2018
DOI: 10.33965/ijcsis_2018130207
|View full text |Cite
|
Sign up to set email alerts
|

Evaluating user vulnerabilities vs phisher skills in spear phishing

Abstract: Spear phishing emails pose great danger to employees of organizations due to the inherent weakness of the employees in identifying the threat from spear phishing cues, as well as the spear phisher's skill in crafting contextually convincing emails. This raises the main question of which construct (user vulnerabilities or phisher skills) has a greater influence on the vulnerable user. Researchers have provided enough evidence of user vulnerabilities, namely the desire for monetary gain, curiosity of the compute… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
4
0

Year Published

2021
2021
2022
2022

Publication Types

Select...
2
1
1

Relationship

0
4

Authors

Journals

citations
Cited by 4 publications
(5 citation statements)
references
References 50 publications
0
4
0
Order By: Relevance
“…Indeed, it is recognised that the cybersecurity problem depends on the high complexity, interconnectedness and emergent qualities of socio-technical systems and that humans may be “part of the solution”, rather than “part of the problem” (Zimmermann and Renaud 2019 ). That is the assumption behind the non-technical countermeasures well established in literature, as opposed to ‘hard’ technical and IT security measures (e.g., Bendovschi 2015 ; D’Arcy and Hovav 2009 ; Nicho et al 2018 ). Such mitigation initiatives are proposed to empower the human factor in organisations, and sustain them to be more effective against cyber-attacks and threats.…”
Section: Introductionmentioning
confidence: 99%
“…Indeed, it is recognised that the cybersecurity problem depends on the high complexity, interconnectedness and emergent qualities of socio-technical systems and that humans may be “part of the solution”, rather than “part of the problem” (Zimmermann and Renaud 2019 ). That is the assumption behind the non-technical countermeasures well established in literature, as opposed to ‘hard’ technical and IT security measures (e.g., Bendovschi 2015 ; D’Arcy and Hovav 2009 ; Nicho et al 2018 ). Such mitigation initiatives are proposed to empower the human factor in organisations, and sustain them to be more effective against cyber-attacks and threats.…”
Section: Introductionmentioning
confidence: 99%
“…Furthermore, many security incidents have been found to be caused by unintentional mistakes, or due to habitual behaviour that promotes an automatic response, rather than malicious acts by an attacker [72] In this respect, users' lack of understanding of how computer systems work, a lack of attention to security and the high quality visual deception deployed by phishers can weaken human defences [21]. From a spear phishing perspective, the human factor is especially inherent and can pose great danger to employees and organisations due to the inherent weakness of humans to identify every threat from spear phishing cues [51]. This can result in spam filtering software, such as those evaluated in this study, not being adequately trained.…”
Section: Resultsmentioning
confidence: 99%
“…Some authors also consider trust and distrust [2], even if others such as Moody et al [24] argue that neither the disposition to trust nor to distrust influence phishing susceptibility prediction. Authors as Nicho et al [26] proposed to summarize the literature on variables affecting phishing susceptibility and we note that very few concern is given to usability inspection.…”
Section: B Phishing and Online Deceptionmentioning
confidence: 99%