Search results

The purpose of this paper is to investigate the behaviour response of computer users when either phishing e‐mails or genuine e‐mails arrive in their inbox. The paper describes how this research was conducted and presents and discusses the findings.

This study was a scenario‐based role‐play experiment that involved the development of a web‐based questionnaire that was only accessible by invited participants when they attended a one‐hour, facilitated session in a computer laboratory.

The findings indicate that overall, genuine e‐mails were managed better than phishing e‐mails. However, informed participants managed phishing e‐mails better than not‐informed participants. Other findings show how familiarity with computers, cognitive impulsivity and personality traits affect behavioural responses to both types of e‐mail.

This study does not claim to evaluate actual susceptibility to phishing emails. The subjects were University students and therefore the conclusions are not necessarily representative of the general population of e‐mail users.

The outcomes of this research would assist management in their endeavours to improve computer user behaviour and, as a result, help to mitigate risks to their organisational information systems.

The literature review indicates that this paper addresses a genuine gap in the research.

This study aims to investigate how phishers apply persuasion principles and construct deceptive URLs in mobile instant messaging (MIM) phishing.

In total, 67 examples of real-world MIM phishing attacks were collected from various online sources. Each example was coded using established guidelines from the literature to identify the persuasion principles, and the URL construction techniques employed.

The principles of social proof, liking and authority were the most widely used in MIM phishing, followed by scarcity and reciprocity. Most phishing examples use three persuasion principles, often a combination of authority, liking and social proof. In contrast to email phishing but similar to vishing, the social proof principle was the most commonly used in MIM phishing. Phishers implement the social proof principle in different ways, most commonly by claiming that other users have already acted (e.g. crafting messages that indicate the sender has already benefited from the scam). In contrast to email, retail and fintech companies are the most commonly targeted in MIM phishing. Furthermore, phishers created deceptive URLs using multiple URL obfuscation techniques, often using spoofed domains, to make the URL complex by adding random characters and using homoglyphs.

The insights from this study provide a theoretical foundation for future research on the psychological aspects of phishing in MIM apps. The study provides recommendations that software developers should consider when developing automated anti-phishing solutions for MIM apps and proposes a set of MIM phishing awareness training tips.

Distinguishing phishing emails from legitimate emails continues to be a difficult task for most individuals. This study aims to investigate the psycholinguistic factors associated with deception in phishing email text and their effect on end-user ability to discriminate phishing emails from legitimate emails.

Email messages and end-user decisions collected from a laboratory phishing study were validated and analyzed using natural language processing methods (Linguistic Inquiry Word Count) and penalized regression models (LASSO and Elastic Net) to determine the linguistic dimensions that attackers may use in phishing emails to deceive end-users and measure the impact of such choices on end-user susceptibility to phishing.

We found that most participants, who played the role of a phisher in the study, chose to deceive their end-user targets by pretending to be a familiar individual and presenting time pressure or deadlines. Results show that use of words conveying certainty (e.g. always, never) and work-related features in the phishing messages predicted higher end-user vulnerability. On the contrary, use of words that convey achievement (e.g. earn, win) or reward (cash, money) in the phishing messages predicted lower end-user vulnerability because such features are usually observed in scam-like messages.

Insights from this research show that analyzing emails for psycholinguistic features associated with computer-mediated deception could be used to fine-tune and improve spam and phishing detection technologies. This research also informs the kinds of phishing attacks that must be prioritized in antiphishing training programs.

Applying natural language processing and statistical modeling methods to analyze results from a laboratory phishing experiment to understand deception from both attacker and end-user is novel. Furthermore, results from this work advance our understanding of the linguistic factors associated with deception in phishing email text and its impact on end-user susceptibility.

The purpose of the study was twofold: to investigate the correlation between a sample of personal psychological and demographic factors and resistance to phishing; and to investigate if national culture moderates the strength of these correlations.

To measure potential determinants, a survey was distributed to 2,099 employees of nine organizations in Sweden, USA and India. Then, the authors conducted unannounced phishing exercises, in which a phishing attack targeted the same sample.

Intention to resist social engineering, general information security awareness, formal IS training and computer experience were identified to have a positive significant correlation to phishing resilience. Furthermore, the results showed that the correlation between phishing determinants and employees’ observed that phishing behavior differs between Swedish, US and Indian employees in 6 out of 15 cases.

The identified determinants had, even though not strong, a significant positive correlation. This suggests that more work needs to be done to more fully understand determinants of phishing. The study assumes that culture effects apply to all individuals in a nation. However, differences based on cultures might exist based on firm characteristics within a country. The Swedish sample is dominating, while only 40 responses from Indian employees were collected. This unequal size of samples suggests that conclusions based on the results from the cultural analysis should be drawn cautiously. A natural continuation of the research is therefore to further explore the generalizability of the findings by collecting data from other nations with similar cultures as Sweden, USA and India.

Using direct observations of employees’ security behaviors has rarely been used in previous research. Furthermore, analyzing potential differences in theoretical models based on national culture is an understudied topic in the behavioral information security field. This paper addresses both these issues.

The aim of this study is to propose an efficient rule extraction and integration approach for identifying phishing websites. The proposed approach can elucidate patterns of phishing websites and identify them accurately.

Hyperlink indicators along with URL-based features are used to build the identification model. In the proposed approach, very simple rules are first extracted based on individual features to provide meaningful and easy-to-understand rules. Then, the F-measure score is used to select high-quality rules for identifying phishing websites. To construct a reliable and promising phishing website identification model, the selected rules are integrated using a simple neural network model.

Experiments conducted using self-collected and benchmark data sets show that the proposed approach outperforms 16 commonly used classifiers (including seven non–rule-based and four rule-based classifiers as well as five deep learning models) in terms of interpretability and identification performance.

Investigating patterns of phishing websites based on hyperlink indicators using the efficient rule-based approach is innovative. It is not only helpful for identifying phishing websites, but also beneficial for extracting simple and understandable rules.

Phishing is still a very popular and effective security threat, and it takes, on average, more than a day to detect new phish websites. Protection by purely technical means is hampered by this vulnerability window. During this window, users need to act to protect themselves. To support users in doing so, the paper aims to propose to first make users aware of the need to consult the address bar. Moreover, the authors propose to prune URL displayed in the address bar. The authors report on an evaluation of this proposal.

The paper opted for an online study with 411 participants, judging 16 websites – all with authentic design: half with legitimate and half with phish URLs. The authors applied four popular widely used types of URL manipulation techniques. The authors conducted a within-subject and between-subject study with participants randomly assigned to one of two groups (domain highlighting or pruning). The authors then tested both proposals using a repeated-measures multivariate analysis of variance.

The analysis shows a significant improvement in terms of phish detection after providing the hint to check the address bar. Furthermore, the analysis shows a significant improvement in terms of phish detection after the hint to check the address bar for uninitiated participants in the pruning group, as compared to those in the highlighting group.

Because of the chosen research approach, the research results may lack generalisability. Therefore, researchers are encouraged to test the proposed propositions further.

This paper confirms the efficacy of URL pruning and of prompting users to consult the address bar for phish detection.

This paper introduces a classification for URL manipulation techniques used by phishers. We also provide evidence that drawing people’s attention to the address bar makes them more likely to spot phish websites, but does not impair their ability to identify authentic websites.

This study aims to examine the effect of cybersecurity threat and efficacy upon click-through, response to a phishing attack: persuasion and protection motivation in an organizational context.

In a simulated field trial conducted in a financial institute, via PhishMe, employees were randomly sent one of five possible emails using a set persuasion strategy. Participants were then invited to complete an online survey to identify possible protective factors associated with clicking and reporting behavior (N = 2,918). The items of interest included perceived threat severity, threat susceptibility, response efficacy and personal efficacy.

The results indicate that response behaviors vary significantly across different persuasion strategies. Perceptions of threat susceptibility increased the likelihood of reporting behavior beyond clicking behavior. Threat susceptibility and organizational response efficacy were also associated with increased odds of not responding to the simulated phishing email attack.

This study again highlights human susceptibility to phishing attacks in the presence of social engineering strategies. The results suggest heightened awareness of phishing threats and responsibility to personal cybersecurity are key to ensuring secure business environments.

The authors extend existing phishing literature by investigating not only click-through behavior, but also no-response and reporting behaviors. Furthermore, the authors observed the relative effectiveness of persuasion strategies used in phishing emails as they compete to manipulate unsafe email behavior.

The purpose of this paper is to provide an in-depth content analysis of phishing messages and to enhance understanding of them from a persuasive communication perspective.

This study analysed phishing message content in a persuasion mechanism framework including message presentation and content (rational appeal, emotional appeal, reasoning type). It also used semantic network analysis to identify meaning structure.

The results indicate that phishing messages used logical appeals, reasoning from cause, motivational appeals, appealing to safety needs, and emotional appeals to gain compliance. Semantic network analysis showed that two word clusters represent security and privacy.

This study applied modern persuasion and deceptive communication theories to interpret phishing e-mails. The findings enhance relevant theories by including phishing e-mail cases.

The results of this study can be utilised for developing phishing prevention techniques and phishing detection software.

Past phishing detection studies only used a technological approach, whereas the current study provides a more comprehensive content-oriented and persuasion theory-based understanding of phishing messages.

The purpose of this paper is to propose a framework to address the problem that email users are not well-informed or assisted by their email clients in identifying possible phishing attacks, thereby putting their personal information at risk. This paper therefore addresses the human weakness (i.e. the user’s lack of knowledge of phishing attacks which causes them to fall victim to such attacks) as well as the software related issue of email clients not visually assisting and guiding the users through the user interface.

A literature study was conducted in the main field of information security with a specific focus on understanding phishing attacks and a modelling technique was used to represent the proposed framework. This paper argues that the framework can be suitably implemented for email clients to raise awareness about phishing attacks. To validate the framework as a plausible mechanism, it was reviewed by a focus group within the School of Information and Communication Technology (ICT) at the Nelson Mandela Metropolitan University (NMMU). The focus group consisted of academics and research students in the field of information security.

This paper argues that email clients should make use of feedback mechanisms to present security related aspects to their users, so as to make them aware of the characteristics pertaining to phishing attacks. To support this argument, it presents a framework to assist email users in the identification of phishing attacks.

Future research would yield interesting results if the proposed framework were implemented into an existing email client to determine the effect of the framework on the user’s level of awareness of phishing attacks. Furthermore, the list of characteristics could be expanded to include all phishing types (such as clone phishing, smishing, vishing and pharming). This would make the framework more dynamic in that it could then address all forms of phishing attacks.

The proposed framework could enable email clients to provide assistance through the user interface. Visibly relaying the security level to the users of the email client, and providing short descriptions as to why a certain email is considered suspicious, could result in raising the awareness of the average email user with regard to phishing attacks.

This research presents a framework that email clients can use to identify common forms of normal and spear phishing attacks. The proposed framework addresses the problem that the average Internet user lacks a baseline level of online security awareness. It argues that the email client is the ideal place to raise the awareness of users regarding phishing attacks.

This paper seeks to focus on identifying the need for education to enhance awareness of the e‐mail phishing threat as the most effective way to reduce the risk of e‐mail phishing in one of the fastest growing economies in the world, the State of Qatar.

A survey comprising a questionnaire and interviews was used to investigate the awareness of phishing among Qatari citizens, their susceptibility to phishing and their views on the best method of defence against this attack, and this was compared to other developed nations, the UK in particular.

The paper concludes that phishing is becoming common and very successful because of people's susceptibility to such attack, largely due to insufficient awareness of the threat. Comparing Qatar with the UK, there were significant differences between responses in each country in most questionnaire variables, especially those identifying the vulnerability to phishing which was found to be very high in Qatar.

The paper shows that there is a particular need for education on phishing in this fast developing country.

There is a growing threat in the use of phishing by hackers and some businesses to obtain information on individual users on the internet through e‐mail or the web. In some cases this has led to identity thefts and related illogical operations online both within and across countries. This paper has compared level of awareness of phishing in two countries and has the potential to shed light on attitudes and present status of e‐mail phishing with a view to developing ways of dealing with it and improving cyber security and international operations.

The paper adopts an innovative approach to study e‐mail phishing and compares results from two diverse countries. New ideas are advanced from the findings which are useful for understanding some operations in cyber space.