Platforms as phish farms: Deceptive social engineering at scale

Phishing is a method of social engineering—it attempts to influence behavior and/or beliefs—in which a party either “imitates a trusted source” (Felix & Hauck, 1987) or induces another party to trust or place more or a different kind of trust in it. I argue that by their very nature, social platforms such as Facebook, Twitter, and others are large-scale phishing operations designed to collect information about users surreptitiously. Although providing terms of service and privacy policies, an individual has no way of knowing the extent of the platform’s personal data collection. This article reconsiders platforms as organizational phishing, and just as harmful as that done by hackers or others seeking unjust enrichment. To do this, this article identifies the significant elements of platform phishing by examining the descriptions of platform conduct provided in regulatory actions taken by the US Federal Trade Commission.