In an exploratory quasi-experimental study, 138 students recruited during a university orientation week were exposed to social engineering directives in the form of fake emails, or phishing, over several months in 2017. The study assessed the risks of cybercrime for students by observing their responses. Three types of scam emails were distributed that varied in the degree of individualisation: generic, tailored, and targeted or ‘spear’. The study explored the influence of scam type, cybercrime awareness, gender, IT competence and perceived internet safety on susceptibility to email scams.Although tailored and individually crafted email scams were more likely to induce engagement than generic scams, differences were not significant. Analysis of the variables showed that international students and first year students were deceived by significantly more scams than domestic students and later year students.
References
URLs correct as at March 2024
Abbasi A, Zahedi FM & Chen Y 2016. Phishing susceptibility: The good, the bad, and the ugly. 2016 IEEE Conference on Intelligence and Security Informatics. Tucson: IEEE: 169–74. https://doi.org/10.1109/ISI.2016.7745462
Alazab M & Broadhurst R 2016. Spam and criminal activity. Trends & issues in crime and criminal justice no. 526. Canberra: Australian Institute of Criminology. https://www.aic.gov.au/publications/tandi/tandi526
Alsharnouby M, Alaca F & Chiasson S 2015. Why phishing still works: User strategies for combating phishing attacks. International Journal of Human/Computer Studies 82: 69–82
Benenson Z, Gassmann F & Landwirth R 2016. Exploiting curiosity and context: How to make people click on a dangerous link despite their security awareness. Paper to Black Hat USA 2016 conference, Las Vegas, 30 July–4 August. https://www.cybsafe.com/research-library/exploiting-curiosity-and-context-how-to-make-people-click-on-a-dangerous-link-despite-their-security-awareness/
Butavicius M, Parsons K, Pattinson M & McCormac A 2015. Breaching the human firewall: Social engineering in phishing and spear phishing emails. Australasian Conference on Information Systems 2015 Proceedings. Adelaide: ACIS: 12–23
Butavicius M, Parsons K, Pattinson M, McCormac A, Calic D & Lillie M 2017. Understanding susceptibility to phishing emails: Assessing the impact of individual differences and culture. Proceedings of the Eleventh International Symposium on Human Aspects of Information Security & Assurance. University of Plymouth: 2017: 12–23
Canfield CI, Fischhoff B & Davis A 2016. Quantifying phishing susceptibility for detection and behaviour decisions. Human Factors: The Journal of the Human Factors and Ergonomics Society 58(8): 1158–72
Caputo DD, Pfleeger SL, Freeman JD & Johnson ME 2014. Going spear phishing: Exploring embedded training and awareness. IEEE Security & Privacy 12(1): 28–38
Chaudhry JA, Chaudhry SA & Rittenhouse RG 2016. Phishing attacks and defenses. International Journal of Security and its Applications 10(1): 247–56
De Kimpe L, Walrave M, Hardyns W, Pauwels L & Ponnet K 2018. You’ve got mail! Explaining individual differences in becoming a phishing target. Telematics and Informatics 35(5): 1277–87. http://hdl.handle.net/1854/LU-8554543
Gavett BE, Zhao R, John SE, Bussell CA, Roberts JR & Yue C 2017. Phishing suspiciousness in older and younger adults: The role of executive functioning. PLOS ONE 12(2): 1–16
Goel S, Williams K & Dincelli E 2017. Got phished? Internet security and human vulnerability. Journal of the Association for Information Systems 18(1): 22–44
Gratian M, Bandi S, Cukier M, Dykstra J & Ginther A 2018. Correlating human behaviour and cyber security behaviour intentions. Computers & Security 73: 345–58
Halevi T, Memon N & Nov O 2015. Spear-phishing in the wild: A real-world study of personality, phishing self-efficacy and vulnerability to spear-phishing attacks. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2544742
Iuga C, Nurse JRC & Erola A 2016. Baiting the hook: Factors impacting susceptibility to phishing attacks. Human-Centric Computing and Information Sciences 6(1:8): 1–20
Mayhorn CB, Welk AK, Zielinska OA, Murphy-Hill E 2015. Assessing individual differences in a phishing detection task. Proceedings of the 19th Triennial Congress of the IEA. Melbourne: IEA: np
Oliveira D, Rocha H, Yang H, Ellis D, Dommaraju S, Muradoglu M, Weir D, Soliman A, Lin T & Ebner N 2017). Dissecting spear phishing emails for older vs young adults: On the interplay of weapons of influence and life domains in predicting susceptibility to phishing. Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems. Denver: ACM: 6412–6424
Parsons K, McCormac A, Pattinson M, Butavicius M & Jerram C 2015. The design of phishing: Challenges for researchers. Computers & Security 52: 194–206
Pattinson M, Jerram C, Parsons K, McCormac A & Butavicius M 2012. Why do some people manage phishing e-mails better than others?. Information Management & Computer Security 20(1): 18–28
Sun JCY, Yu SJ, Lin SSJ & Tseng SS 2016. The mediating effect of anti-phishing self-efficacy between college students’ internet self-efficacy and anti-phishing behaviour and gender difference. Computers in Human Behaviour 59: 249–57
Talos 2018. Email & spam data. https://www.talosintelligence.com/reputation_center/email_rep#global-volume