Adu-Manu, K. S., Ahiable, R. K., & Mensah, E. E. (2023). Phishing attacks in social engineering: A review. Journal of Cyber Security, 5(2), 41–1095. https://doi.org/10.32604/jcs.2023.041095
Akeiber, H. J. (2025). The evolution of social engineering attacks: A cybersecurity engineering perspective. Al-Rafidain Journal of Engineering Sciences, 3(1), 294–316.*
Alharbi, A., Dong, H., Yi, X., Tari, Z., & Khalil, I. (2021). Social media identity deception detection: A survey. ACM Computing Surveys, 54(3), Article 69. https://doi.org/10.1145/3446372
Alkhalil, Z., Hewage, C., Nawaf, L., & Khan, I. (2021). Phishing attacks: A recent comprehensive study and a new anatomy. Frontiers in Computer Science, 3, 563060. https://doi.org/10.3389/fcomp.2021.563060
Alshammari, S. S., Soh, B., & Li, A. (2025). Understanding social engineering victimisation on social networking sites: A comprehensive review of factors influencing user susceptibility to cyber-attacks. Information, 16(2), 153. https://doi.org/10.3390/info16020153
Ayoola, V. B., Idoko, P. I., Ijiga, O. M., & Olola, T. M. (2024). Effectiveness of social engineering awareness training in mitigating spear phishing risks in financial institutions from a cybersecurity perspective. Global Journal of Engineering and Technology Advances, 20(3), 164. https://doi.org/10.30574/gjeta.2024.20.3.0164
Chapagain, D., Kshetri, N., Aryal, B., & Dhakal, B. (2024). Deception techniques in social engineering attacks: An analysis of emerging trends and countermeasures. SEAtech Journal of Computer and Business Technology, 2(1), 1–12.*
Hijji, M., & Alam, G. (2021). A multivocal literature review on growing social engineering-based cyber-attacks/threats during the COVID-19 pandemic: Challenges and prospective solutions. IEEE Access, 9, 7152–7174. https://doi.org/10.1109/ACCESS.2020.3048839
Ilzan, A. R., Oktaviani, R. F. B., Yusuf, F. M., Wegman, D. J., Imtiyaz, N. Y., & Witarsyah, D. (2023). Understanding the phenomenon and risks of identity theft and fraud on social media. Asia Pacific Journal of Information System and Digital Transformation, 1(1), 23–35.*
Jain, A. K., Sahoo, S. R., & Kaubiyal, J. (2021). Online social networks security and privacy: Comprehensive review and analysis. Complex & Intelligent Systems, 7(4), 2157–2177. https://doi.org/10.1007/s40747-021-00409-7
Kaur, G., Bonde, U., Pise, K. L., Yewale, S., Agrawal, P., Shobhane, P., Maheshwari, S., Pinjarkar, L., & Gangarde, R. (2024). Social media in the digital age: A comprehensive review of impacts, challenges and cybercrime. Engineering Proceedings, 62(6), 2279. https://doi.org/10.3390/engproc2024062006
Mallick, M. A. I., & Nath, R. (2024). Navigating the cybersecurity landscape: A comprehensive review of cyber-attacks, emerging trends, and recent developments. World Scientific News, 190(1), 1–69.*
Nalawade, V. S., Bankar, N. S., Mohite, P. N., Saykar, V. V., & Padhar, T. K. (2024). Survey on phishing attack prevention techniques across multiple applications: Current strategies, challenges, and future trends. International Journal of Electrical, Electronics and Computer Systems, 13(2), 25–40.*
Nafees, M. N., Saxena, N., Cardenas, A., Grijalva, S., & Burnap, P. (2023). Smart grid cyber-physical situational awareness of complex operational technology attacks: A review. ACM Computing Surveys, 55(10), Article 215. https://doi.org/10.1145/3565570
Nyasvisvo, B., & Chigada, J. M. (2023). Phishing attacks: A security challenge for university students studying remotely. The African Journal of Information Systems, 15(2), 116–138.*
Okika, N., Okoh, O. F., & Etuk, E. E. (2025). Mitigating insider threats and social engineering tactics in advanced persistent threat operations through behavioral analytics and cybersecurity training. International Journal of Advance Research Publication and Reviews, 2(3), 11–27.*
Putra, F. P. E., Ubaidi, A., Zulfikri, A., Arifin, G., & Ilhamsyah, R. M. (2024). Analysis of phishing attack trends, impacts and prevention methods: Literature study. Brilliance: Research of Artificial Intelligence, 4(1), 413–426.* https://doi.org/10.47709/brilliance.v4i1.4357
Rafi, A., & Wegman, D. J. (2023). Privacy and identity theft on digital platforms: Case-based examination of social engineering threats in Indonesia. Asia Pacific Journal of Information System and Digital Transformation, 1(1), 36–47.*
Sadiq, I., & Ijiga, O. M. (2024). Cyber threat intelligence and OSINT: Developing mitigation techniques against cybercrime threats on social media. International Journal of Cyber-Security and Digital Forensics, 7(1), 87–98.*
Singh, M., Verma, C., & Juneja, P. (2020). Social media security threats investigation and mitigation methods: A preliminary review. Journal of Physics: Conference Series, 1706, 012142. https://doi.org/10.1088/1742-6596/1706/1/012142
Siddiqui, M. A., & Khan, M. F. (2025). Behavioral analysis and phishing prevention using cognitive models in social media communication. Journal of Information Security and Applications, 3(2), 74–89.*
Tahir, M., & Qureshi, S. (2024). Comprehensive taxonomy of social engineering attacks and defense mechanisms toward effective mitigation strategies. IEEE Access, 12, 3403197. https://doi.org/10.1109/ACCESS.2024.3403197
Yeboah-Ofori, A., & Brimicombe, A. (2018). Cyber intelligence and OSINT: Developing mitigation techniques against cybercrime threats on social media. International Journal of Cyber-Security and Digital Forensics, 7(1), 87–98.*
Zaidi, A. J. Y. (2024). Combatting cybersecurity threats on social media: Network protection and data integrity strategies. Journal of Artificial Intelligence and Computational Technology, 1(1), 8–14.*
Zaoui, M., Belfaik, Y., Sadqi, Y., Maleh, Y., & Ouazzane, K. (2024). A comprehensive taxonomy of social engineering attacks and defense mechanisms: Toward effective mitigation strategies. IEEE Access, 12, 3403197. https://doi.org/10.1109/ACCESS.2024.3403197
- Abstract viewed - 89 times
- Pdf downloaded - 18 times
Affiliations
Muhammad Fadilah Alfarizy
School of Computing, Awang Had Salleh Graduate School College of Arts and Sciene, Universiti Utara Malaysia (UUM), 06010 Kedah, MALAYSIA
Mohamad Fadli Bin Zolkipli
School of Computing, Awang Had Salleh Graduate School College of Arts and Sciene, Universiti Utara Malaysia (UUM), 06010 Kedah, MALAYSIA
How to Cite
Phishing Attacks and Credential Theft on Social Media Platforms: A Review of Recent Trends, Case Studies, and Mitigation Insights
Vol 8 No 4 (2025): December
Submitted: Nov 19, 2025
Published: Nov 30, 2025
Abstract
Social media platforms have transformed communication, work collaboration, and online identity expression, yet they have simultaneously become fertile ground for phishing attacks designed to steal user credentials and compromise privacy. This study reviews current research, industry reports, and empirical findings to examine how phishing functions within social media ecosystems. Using a qualitative literature review, the study identifies dominant attack vectors such as impersonation, direct-message phishing, and credential-harvesting links. Findings show that user behaviour such as oversharing, impulsive clicking, and trust bias plays a larger role in attack success than technical vulnerabilities. While protective measures like multi-factor authentication and automated detection algorithms exist, their effectiveness is constrained by inconsistent user adoption and platform governance. This study argues for integrated mitigation involving behavioural awareness, platform-level enforcement, and adaptive technological measures. The insights aim to support organisations, policymakers, and platform providers in improving user resilience and reducing phishing-driven credential theft.