The Phishing Funnel Model: A Design Artifact to Predict User Susceptibility to Phishing Websites

Abbasi, Ahmed; Dobolyi, David G.; Vance, Anthony; Zahedi, Fatemeh

doi:10.1287/isre.2020.0973

Cited by 45 publications

(19 citation statements)

References 98 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Therefore, an increasing number of researchers are shifting their focus to the analysis of user susceptibility. Phishing susceptibility is the degree to which users interact with phishing attacks [ 6 ]. Over time, researchers have made some progress and proposed various phishing susceptibility models that explain or describe the factors behind phishing susceptibility [ 7 , 8 ].…”

Section: Related Researchmentioning

confidence: 99%

See 1 more Smart Citation

Predicting User Susceptibility to Phishing Based on Multidimensional Features

Yang

Zheng

et al. 2022

Computational Intelligence and Neuroscience

View full text Add to dashboard Cite

While antiphishing techniques have evolved over the years, phishing remains one of the most threatening attacks on current network security. This is because phishing exploits one of the weakest links in a network system—people. The purpose of this research is to predict the possible phishing victims. In this study, we propose the multidimensional phishing susceptibility prediction model (MPSPM) to implement the prediction of user phishing susceptibility. We constructed two types of emails: legitimate emails and phishing emails. We gathered 1105 volunteers to join our experiment by recruiting volunteers. We sent these emails to volunteers and collected their demographic, personality, knowledge experience, security behavior, and cognitive processes by means of a questionnaire. We then applied 7 supervised learning methods to classify these volunteers into two categories using multidimensional features: susceptible and nonsusceptible. The experimental results indicated that some machine learning methods have high accuracy in predicting user phishing susceptibility, with a maximum accuracy rate of 89.04%. We conclude our study with a discussion of our findings and their future implications.

show abstract

Section: Related Researchmentioning

confidence: 99%

“…The literature [ 6 ] considers demographic information as an important factor of phishing susceptibility and argues that demographic characteristics contain human vulnerability, which is the focus of research.…”

Section: Related Researchmentioning

confidence: 99%

Predicting User Susceptibility to Phishing Based on Multidimensional Features

Yang

Zheng

et al. 2022

Computational Intelligence and Neuroscience

View full text Add to dashboard Cite

show abstract

“…In addition, current studies within our literature search show again that despite increasing digitization, there is still a lack of comprehensive awareness of IS in SMEs and, even if the risk perception has increased, there is a lack of holistic implementation of diverse security measures, including ongoing awareness campaigns. The extensive literature search by Chowdhury and Gkioulos on training methods shows that solutions that provide hands-on experience, team-skills development and high levels of real-life fidelity are often preferred to other options, with simulation-based solutions showing the highest amount of research and development [57]. Nonetheless, there is still a gap in the research on how to improve current cybersecurity training offerings to demonstrate whether integrating advantageous attributes from different delivery methods can produce more comprehensive and effective solutions [57].…”

Section: Outcome Of the Findings To Datementioning

confidence: 99%

“…The extensive literature search by Chowdhury and Gkioulos on training methods shows that solutions that provide hands-on experience, team-skills development and high levels of real-life fidelity are often preferred to other options, with simulation-based solutions showing the highest amount of research and development [57]. Nonetheless, there is still a gap in the research on how to improve current cybersecurity training offerings to demonstrate whether integrating advantageous attributes from different delivery methods can produce more comprehensive and effective solutions [57]. Our project will help to fill this gap in the next two years.…”

Section: Outcome Of the Findings To Datementioning

confidence: 99%

The Current State of ―Information Security Awareness‖ in German SMEs

Scholl¹,

Schuktomow²

2021

IJETAE

View full text Add to dashboard Cite

The role of information security in German SMEs is becoming increasingly important. External input plays a key role here, but some of it tends to overwhelm SMEs rather than providing systematic assistance that can be readily implemented. In a project funded by the German Federal Ministry for Economic Affairs and Energy, an overall scenario for new ways to achieve more sustainable information security (IS) in German SMEs is being developed, one that puts people at the heart of the measure. In addition to a current literature search on the situation in companies, the current state of information security and IS awareness is recorded in the project through a combination of different methods: indepth psychological interviews, an online survey in four pilot companies and security-related competence profiles derived from the German IT-Grundschutz. This article presents some preliminary results published. Keywords—Information security, awareness, human factor, German SMEs, in-depth interviews, survey, competence profiles, security topics, training methods.

show abstract

“…The challenge of SE is that it circumvents technical security measures and exploits human decision-making to gather information [4]. Building an effective defense against SE in an organization frequently involves training and development of effective policies to encourage employees to adhere to good security practices.…”

Section: Introductionmentioning

confidence: 99%

Design of a Chatbot Social Engineering Victim

Schuetzler¹,

Giboney²,

Grimes³

2022

Proceedings of the Annual Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

Social engineering is an ever-growing problem in online and offline communication. Companies invest time and resources to train employees not to fall victim to attacks. The concept of adversarial thinking encourages people to learn the ways of the attacker to better defend themselves. This research introduces the design features of a chatbot that plays the role of a social engineering victim to allow people to perform the role of an attacker in a training exercise. By attacking this chatbot, people can learn better how to defend themselves.

show abstract

The Phishing Funnel Model: A Design Artifact to Predict User Susceptibility to Phishing Websites

Cited by 45 publications

References 98 publications

Predicting User Susceptibility to Phishing Based on Multidimensional Features

Predicting User Susceptibility to Phishing Based on Multidimensional Features

The Current State of ―Information Security Awareness‖ in German SMEs

Design of a Chatbot Social Engineering Victim

Contact Info

Product

Resources

About