.
Bada, M., Sasse, A. M., & Nurse, J. R. C. (2019). Cyber security awareness campaigns: Why do they fail to change behaviour? arXiv preprint arXiv:1901.02672.
Dhamija, R., Tygar, J. D., & Hearst, M. (2006). Why phishing works. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (pp. 581–590). New York, NY: ACM. https://doi.org/10.1145/1124772.1124861
Furnell, S., & Clarke, N. (2012). Power to the people? The evolving recognition of human aspects of security. Computers & Security, 31(8), 983–988. https://doi.org/10.1016/j.cose.2012.08.004
Herley, C. (2012). Why do Nigerian scammers say they are from Nigeria? WEIS Proceedings, 1–9.
Krombholz, K., Hobel, H., Huber, M., & Weippl, E. (2015). Advanced social engineering attacks. Journal of Information Security and Applications, 22, 113–122. https://doi.org/10.1016/j.jisa.2014.09.005
Mitnick, K. D., & Simon, W. L. (2011). The art of deception: Controlling the human element of security. Indianapolis, IN: Wiley Publishing.
Puhakainen, P., & Siponen, M. (2010). Improving employees’ compliance through information systems security training: An action research study. MIS Quarterly, 34(4), 757–778.
Sheng, S., Holbrook, M., Kumaraguru, P., Cranor, L. F., & Downs, J. (2010). Who falls for phish? A demographic analysis of phishing susceptibility and effectiveness of interventions. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, 373–382.
Siponen, M., Pahnila, S., & Mahmood, M. A. (2010). Compliance with information security policies: An empirical investigation. Computer, 43(2), 64–71. https://doi.org/10.1109/MC.2010.35
Sugiyono. (2019). Metode penelitian kuantitatif, kualitatif, dan R&D. Bandung: Alfabeta.
Symantec. (2019). Internet security threat report. Mountain View, CA: Symantec Corporation.
Vishwanath, A., Herath, T., Chen, R., Wang, J., & Rao, H. R. (2011). Why do people get phished? Testing individual differences in phishing vulnerability. Decision Support Systems, 51(3), 576–586. https://doi.org/10.1016/j.dss.2011.02.002
Workman, M. (2008). Wisecrackers: A theory-grounded investigation of phishing and pretext social engineering threats to information security. Journal of the American Society for Information Science and Technology, 59(4), 662–674. https://doi.org/10.1002/asi.20779
