Using Phishing for User Email Security Awareness

Dodge, Ronald; Ferguson, Aaron J.

doi:10.1007/0-387-33406-8_41

Cited by 13 publications

(13 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…One reason behind this could be that the increased awareness is not permanent. In fact, previous research has shown that the effect might be rather temporary [40]. 4) Computer users seldom apply software security updates.…”

Section: Time To Compromise Decrease With the Number Of Intrusionsmentioning

confidence: 99%

A Large-Scale Study of the Time Required to Compromise a Computer System

Holm

2014

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

Section: Time To Compromise Decrease With the Number Of Intrusionsmentioning

confidence: 99%

A Large-Scale Study of the Time Required to Compromise a Computer System

Holm

2014

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

“…The students surveyed in this research appeared to exhibit an analogous contradiction: concerned about phishing yet not managing to acquire the necessary knowledge. This confirms that knowledge alone is not enough, and that it needs to be combined with training, as in the phishing simulation exercise by Dodge and Ferguson (2006).…”

Section: The Dilemmas Of Cognitive Dissonance On Csa Mattersmentioning

confidence: 57%

“…This was attributed to incorrect behaviour patterns regarding online security. The use of simulated phishing emails to generate user awareness was investigated by Dodge and Ferguson (2006). Their study intended to assess the awareness levels of students at the United States Military Academy in order to inform their awareness programme.…”

Section: Literature Review and Analytical Frameworkmentioning

confidence: 99%

Students' Cybersecurity Awareness at a Private Tertiary Educational Institution

Chandarman¹,

Niekerk²

2017

Afr. j. inf. commun. (Online)

View full text Add to dashboard Cite

Internet-based attacks have become prevalent and are expected to increase as technology ubiquity increases. Consequently, cybersecurity has emerged as an essential concept in everyday life. Cybersecurity awareness (CSA) is a key defence in the protection of people and systems. The research presented in this article aimed to assess the levels of CSA among students at a private tertiary education institution in South Africa. A questionnaire tested students in terms of four variables: cybersecurity knowledge; self-perception of cybersecurity skills, actual cybersecurity skills and behaviour; and cybersecurity attitudes. The responses revealed several misalignments, including instances of "cognitive dissonance" between variables, which make the students potentially vulnerable to cyber-attacks. The findings demonstrate the need for targeted CSA campaigns that address the specific weaknesses of particular populations of users.

show abstract

“…In early studies, the focus of the studies focused on the simple effectiveness of phishing exercises. [8] In these early results, the authors constructed an infrastructure to execute a phishing exercise and achieved results indicating an average 40% susceptibility to phishing. These results were validate in a follow-on study [9] and further showed that exercises repeated over a short duration increased awareness and susceptibility reduced to under 5%.…”

Section: Efforts To Assess the Phishing Threatmentioning

confidence: 99%

Empirical Benefits of Training to Phishing Susceptibility

Dodge

Coronges

Rovira

2012

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

Social engineering continues to be the most worrisome vulnerability to organizational networks, data, and services. The most successful form of social engineering is the practice of phishing. In the last several years, a multitude of phishing variations have been defined including pharming, spear phishing, and whaling. While each has a specific reason for its success, they all rely on a user failing to exercise due diligence and responsibility. In this paper, we report on a recent phishing experiments where the effects of training were evaluated as well as gathering demographic data to explore the susceptibility of given groups.

show abstract

Using Phishing for User Email Security Awareness

Cited by 13 publications

References 2 publications

A Large-Scale Study of the Time Required to Compromise a Computer System

A Large-Scale Study of the Time Required to Compromise a Computer System

Students' Cybersecurity Awareness at a Private Tertiary Educational Institution

Empirical Benefits of Training to Phishing Susceptibility

Contact Info

Product

Resources

About