Search results

Phishing is essentially a social engineering crime on the Web, whose rampant occurrences and technique advancements are posing big challenges for researchers in both academia and the industry. The purpose of this study is to examine the available phishing literatures and phishing countermeasures, to determine how research has evolved and advanced in terms of quantity, content and publication outlets. In addition to that, this paper aims to identify the important trends in phishing and its countermeasures and provides a view of the research gap that is still prevailing in this field of study.

This paper is a comprehensive literature review prepared after analysing 16 doctoral theses and 358 papers in this field of research. The papers were analyzed based on their research focus, empirical basis on phishing and proposed countermeasures.

The findings reveal that the current anti‐phishing approaches that have seen significant deployments over the internet can be classified into eight categories. Also, the different approaches proposed so far are all preventive in nature. A Phisher will mainly target the innocent consumers who happen to be the weakest link in the security chain and it was found through various usability studies that neither server‐side security indicators nor client‐side toolbars and warnings are successful in preventing vulnerable users from being deceived.

Educating the internet users about phishing, as well as the implementation and proper application of anti‐phishing measures, are critical steps in protecting the identities of online consumers against phishing attacks. Further research is required to evaluate the effectiveness of the available countermeasures against fresh phishing attacks. Also there is the need to find out the factors which influence internet user's ability to correctly identify phishing websites.

The aim of this study is to report on the results of an empirical investigation of the various factors which have significant impacts on the Internet user’s ability to correctly identify a phishing website.

The research participants were Internet users who have had at least some experience of financial transactions over the Internet. This study conducted a quantitative research with the help of a structured survey questionnaire along with three experimental tasks. A total of 621 valid samples were collected and the multiple regression analysis technique was used to deduce the answers to the research question.

The results show that the model is useful and has explanatory power. And adjusted R2 computed as 0.927, means that 92.7 per cent of the variations in the Internet user’s ability to identify phishing website can be explained by the predictors selected for the model.

Future research should account for the Internet user’s general security practices and behaviour, attitude towards online financial activity, risk-taking ability or risk behaviour and their potential effects on Internet users' ability to identify a phishing website.

The implications of this study provide the foundation for future research on the areas that intend to explain the Internet user’s necessity to take protection or avoid risky behaviour while performing financial transaction over the Internet.

This study provides the body of knowledge with an empirical analysis of impact of various factors on an Internet user’s ability to identify phishing websites. The results of this study can help practitioners create a more successful research model and help researchers better understand user behaviour on the Internet.

Despite internet banking’s popularity, there is a rise in phishing attacks related to online banking transactions. Phishing attacks involved the process of sending out electronic mails impersonating the valid banking institutions to their customers and demanding confidential data such as credential and transaction authorisation code. The purpose of this paper is to propose a theoretical model of individual and technological factors influencing Malaysian internet banking users’ intention in responding to malicious uniform resource locator (URL) in phishing email content.

It applied the protective motivation theory, the theories of reasoned action and planned behaviour, the habit theory and the trust theory to examine the factors influencing internet banking users’ intention to click URLs in phishing emails. The study identifies individual and technological factors with ten hypotheses. A total of 368 Malaysian respondents voluntarily participated in an online survey conducted in the first week of March 2021. The partial least squares method provided in SmartPLS-3 was used to model the data.

The results revealed that individual factors, namely, internet banking experience, understanding the phishing meaning, response cost, trust and perceived ability were the significant influencing factors of internet banking users’ intention to click the link in phishing emails. This study also suggested that technological factors were not relevant in describing the behavioural intention of internet banking users in clicking the links in phishing emails.

The findings could contribute to Malaysian banking sectors and relevant government agencies in educating and increasing internet banking users’ awareness towards phishing emails.

The outcomes demonstrated the individual factors that influenced internet banking users’ intention in responding to phishing emails that are specific and relevant to Malaysia’s context.

This paper aims to report on research that tests the effectiveness of anti-phishing tools in detecting phishing attacks by conducting some real-time experiments using freshly hosted phishing sites. Almost all modern-day Web browsers and antivirus programs provide security indicators to mitigate the widespread problem of phishing on the Internet.

The current work examines and evaluates the effectiveness of five popular Web browsers, two third-party phishing toolbar add-ons and seven popular antivirus programs in terms of their capability to detect locally hosted spoofed websites. The same tools have also been tested against fresh phishing sites hosted on Internet.

The experiments yielded alarming results. Although the success rate against live phishing sites was encouraging, only 3 of the 14 tools tested could successfully detect a single spoofed website hosted locally.

This work proposes the inclusion of domain name system server authentication and verification of name servers for a visiting website for all future anti-phishing toolbars. It also proposes that a Web browser should maintain a white list of websites that engage in online monetary transactions so that when a user requires to access any of these, the default protocol should always be HTTPS (Hypertext Transfer Protocol Secure), without which a Web browser should prevent the page from loading.

This study aims to investigate how phishers apply persuasion principles and construct deceptive URLs in mobile instant messaging (MIM) phishing.

In total, 67 examples of real-world MIM phishing attacks were collected from various online sources. Each example was coded using established guidelines from the literature to identify the persuasion principles, and the URL construction techniques employed.

The principles of social proof, liking and authority were the most widely used in MIM phishing, followed by scarcity and reciprocity. Most phishing examples use three persuasion principles, often a combination of authority, liking and social proof. In contrast to email phishing but similar to vishing, the social proof principle was the most commonly used in MIM phishing. Phishers implement the social proof principle in different ways, most commonly by claiming that other users have already acted (e.g. crafting messages that indicate the sender has already benefited from the scam). In contrast to email, retail and fintech companies are the most commonly targeted in MIM phishing. Furthermore, phishers created deceptive URLs using multiple URL obfuscation techniques, often using spoofed domains, to make the URL complex by adding random characters and using homoglyphs.

The insights from this study provide a theoretical foundation for future research on the psychological aspects of phishing in MIM apps. The study provides recommendations that software developers should consider when developing automated anti-phishing solutions for MIM apps and proposes a set of MIM phishing awareness training tips.

The aim of this study is to propose an efficient rule extraction and integration approach for identifying phishing websites. The proposed approach can elucidate patterns of phishing websites and identify them accurately.

Hyperlink indicators along with URL-based features are used to build the identification model. In the proposed approach, very simple rules are first extracted based on individual features to provide meaningful and easy-to-understand rules. Then, the F-measure score is used to select high-quality rules for identifying phishing websites. To construct a reliable and promising phishing website identification model, the selected rules are integrated using a simple neural network model.

Experiments conducted using self-collected and benchmark data sets show that the proposed approach outperforms 16 commonly used classifiers (including seven non–rule-based and four rule-based classifiers as well as five deep learning models) in terms of interpretability and identification performance.

Investigating patterns of phishing websites based on hyperlink indicators using the efficient rule-based approach is innovative. It is not only helpful for identifying phishing websites, but also beneficial for extracting simple and understandable rules.

This paper aims to explore how perceived risk affects customer loyalty in e-commerce and how switching costs mediate in the relationship between perceived risk and customer loyalty.

In this paper, structural equation modeling was conducted, and data on Internet shopping habits of 382 consumers in Taiwan were examined.

The findings of this study revealed that lowering perceived risks can increase switching costs, which leads to customer loyalty with the service provider in e-commerce.

A sample bias may exist because the sampling was conducted through an online survey in a specific Web site. This study affirmed the theoretical framework regarding the mediation effect of switching costs on perceived risk and customer-loyalty relationships.

To avoid the single effect of reducing perceived risk on customer loyalty, practitioners should be difficult for competitors to imitate. This can increase the barriers to competition, further lock in the customer and can prevent the switch to other service providers.

The findings provide a new feasible approach to customer retention: a business can reduce customers’ perceived risk to increase switching costs against the competition for customer retention in e-commerce.

The purpose of this paper is to increase understanding of employee information security awareness in a government sector setting and illuminate the problems that public sector organisations in a developing context face when seeking to establish an information security awareness programme.

An interpretive research design was followed to develop an empirically enriched understanding of information security awareness perceptions, aspirations, challenges and enablers in the context of Saudi Arabia as a developing country. The study adopts a single-case study approach, including face-to-face interviews with senior employees, as well as document analysis.

The paper theorises the importance of individual information security awareness, knowledge and behaviour and identifies a number of facilitating conditions: customisation to employee and organisational needs, interactivity, innovation, frequency, integration of both electronic and physical learning resources and rewarding the acquisition of in-depth security-related actionable knowledge.

This study is one of the first to examine information security awareness as a socio-technical process within a government sector organisation in a developing country context.

Data represents a critical resource that enables construction companies’ success; thus, its management is very important. The purpose of this study is to assess the benefits of construction data risks management (DRM) in the construction industry (CI).

This study adopted a quantitative method and collected data from various South African construction professionals with the aid of an e-questionnaire. These professionals involve electrical engineers, quantity surveyors, architects and mechanical, as well as civil engineers involved under a firm, or organisation within the province of Gauteng, South Africa. Standard deviation, mean item score, non-parametric Kruskal–Wallis H test and exploratory factor analysis were used to analyse the retrieved data.

The findings revealed that DRM enhances project and company data availability, promotes confidentiality and enhances integrity, which are the primary benefits of DRM that enable the success of project delivery.

The research was carried out only in the province of Gauteng due to COVID-19 travel limitations.

The construction companies will have their data permanently in their possession and no interruption will be seen due to data unavailability, which, in turn, will allow long-term and overall pleasant project outcomes.

This study seeks to address the benefits of DRM in the CI to give additional knowledge on risk management within the built environment to promote success in every project.

The purpose of this paper is to examine social media security risks and existing mitigation techniques in order to gather insights and develop best practices to help organizations address social media security risks more effectively.

This paper begins by reviewing the disparate discussions in literature on social media security risks and mitigation techniques. Based on an extensive review, some key insights were identified and summarized to help organizations more effectively address social media security risks.

Many organizations do not have effective social media security policy in place and are unsure of how to develop effective social media security strategies to mitigate social media security risks. This paper provides guidance to organizations to mitigate social media security risks that may threaten the organizations.

The paper consolidates the fragmented discussion in literature and provides an in‐depth review of social media security risks and mitigation techniques. Practical insights are identified and summarized from an extensive literature review. Sharing these insights has the potential to encourage more discussion on best practices for reducing the risks of social media to organizations.