Phishing for user security awareness

Dodge, Ronald; Carver, Curtis A.; Ferguson, Aaron J.

doi:10.1016/j.cose.2006.10.009

Cited by 200 publications

(104 citation statements)

References 2 publications

Supporting

Mentioning

101

Contrasting

Unclassified

Order By: Relevance

“…Firstly, we conducted an overview analysis which was coded using PHP, MySQL and a charting API called Highcharts. 4 We gained an overview of our population sample, of the time spent in our study, and also of other individual page results such as the rate of success and failure for each page (i.e., detection score). Secondly, using IBM's SPSS software, 5 we applied an ANOVA (analysis of variance) test for every user feature to determine whether any statistically significant difference of means among groups existed; here, groups relate to categories of the independent variables, such as male and female.…”

Section: Discussionmentioning

confidence: 99%

“…After all of these efforts however, researchers still note that there is a lack of existing anti-phishing solutions considered as an optimum [3], while some believe that no static technical defence measure can solely mitigate the threat introduced by user behaviour [4]. The fact is that perpetrators of phishing attacks are continuously adapting their tricks to find novel ways of causing losses to individuals and organisations [5,6].…”

mentioning

confidence: 99%

See 1 more Smart Citation

Baiting the hook: factors impacting susceptibility to phishing attacks

Iuga

Nurse

Erola

2016

Hum. Cent. Comput. Inf. Sci.

View full text Add to dashboard Cite

Over the last decade, substantial progress has been made in understanding and mitigating phishing attacks. Nonetheless, the percentage of successful attacks is still on the rise. In this article, we critically investigate why that is the case, and seek to contribute to the field by highlighting key factors that influence individuals’ susceptibility to phishing attacks. For our investigation, we conducted a web-based study with 382 participants which focused specifically on identifying factors that help or hinder Internet users in distinguishing phishing pages from legitimate pages. We considered relationships between demographic characteristics of individuals and their ability to correctly detect a phishing attack, as well as time-related factors. Moreover, participants’ cursor movement data was gathered and used to provide additional insight. In summary, our results suggest that: gender and the years of PC usage have a statistically significant impact on the detection rate of phishing; pop-up based attacks have a higher rate of success than the other tested strategies; and, the psychological anchoring effect can be observed in phishing as well. Given that only 25 % of our participants attained a detection score of over 75 %, we conclude that many people are still at a high risk of falling victim to phishing attacks but, that a careful combination of automated tools, training and more effective awareness campaigns, could significantly help towards preventing such attacks.

show abstract

Section: Discussionmentioning

confidence: 99%

mentioning

confidence: 99%

Baiting the hook: factors impacting susceptibility to phishing attacks

Iuga

Nurse

Erola

2016

Hum. Cent. Comput. Inf. Sci.

View full text Add to dashboard Cite

show abstract

“…The authors noticed a failure rate of 42% in the initial experiment and 12% in the latter experiment which reflects the effectiveness of the phishing awareness training. Another group conducted a similar two-phase phishing experiment at the United States Military Academy at West Point, New York [26]. Experiment results also showed the ability of the participants to better identify the phishing attacks after the training sessions.…”

Section: Phishing Attacks In Uaementioning

confidence: 99%

The Need for Effective Information Security Awareness

Aloul¹

2011

IJICR

View full text Add to dashboard Cite

Abstract-Security awareness is an often-overlooked factor in an information security program. While organizations expand their use of advanced security technology and continuously train their security professionals, very little is used to increase the security awareness among the normal users, making them the weakest link in any organization. As a result, today, organized cyber criminals are putting significant efforts to research and develop advanced hacking methods that can be used to steal money and information from the general public. Furthermore, the high internet penetration growth rate in the Middle East and the limited security awareness among users is making it an attractive target for cyber criminals.In this paper, we will show the need for security awareness programs in schools, universities, governments, and private organizations in the Middle East by presenting results of several security awareness studies conducted among students and professionals in UAE in 2010. This includes a comprehensive wireless security survey in which thousands of access points were detected in Dubai and Sharjah most of which are either unprotected or employ weak types of protection. Another study focuses on evaluating the chances of general users to fall victims to phishing attacks which can be used to steal bank and personal information. Furthermore, a study of the user's awareness of privacy issues when using RFID technology is presented. Finally, we discuss several key factors that are necessary to develop a successful information security awareness program.

show abstract

“…[19], [20], and [21]. However, to the best of our knowledge, Colella and Colombini [22] are the only authors who-briefly-discussed security awareness to address threats related to pervasive computing.…”

Section: Operational Interruptionmentioning

confidence: 99%

“…This shows the limitation of security awareness programs in effectively improving the intuitive behavior towards security risks, which further supports the use of the suggested approaches to improve SDSC. Dodge et al investigated the response of military cadets in USA to the phishing attack [20]. They sent phishing attacks to the students-without previous announcement of the exercise, evaluated the responses, and alerted students about the result of the test.…”

Section: Spread the Knowledge About Security Threatsmentioning

confidence: 99%

A Case for Societal Digital Security Culture

Othmane

Weffers

Ranchal

et al. 2013

Security and Privacy Protection in Information Processing Systems

View full text Add to dashboard Cite

Abstract. Information and communication technology systems, such as remote health care monitoring and smart mobility applications, have become indispensable parts of our lives. Security vulnerabilities in these systems could cause financial losses, privacy/safety compromises, and operational interruptions. This paper demonstrates through examples, that technical security solutions for these information systems, alone, are not sufficient to protect individuals and their assets from attacks. It proposes to complement (usable) technical solutions with Societal Digital Security Culture (SDSC): collective knowledge, common practices, and intuitive common behavior about digital security that the members of a society share. The paper also suggests a set of approaches for improving SDSC in a society and demonstrates using a case study how the suggested approaches could be integrated to compose a plan for improving SDSC.

show abstract

Phishing for user security awareness

Cited by 200 publications

References 2 publications

Baiting the hook: factors impacting susceptibility to phishing attacks

Baiting the hook: factors impacting susceptibility to phishing attacks

The Need for Effective Information Security Awareness

A Case for Societal Digital Security Culture

Contact Info

Product

Resources

About