An empirical investigation of the factors that influence Internet user’s ability to correctly identify a phishing website

Purkait, Swapan; De, S. K.; Suar, Damodar

doi:10.1108/imcs-05-2013-0032

Cited by 25 publications

(25 citation statements)

References 82 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Usually phishing e-mails do not ask for a direct reply, but contain a link to a fraudulent website, which is 'the hook' in the fishing metaphor. This website is very similar in look and feel to the official website it impersonates (Alseadoon et al, 2012;Hinde, 2004;Purkait et al, 2014;. A recent report based on real-world online security incidents indicates that around 1 in 14 targets get successfully phished, either because they clicked the link or opened an attachment in a phishing e-mail (Verizon, 2017).…”

Section: Phishingmentioning

confidence: 89%

“…Successful phishing attacks often result in identity theft and subsequently in financial gains for the offender. However, Purkait et al (2014) stress the fact that money is not always the main objective for phishers. The collected information can also be used to harm the reputation of an individual or company, for example by spreading some controversial statements on behalf of another person.…”

Section: Phishingmentioning

confidence: 99%

“…Just like fishers, phishers use bait to increase the chances that their target will "bite". This bait most frequently consists of e-mails seemingly sent by a trusted entity, for example a bank (Purkait, 2012;Purkait et al, 2014;Reyns, 2015). These e-mails often inform the user that a problem occurred that can only be solved if the e-mail's recipient confirms some personal information (Hinde, 2004;, or they promise tempting offers in exchange for personal details like a user ID or password (Hinde, 2004).…”

Section: Phishingmentioning

confidence: 99%

See 2 more Smart Citations

You’ve got mail! Explaining individual differences in becoming a phishing target

Kimpe

Walrave

Hardyns

et al. 2018

Telematics and Informatics

View full text Add to dashboard Cite

A B S T R A C TAlthough phishing is a form of cybercrime that internet users get confronted with rather frequently, many people still get deceived by these practices. Since receiving phishing e-mails is an important prerequisite of victimization, this study focusses on becoming a phishing target. More precisely, we use an integrative lifestyle exposure model to study the effects of risky online routine activities that make a target more likely to come across a motivated offender. Insights of the lifestyle exposure model are combined with propensity theories in order to determine which role impulsivity plays in phishing targeting. To achieve these objectives, data collected in 2016 from a representative sample (n = 723) were used. Support was found for a relationship between both online purchasing behavior and digital copying behavior, and phishing targeting. Moreover, a relationship was found between all online activities (except for online purchasing behavior) and impulsivity. The present study thus suggests that especially online shoppers and users who often share and use copied files online should be trained to deal with phishing attacks appropriately.

show abstract

Section: Phishingmentioning

confidence: 89%

Section: Phishingmentioning

confidence: 99%

Section: Phishingmentioning

confidence: 99%

See 1 more Smart Citation

You’ve got mail! Explaining individual differences in becoming a phishing target

Kimpe

Walrave

Hardyns

et al. 2018

Telematics and Informatics

View full text Add to dashboard Cite

show abstract

“…Hunter (2006), in his article in Computer Fraud & Security, points out that although the day of the amateur hacker is gone, there are still plenty of amateur users. Researchers have found that security is not always the main concern for the user when they are online and submitting confidential login credentials into any website (Purkait, 2012b(Purkait, , 2014. Moreover, Internet users are lacking a baseline level of online safety awareness (Furnell, 2007), and they react to a variety of commonly available trust indicators such as logos, third-party endorsements and padlock icons over a selection of authentic phishing stimuli (Jakobsson et al, 2007).…”

Section: Related Workmentioning

confidence: 99%

“…On the one hand, there are users who are completely ignorant about phishing, and on the other hand, there are criminals who are developing new phishing ideas every day (Purkait, 2012). Researchers have studied in the past, why people fall for phishing attacks (Dhamija et al, 2006 andPurkait et al, 2014), or why people ignore security indicators provided by the anti-phishing toolbars of various Web browsers (Wu et al, 2006). However, there has been very little research on the effectiveness of these toolbars against fresh phishing sites or sophisticated DNS-based phishing attacks on local area networks (LANs).…”

Section: Introductionmentioning

confidence: 99%

Examining the effectiveness of phishing filters against DNS based phishing attacks

Purkait¹

2015

Information &Amp; Computer Security

Self Cite

View full text Add to dashboard Cite

Purpose -This paper aims to report on research that tests the effectiveness of anti-phishing tools in detecting phishing attacks by conducting some real-time experiments using freshly hosted phishing sites. Almost all modern-day Web browsers and antivirus programs provide security indicators to mitigate the widespread problem of phishing on the Internet. Design/methodology/approach -The current work examines and evaluates the effectiveness of five popular Web browsers, two third-party phishing toolbar add-ons and seven popular antivirus programs in terms of their capability to detect locally hosted spoofed websites. The same tools have also been tested against fresh phishing sites hosted on Internet. Findings -The experiments yielded alarming results. Although the success rate against live phishing sites was encouraging, only 3 of the 14 tools tested could successfully detect a single spoofed website hosted locally. Originality/value -This work proposes the inclusion of domain name system server authentication and verification of name servers for a visiting website for all future anti-phishing toolbars. It also proposes that a Web browser should maintain a white list of websites that engage in online monetary transactions so that when a user requires to access any of these, the default protocol should always be HTTPS (Hypertext Transfer Protocol Secure), without which a Web browser should prevent the page from loading.

show abstract

Understanding Perceptions: User Responses to Browser Warning Messages

Molyneaux

Kondratova

Stobert

2019

HCI for Cybersecurity, Privacy and Trust

View full text Add to dashboard Cite

An empirical investigation of the factors that influence Internet user’s ability to correctly identify a phishing website

Cited by 25 publications

References 82 publications

You’ve got mail! Explaining individual differences in becoming a phishing target

You’ve got mail! Explaining individual differences in becoming a phishing target

Examining the effectiveness of phishing filters against DNS based phishing attacks

Understanding Perceptions: User Responses to Browser Warning Messages

Contact Info

Product

Resources

About