Search results
1 – 10 of 294Malcolm Pattinson, Cate Jerram, Kathryn Parsons, Agata McCormac and Marcus Butavicius
The purpose of this paper is to investigate the behaviour response of computer users when either phishing e‐mails or genuine e‐mails arrive in their inbox. The paper describes how…
Abstract
Purpose
The purpose of this paper is to investigate the behaviour response of computer users when either phishing e‐mails or genuine e‐mails arrive in their inbox. The paper describes how this research was conducted and presents and discusses the findings.
Design/methodology/approach
This study was a scenario‐based role‐play experiment that involved the development of a web‐based questionnaire that was only accessible by invited participants when they attended a one‐hour, facilitated session in a computer laboratory.
Findings
The findings indicate that overall, genuine e‐mails were managed better than phishing e‐mails. However, informed participants managed phishing e‐mails better than not‐informed participants. Other findings show how familiarity with computers, cognitive impulsivity and personality traits affect behavioural responses to both types of e‐mail.
Research limitations/implications
This study does not claim to evaluate actual susceptibility to phishing emails. The subjects were University students and therefore the conclusions are not necessarily representative of the general population of e‐mail users.
Practical implications
The outcomes of this research would assist management in their endeavours to improve computer user behaviour and, as a result, help to mitigate risks to their organisational information systems.
Originality/value
The literature review indicates that this paper addresses a genuine gap in the research.
Details
Keywords
Mariam Al‐Hamar, Ray Dawson and Jassim Al‐Hamar
This paper seeks to focus on identifying the need for education to enhance awareness of the e‐mail phishing threat as the most effective way to reduce the risk of e‐mail phishing…
Abstract
Purpose
This paper seeks to focus on identifying the need for education to enhance awareness of the e‐mail phishing threat as the most effective way to reduce the risk of e‐mail phishing in one of the fastest growing economies in the world, the State of Qatar.
Design/methodology/approach
A survey comprising a questionnaire and interviews was used to investigate the awareness of phishing among Qatari citizens, their susceptibility to phishing and their views on the best method of defence against this attack, and this was compared to other developed nations, the UK in particular.
Findings
The paper concludes that phishing is becoming common and very successful because of people's susceptibility to such attack, largely due to insufficient awareness of the threat. Comparing Qatar with the UK, there were significant differences between responses in each country in most questionnaire variables, especially those identifying the vulnerability to phishing which was found to be very high in Qatar.
Research limitations/implications
The paper shows that there is a particular need for education on phishing in this fast developing country.
Practical implications
There is a growing threat in the use of phishing by hackers and some businesses to obtain information on individual users on the internet through e‐mail or the web. In some cases this has led to identity thefts and related illogical operations online both within and across countries. This paper has compared level of awareness of phishing in two countries and has the potential to shed light on attitudes and present status of e‐mail phishing with a view to developing ways of dealing with it and improving cyber security and international operations.
Originality/value
The paper adopts an innovative approach to study e‐mail phishing and compares results from two diverse countries. New ideas are advanced from the findings which are useful for understanding some operations in cyber space.
Details
Keywords
Brynne Harrison, Elena Svetieva and Arun Vishwanath
The purpose of this paper is to explore user susceptibility to phishing by unpacking the mechanisms that may influence individual victimization. The focus is on the…
Abstract
Purpose
The purpose of this paper is to explore user susceptibility to phishing by unpacking the mechanisms that may influence individual victimization. The focus is on the characteristics of the e-mail message, users’ knowledge and experience with phishing, and the manner in which these interact and influence how users cognitively process phishing e-mails.
Design/methodology/approach
A field experiment was conducted where 194 subjects were exposed to a real phishing attack. The experimenters manipulated the contents of the message and measures of user traits and user processing were obtained after the phishing attack.
Findings
Of the original list of targets, 47 percent divulged their private information to a bogus form page. Phishing susceptibility was predicted by a particular combination of both low attention to the e-mail elements and high elaboration of the phishing message. The presence of a threat or reward-based phishing message did not affect these processes, nor did it affect subsequent phishing susceptibility. Finally, individual factors such as knowledge and experience with e-mail increased resilience to the phishing attack.
Research limitations/implications
The findings are generalizable to students who are a particularly vulnerable target of phishing attacks.
Practical implications
The results presented in this study provide pragmatic recommendations for developing user-centered interventions to thwart phishing attacks. Lastly the authors suggest more effective educational efforts to protect individuals from such online fraud.
Originality/value
This study provides novel insight into why phishing is successful, the human factor in susceptibility to online deception as well the role of information processing in effective decision making in this context. Based on the findings, the authors dispel common misconceptions about phishing and discuss more effective educational efforts to protect individuals from such online fraud.
Details
Keywords
Oluyinka Aderemi Adewumi and Ayobami Andronicus Akinyelu
Phishing is one of the major challenges faced by the world of e-commerce today. Thanks to phishing attacks, billions of dollars has been lost by many companies and individuals…
Abstract
Purpose
Phishing is one of the major challenges faced by the world of e-commerce today. Thanks to phishing attacks, billions of dollars has been lost by many companies and individuals. The global impact of phishing attacks will continue to be on the increase and thus a more efficient phishing detection technique is required. The purpose of this paper is to investigate and report the use of a nature inspired based-machine learning (ML) approach in classification of phishing e-mails.
Design/methodology/approach
ML-based techniques have been shown to be efficient in detecting phishing attacks. In this paper, firefly algorithm (FFA) was integrated with support vector machine (SVM) with the primary aim of developing an improved phishing e-mail classifier (known as FFA_SVM), capable of accurately detecting new phishing patterns as they occur. From a data set consisting of 4,000 phishing and ham e-mails, a set of features, suitable for phishing e-mail detection, was extracted and used to construct the hybrid classifier.
Findings
The FFA_SVM was applied to a data set consisting of up to 4,000 phishing and ham e-mails. Simulation experiments were performed to evaluate and compared the performance of the classifier. The tests yielded a classification accuracy of 99.94 percent, false positive rate of 0.06 percent and false negative rate of 0.04 percent.
Originality/value
The hybrid algorithm has not been earlier apply, as in this work, to the classification and detection of phishing e-mail, to the best of the authors’ knowledge.
Details
Keywords
Phishing is essentially a social engineering crime on the Web, whose rampant occurrences and technique advancements are posing big challenges for researchers in both academia and…
Abstract
Purpose
Phishing is essentially a social engineering crime on the Web, whose rampant occurrences and technique advancements are posing big challenges for researchers in both academia and the industry. The purpose of this study is to examine the available phishing literatures and phishing countermeasures, to determine how research has evolved and advanced in terms of quantity, content and publication outlets. In addition to that, this paper aims to identify the important trends in phishing and its countermeasures and provides a view of the research gap that is still prevailing in this field of study.
Design/methodology/approach
This paper is a comprehensive literature review prepared after analysing 16 doctoral theses and 358 papers in this field of research. The papers were analyzed based on their research focus, empirical basis on phishing and proposed countermeasures.
Findings
The findings reveal that the current anti‐phishing approaches that have seen significant deployments over the internet can be classified into eight categories. Also, the different approaches proposed so far are all preventive in nature. A Phisher will mainly target the innocent consumers who happen to be the weakest link in the security chain and it was found through various usability studies that neither server‐side security indicators nor client‐side toolbars and warnings are successful in preventing vulnerable users from being deceived.
Originality/value
Educating the internet users about phishing, as well as the implementation and proper application of anti‐phishing measures, are critical steps in protecting the identities of online consumers against phishing attacks. Further research is required to evaluate the effectiveness of the available countermeasures against fresh phishing attacks. Also there is the need to find out the factors which influence internet user's ability to correctly identify phishing websites.
Details
Keywords
Daejoong Kim and Jang Hyun Kim
– The purpose of this paper is to provide an in-depth content analysis of phishing messages and to enhance understanding of them from a persuasive communication perspective.
Abstract
Purpose
The purpose of this paper is to provide an in-depth content analysis of phishing messages and to enhance understanding of them from a persuasive communication perspective.
Design/methodology/approach
This study analysed phishing message content in a persuasion mechanism framework including message presentation and content (rational appeal, emotional appeal, reasoning type). It also used semantic network analysis to identify meaning structure.
Findings
The results indicate that phishing messages used logical appeals, reasoning from cause, motivational appeals, appealing to safety needs, and emotional appeals to gain compliance. Semantic network analysis showed that two word clusters represent security and privacy.
Research limitations/implications
This study applied modern persuasion and deceptive communication theories to interpret phishing e-mails. The findings enhance relevant theories by including phishing e-mail cases.
Practical implications
The results of this study can be utilised for developing phishing prevention techniques and phishing detection software.
Originality/value
Past phishing detection studies only used a technological approach, whereas the current study provides a more comprehensive content-oriented and persuasion theory-based understanding of phishing messages.
Details
Keywords
The purpose of this paper is to aim to educate the internet consumer, who may be a potential phishing victim, and to suggest a framework of anti‐phishing measures, following the…
Abstract
Purpose
The purpose of this paper is to aim to educate the internet consumer, who may be a potential phishing victim, and to suggest a framework of anti‐phishing measures, following the staggering increase in the number of recent phishing attacks. Phishing describes a method of online identity theft, in which phishers typically pose as legitimate organisations when sending deceptive e‐mail messages to internet users. When they respond to such e‐mails, victims are lured to malicious web sites, where they are duped into disclosing their personal details. In this way, phishers are able to commit identity theft, with possibly devastating consequences for the victim.
Design/methodology/approach
After a literature review of the available sources, the phishing threat is investigated by analysing the modus operandi of phishers and the basic components of a typical phishing scheme. A possible solution for the phishing problem is examined.
Findings
Phishers continually target the weakest link in the security chain, namely consumers, in their attacks. Educating the online consumer about phishing, as well as the implementation and proper application of anti‐phishing measures, are critical steps in protecting the identities of online consumers against e‐mail phishing attacks.
Originality/value
This article proposes measures that internet consumers can take to ward off phishing attacks, as well as remedial actions that they can take after falling victim to such an attack. By implementing these measures online, consumers can minimise the risk of becoming victims of successful phishing attacks, as well as remedy the negative effects of any past disclosure of information to phishers.
Details
Keywords
Sanchari Das, Christena Nippert-Eng and L. Jean Camp
Phishing is a well-known cybersecurity attack that has rapidly increased in recent years. It poses risks to businesses, government agencies and all users due to sensitive data…
Abstract
Purpose
Phishing is a well-known cybersecurity attack that has rapidly increased in recent years. It poses risks to businesses, government agencies and all users due to sensitive data breaches and subsequent financial losses. To study the user side, this paper aims to conduct a literature review and user study.
Design/methodology/approach
To investigate phishing attacks, the authors provide a detailed overview of previous research on phishing techniques by conducting a systematic literature review of n = 367 peer-reviewed academic papers published in ACM Digital Library. Also, the authors report on an evaluation of a high school community. The authors engaged 57 high school students and faculty members (12 high school students, 45 staff members) as participants in research using signal detection theory (SDT).
Findings
Through the literature review which goes back to as early as 2004, the authors found that only 13.9% of papers focused on user studies. In the user study, through scenario-based analysis, participants were tasked with distinguishing phishing e-mails from authentic e-mails. The results revealed an overconfidence bias in self-detection from the participants, regardless of their technical background.
Originality/value
The authors conducted a literature review with a focus on user study which is a first in this field as far the authors know. Additionally, the authors conducted a detailed user study with high school students and faculty using SDT which is also an understudied area and population.
Details
Keywords
Phishing remains a major cybersecurity problem. Mainly adopting variance approaches, researchers have suggested several recommendations to help users avoid being victimized in…
Abstract
Purpose
Phishing remains a major cybersecurity problem. Mainly adopting variance approaches, researchers have suggested several recommendations to help users avoid being victimized in phishing attacks. However, the evidence suggests that anti-phishing recommendations are not very effective. The purpose of this paper is threefold: first, to analyze why the existing anti-phishing recommendations may not be very effective; second, to propose stage theorizing as an additional approach for studying phishing that can contribute toward more effective recommendations; and third, to demonstrate using a stage theory, how IS researchers can utilize the concept of stages in phishing research.
Design/methodology/approach
The study draws on findings from previous empirical phishing research to assess whether the reasons why people are victimized in phishing attacks can be categorized into stages. The criteria for stages of the Transtheoretical Model (TTM) are used as an example.
Findings
Analysis indicates support for the existence of stages of phishing victims. The criteria for stages of the TTM were applied to the reasons that subjects in previous studies gave for clicking on phishing links and to the anti-phishing recommendations proposed in previous studies. There was overall support for four of the five criteria of the TTM. The results from the current study indicate that a targeted approach is a better approach to proposing anti-phishing recommendations.
Practical implications
The analysis identified the stages of phishing victims and the processes of change for each stage. It is suggested that recommendations against phishing should target individuals based on their resident stages. Moreover, the processes of change should be applied to the correct stage for the recommendations to be effective.
Originality/value
From a phishing perspective, there is a lack of research based on stage theorizing. The current study presents stage theorizing as an additional approach to the existing approaches and demonstrates how a stage theory can be used to make more effective recommendations against phishing. The study has thrown light on the benefits of stage theorizing and how its approach to targeted recommendations can be useful in IS security research.
Details
Keywords
Arshey M. and Angel Viji K. S.
Phishing is a serious cybersecurity problem, which is widely available through multimedia, such as e-mail and Short Messaging Service (SMS) to collect the personal information of…
Abstract
Purpose
Phishing is a serious cybersecurity problem, which is widely available through multimedia, such as e-mail and Short Messaging Service (SMS) to collect the personal information of the individual. However, the rapid growth of the unsolicited and unwanted information needs to be addressed, raising the necessity of the technology to develop any effective anti-phishing methods.
Design/methodology/approach
The primary intention of this research is to design and develop an approach for preventing phishing by proposing an optimization algorithm. The proposed approach involves four steps, namely preprocessing, feature extraction, feature selection and classification, for dealing with phishing e-mails. Initially, the input data set is subjected to the preprocessing, which removes stop words and stemming in the data and the preprocessed output is given to the feature extraction process. By extracting keyword frequency from the preprocessed, the important words are selected as the features. Then, the feature selection process is carried out using the Bhattacharya distance such that only the significant features that can aid the classification are selected. Using the selected features, the classification is done using the deep belief network (DBN) that is trained using the proposed fractional-earthworm optimization algorithm (EWA). The proposed fractional-EWA is designed by the integration of EWA and fractional calculus to determine the weights in the DBN optimally.
Findings
The accuracy of the methods, naive Bayes (NB), DBN, neural network (NN), EWA-DBN and fractional EWA-DBN is 0.5333, 0.5455, 0.5556, 0.5714 and 0.8571, respectively. The sensitivity of the methods, NB, DBN, NN, EWA-DBN and fractional EWA-DBN is 0.4558, 0.5631, 0.7035, 0.7045 and 0.8182, respectively. Likewise, the specificity of the methods, NB, DBN, NN, EWA-DBN and fractional EWA-DBN is 0.5052, 0.5631, 0.7028, 0.7040 and 0.8800, respectively. It is clear from the comparative table that the proposed method acquired the maximal accuracy, sensitivity and specificity compared with the existing methods.
Originality/value
The e-mail phishing detection is performed in this paper using the optimization-based deep learning networks. The e-mails include a number of unwanted messages that are to be detected in order to avoid the storage issues. The importance of the method is that the inclusion of the historical data in the detection process enhances the accuracy of detection.
Details