Search results

Phishing is essentially a social engineering crime on the Web, whose rampant occurrences and technique advancements are posing big challenges for researchers in both academia and the industry. The purpose of this study is to examine the available phishing literatures and phishing countermeasures, to determine how research has evolved and advanced in terms of quantity, content and publication outlets. In addition to that, this paper aims to identify the important trends in phishing and its countermeasures and provides a view of the research gap that is still prevailing in this field of study.

This paper is a comprehensive literature review prepared after analysing 16 doctoral theses and 358 papers in this field of research. The papers were analyzed based on their research focus, empirical basis on phishing and proposed countermeasures.

The findings reveal that the current anti‐phishing approaches that have seen significant deployments over the internet can be classified into eight categories. Also, the different approaches proposed so far are all preventive in nature. A Phisher will mainly target the innocent consumers who happen to be the weakest link in the security chain and it was found through various usability studies that neither server‐side security indicators nor client‐side toolbars and warnings are successful in preventing vulnerable users from being deceived.

Educating the internet users about phishing, as well as the implementation and proper application of anti‐phishing measures, are critical steps in protecting the identities of online consumers against phishing attacks. Further research is required to evaluate the effectiveness of the available countermeasures against fresh phishing attacks. Also there is the need to find out the factors which influence internet user's ability to correctly identify phishing websites.

This paper aims to explore current knowledge of business email compromise (BEC) fraud, or approaches that specifically target organisations for financial gain, through the exploitation of trusted relationships. BEC fraud affects organisations globally and is estimated to have netted offenders over US$26bn since 2016. Despite the sheer magnitude of these losses, there is a dearth of academic research seeking to better understand this crime type, and prevent it from occurring.

This review summarises the known literature on BEC fraud. It uses a variety of academic and industry sources to ascertain the current state of knowledge, including how it is perpetrated, its impact (on businesses and individuals), how law enforcement have responded and its prevention.

This review highlights many gaps in knowledge surrounding BEC fraud. There has been a large focus on the technical aspects of BEC fraud, to the detriment of the human elements. Often, BEC fraud is successful through targeted and effective use of social engineering techniques and is able to overcome any technical solutions through the manipulation of personal relationships. Further, while the financial impacts of BEC fraud are obvious, there is no known research which has explored the non-financial harms of BEC fraud (across organisational and individual perspectives). With companies starting to (unsuccessfully) take legal action against those who have responded, there is a clear need to understand how organisations can better respond to incidents when they occur. Finally, there are gaps in knowledge on what is the best combination of both technical and human measures to prevent BEC fraud.

This review is based on information presently available, and as indicated, there are significant gaps in what is currently known.

This review highlights the need to undertake research into the current gaps, with a view to improving best practice knowledge on prevention and response.

Currently unknown, BEC fraud is posited to have significant impacts at both personal and collective levels. Increased knowledge of these non-financial impacts will improve how organisations respond to BEC fraud and how employees can be supported before and after an incident occurs.

Despite the magnitude of the problem, there is limited academic scholarship on BEC fraud. This literature review offers a summary of current knowledge and advocates a strong research agenda moving forward.

The purpose of this paper is to describe a new software tool that graphically depicts analysis of visitor traffic. This new tool is the graph‐based server log analysis program (GSLAP).

Discovering hidden and meaningful information about web users' patterns of usage is critical to optimization of the web server. The authors designed and developed GSLAP. Presented in this paper is an example of GSLAP in the context of an analysis of the web site of a small fictitious company. Also included is an explanation of current literature that supports graphical display of data as a cognitive aid to understanding data.

GSLAP is shown to provide a visual server log analysis that is a great improvement on the textual server log.

The benefits of the output from GSLAP are compared with the typical textual output.

The paper describes a software tool that helps the analysis of usage patterns of web traffic.

The rapid advance of technology has permitted the creation of vast amounts of information, both on and off the Internet. The public is only just beginning to realize how this information, especially personal information, may be used in ways that may not be acceptable. Laws across different countries are often conflicting, making it difficult to control how personal information is being used and how individual privacy is being violated. The solution to this problem lies somewhere between government, industry, and the individual. This paper discusses the current state of personal privacy in each of these three areas.

The aim of this study is to report on the results of an empirical investigation of the various factors which have significant impacts on the Internet user’s ability to correctly identify a phishing website.

The research participants were Internet users who have had at least some experience of financial transactions over the Internet. This study conducted a quantitative research with the help of a structured survey questionnaire along with three experimental tasks. A total of 621 valid samples were collected and the multiple regression analysis technique was used to deduce the answers to the research question.

The results show that the model is useful and has explanatory power. And adjusted R2 computed as 0.927, means that 92.7 per cent of the variations in the Internet user’s ability to identify phishing website can be explained by the predictors selected for the model.

Future research should account for the Internet user’s general security practices and behaviour, attitude towards online financial activity, risk-taking ability or risk behaviour and their potential effects on Internet users' ability to identify a phishing website.

The implications of this study provide the foundation for future research on the areas that intend to explain the Internet user’s necessity to take protection or avoid risky behaviour while performing financial transaction over the Internet.

This study provides the body of knowledge with an empirical analysis of impact of various factors on an Internet user’s ability to identify phishing websites. The results of this study can help practitioners create a more successful research model and help researchers better understand user behaviour on the Internet.

The importance of information systems (IS) professions is increasing. As personality–job fit theory claims, employees must have suitable personality traits for particular IS professions. However, candidates can try to fake-good on personality tests towards the desired personality type. Thus, the purpose of this study is to identify archetypal IS professions, their associated personality types and examine the reliability of the Myers–Briggs Type Indicator (MBTI) personality test in IS recruitment decisions.

The authors reviewed academic literature related to IS professions to identify job archetypes and personality traits for IS professions. Then, the authors conducted an experiment with 452 participants to investigate whether candidates can fake-good on personality tests when being tested for a particular IS profession.

The identified job archetypes were IS project manager, IS marketing specialist, IS consultant, IS security specialist, data scientist and business process analyst. The experimental results show that the participants were not able to fake-good considerably regarding their personality traits for a particular archetype.

The taxonomy of IS professions should be validated further. The experiment was executed in an educational organisation and not in a real-life environment. Actual work performance was not measured.

This study enables a better identification of suitable candidates for a particular IS profession. Personality tests are good indicators of the candidate's true personality type but must be properly interpreted.

This study enhances the existing body of knowledge on IS professions' archetypes, proposes suitable MBTI personality types for each profession and provides experimental support for the appropriateness of using personality tests to identify potentially suitable candidates.

The purpose of this study is to investigate the effect of an accounting education pedagogy incorporating active learning approaches designed to engage first-year undergraduate business students and to aspire them to continue accounting as their academic major and entry into the accounting profession.

Data were collected from a questionnaire with a pre-/post-test design of 24 undergraduate business students enrolled in a course titled Accounting Active Learning Seminar (AALS) (test group) and 33 students who did not participate in the AALS (control group). The AALS incorporates various types of active learning methods designed by the authors to inspire students to continue with accounting as a career choice.

The findings show that participation in the AALS improved student’s motivation in accounting education and the likelihood of choosing accounting as their academic major. The active learning methods implemented in the AALS were effective in improving students’ confidence, of which degree contributed to students’ stronger works aspiration towards accounting professions. Further it was found that students who did not participate in the AALS tended to have lower attention dimensions of motivation, which was also significantly associated with lower percentage of students’ choice of academic major in accounting.

This is one of the few studies to empirically examine active learning on student engagement and performance with a focus on accounting. While the evidence shows that active learning has pedagogical benefits, the full potential of active learning is more likely to be realized when accounting educators design active learning carefully to address the “attention” and “confidence” attributes.

The purpose of this paper is to add a layer of understanding to a previous survey of information technology (IT) security concerns and issues in global financial services institutions (GFSI).

This paper uses data obtained from a secondary source. The dimensions of national culture used in this paper come from Hofstede's work. Two analyses are performed on the data. First, a non‐parametric test is conducted to determine whether there are significant differences on the 13 IT security concerns when the dimensions of national culture are used to group responses. Second, a correlation analysis is carried out between the study's variables.

First, the results indicate that the dimensions of national culture are not statistically important in differentiating responses and perceptions of IT security concerns across GFSI. Second, some of the dimensions of national culture are found to have significant correlations with a few of the IT security concerns investigated.

The use of a secondary data source introduces some limitations. The views captured in the survey are those of management team, it is likely that end‐users' perceptions may vary considerably. Nonetheless, the main finding of the paper for corporate managers in the financial services industry is that IT security concerns appear to be uniform across cultures. Further, the data show that the dimension of uncertainty avoidance deserves further attention with regard to the assessment of security concerns in GFSI. This information may be useful for decision making and planning purposes in the financial services industry.

This paper is believed to be among the first to examine the impacts of national culture on IT security concerns in GFSI. The paper's conclusions may offer useful insights to corporate managers in the industry.

The purpose of this research is to analyse the influence of perceived web site security and privacy, usability and reputation on consumer trust in the context of online banking. Moreover, the paper also aims to analyse the trust‐commitment relationship since commitment is a key variable for establishing successful long‐term relationships with customers.

The paper describes the positive effects of security and privacy, usability and reputation on consumer trust in a web site in the online banking context. Besides this, it also suggests that trust has a positive effect on consumer commitment. After the validation of measurement scales, the hypotheses are contrasted through structural modelling. Finally, the paper compares the hypothesised model with a rival one in order to test the mediating role of trust.

The data showed that web site security and privacy, usability and reputation have a direct and significant effect on consumer trust in a financial services web site. Besides this, consumer trust is positively related to relationship commitment. Finally, it is observed that trust is a key mediating factor in the development of relationship commitment in the online banking context.

The high costs every company has to face in order to attract new customers make it increasingly necessary to reinforce the ties established with customers. In this respect, this research offers several alternatives for improving the levels of consumer trust and commitment in the context of online banking. The limitation is that data were collected to a web survey only of Spanish‐speaking subjects.

This study proposes a model for analysing empirically the link between security, privacy and trust, amongst others, in the online banking context.

The purpose of this paper is to analyze the effect of privacy and perceived security on the level of trust shown by the consumer in the internet. It also aims to reveal and test the close relationship between the trust in a web site and the degree of loyalty to it.

First, there is an explanation of the main attributes of the concepts examined, with special attention being paid to the multi‐dimensional nature of the variables and the relationships between them. This is followed by an examination of the validation processes of the measuring instruments.

Specifically, the study reveals that an individual's loyalty to a web site is closely linked to the levels of trust. Thus, the development of trust not only affects the intention to buy, as shown by previous researchers, but it also directly affects the effective purchasing behavior, in terms of preference, cost and frequency of visits, and therefore, the level of profitability provided by each consumer. In addition, the analyses show that trust in the internet is particularly influenced by the security perceived by consumers regarding the handling of their private data.

The results of this study provide several managerial implications for companies in this sector. Suggestions are offered for national and international organizations involved in regulating these markets.

The results of this research remedy, to a certain extent, the scarcity of empirical studies that have designed and validated measuring scales for the concepts of privacy, security, trust and loyalty to the internet, as well as testing the relationships between them.