Evaluating user susceptibility to phishing attacks

PurposePhishing is a well-known cybersecurity attack that has rapidly increased in recent years. It poses risks to businesses, government agencies and all users due to sensitive data breaches and subsequent financial losses. To study the user side, this paper aims to conduct a literature review and...

Full description

Saved in:
Bibliographic Details
Published inInformation and computer security Vol. 30; no. 1; pp. 1 - 18
Main Authors Das, Sanchari, Nippert-Eng, Christena, Camp, L. Jean
Format Journal Article
LanguageEnglish
Published Bingley Emerald Group Publishing Limited 31.01.2022
Subjects
Cybercrime
Cybersecurity
Data collection
Deception
Decision making
Digital libraries
Digital systems
Electronic mail systems
Literature reviews
Machine learning
Phishing
Scientific papers
Secondary school students
Secondary schools
Signal detection
Software
Students
Systematic review
User behavior
Websites
Online AccessGet full text
ISSN2056-4961
2056-497X
DOI10.1108/ICS-12-2020-0204

Cover

More Information
Summary:PurposePhishing is a well-known cybersecurity attack that has rapidly increased in recent years. It poses risks to businesses, government agencies and all users due to sensitive data breaches and subsequent financial losses. To study the user side, this paper aims to conduct a literature review and user study.Design/methodology/approachTo investigate phishing attacks, the authors provide a detailed overview of previous research on phishing techniques by conducting a systematic literature review of n = 367 peer-reviewed academic papers published in ACM Digital Library. Also, the authors report on an evaluation of a high school community. The authors engaged 57 high school students and faculty members (12 high school students, 45 staff members) as participants in research using signal detection theory (SDT).FindingsThrough the literature review which goes back to as early as 2004, the authors found that only 13.9% of papers focused on user studies. In the user study, through scenario-based analysis, participants were tasked with distinguishing phishing e-mails from authentic e-mails. The results revealed an overconfidence bias in self-detection from the participants, regardless of their technical background.Originality/valueThe authors conducted a literature review with a focus on user study which is a first in this field as far the authors know. Additionally, the authors conducted a detailed user study with high school students and faculty using SDT which is also an understudied area and population.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:2056-4961
2056-497X
DOI:10.1108/ICS-12-2020-0204