Abstract
Reports continue to testify that the problem of phishing remains pertinent in many industries today. This descriptive study investigated 126 university students’ responses to various forms of phishing emails and other security-related behaviours through a self-designed questionnaire. The majority of the participants reported having an average experience in using computers and the Internet. Most participants chose to respond to phishing emails purportedly originating from Facebook and university contexts thus supporting that users are more likely to fall victim to phishing if the message is of interest or has relevance to their context. However, susceptibility was significantly reduced when users were presented with emails that imitate well-known South African banking institutions. This may suggest that users are either aware of phishing schemes that impersonate banking institutions, or they feel uncomfortable giving up personal information when they feel more at risk to be affected financially. The results from this study offer insights on behavioural aspects that can assist the information security community in designing and implementing more efficient controls against phishing attacks. Furthermore, this study suggests that researchers should consider exploring the behaviour of social media users as they can be vulnerable to phishing.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Purkait, S.: Phishing counter measures and their effectiveness - literature review. Inf. Manag. Comput. Secur. 20(5), 382–420 (2015)
Yates, D., Harris, A.L.: Phishing attacks over time: a longitudinal study. In: Twenty-First Americas Conference on Information Systems, Puerto Rico (2015)
Symantec, Internet Security Threat Report 2017, vol. 22, April 2017. https://www.symantec.com/content/dam/symantec/docs/reports/istr-22-2017-en.pdf. Accessed 9 Mar 2018
APWG, Phishing Activity Trends Report, 4th Quarter 2016. https://docs.apwg.org/reports/apwg_trends_report_q4_2016.pdf. Accessed 10 Mar 2018
APWG, Phishing Activity Trends Report, 3rd Quarter 2017. http://docs.apwg.org/reports/apwg_trends_report_q3_2017.pdf. Accessed 10 Mar 2018
ProofPoint, Quarterly Threat Summary–Q4 2016 & Year In Review, https://www.proofpoint.com/sites/default/files/proofpoint_q4_threat_report-final.pdf
Roberts, J.J.: Facebook and Google Were Victims of $100M Payment Scam, Fortune, 27 April 2017. http://fortune.com/2017/04/27/facebook-google-rimasauskas/
Abbasi, A., Lau, R.Y., Brown, D.E.: Predicting behavior. IEEE Intell. Syst. 30(3), 35–43 (2015)
Metzger, M.J., Flanagin, A.J.: Credibility and trust of information in online environments: the use of cognitive heuristics. J. Pragmat. 59, 210–220 (2013)
Mayhorn, C.B., Welka, A.K., Zielinska, O.A., Murphy-Hill, E.: Assessing individual differences in a phishing detection task. In: Proceedings 19th Triennial Congress of the IEA, Melbourne (2015)
Wombat Security Technologies, “State of the Phish 2018 Report”. https://www.wombatsecurity.com/state-of-the-phish. Accessed 10 Apr 2018
Statista, Number of monthly active Facebook users worldwide as of 4th quarter 2017 (in millions). https://www.statista.com/statistics/264810/number-of-monthly-active-facebook-users-worldwide/. Accessed 22 Mar 2018
Patricios, O., Goldstuck, A.: SA Social Media Landscape 2018. World Wide Worx (2018). http://website.ornico.co.za/2017/09/sa-social-media-2018/. Accessed 12 Apr 2018
Dhamija, R., Tygar, J.D., Hearst, M.: Why phishing works. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 581–590. ACM, Montreal (2006)
Wu, M., Miller, R.C., Garfinkel, S.L.: Do security toolbars actually prevent phishing attacks? In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 601–610. ACM, Montreal (2006)
Downs, J.S., Holbrook, M.B., Cranor, L.F.: Decision strategies and susceptibility to phishing. In: Proceedings of the 2nd Symposium on Usable Privacy and Security, pp. 79–90. ACM, Pittsburgh (2006)
Egelman, S., Cranor, L.F., Hong, J.: You’ve been warned: an empirical study of the effectiveness of web browser phishing warnings. In: Proceedings of the 26th Annual SIGCHI Conference on Human Factors in Computing Systems, pp. 1065–1074. ACM, Florence(2008)
Jagatic, T.N., Johnson, N.A., Jakobsson, M., Menczer, F.: Social phishing. Commun. ACM 50(10), 94–100 (2007)
Silic, M., Back, A.: The dark side of social networking sites: understanding phishing risks. Comput. Hum. Behav. 60, 35–43 (2016)
Hameed, K., Rehman, N.: Today’s social network sites: an analysis of emerging security risks and their counter measures. In: International Conference on Communication Technologies (ComTech), pp. 143–148. IEEE, Pakistan (2017)
Halevi, T., Lewis, J., Memon, N.: A pilot study of cyber security and privacy related behavior and personality traits. In: Proceedings of the 22nd International Conference on World Wide Web Companion, pp. 737–744. ACM, Rio de Janeiro (2013)
Vishwanath, A.: Habitual Facebook use and its impact on getting deceived on social media. J. Comput. Mediat. Commun. 20, 83–98 (2015)
Vishwanath, A.: Getting phished on social media. Decis. Support Syst. 103, 70–81 (2017)
Mouton, F., Malan, M.M., Venter, H.S.: Social engineering from a normative ethics perspective. In: Information Security South Africa, Johannesburg, pp. 1–8 (2013)
Langheinrich, M., Karjoth, G.: Social networking and the risk to companies and institutions. Inf. Secur. Tech. Rep. 15, 51–56 (2010)
ProofPoint, The Human Factor Report 2016. https://www.proofpoint.com/sites/default/files/human-factor-report-2016.pdf. Accessed 22 Mar 2018
Luo, X., Zhang, W., Burd, S., Seazzu, A.: Investigating phishing victimization with the Heuristic-Systematic model: a theoretical framework and an exploration. Comput. Secur. 38, 28–38 (2013)
Harrison, B., Svetieva, E., Vishwanath, A.: Individual processing of phishing emails How attention and elaboration protect against phishing. Online Inf. Rev. 40(2), 265–281 (2016)
Ferreira, A., Coventry, L., Lenzini, G.: Principles of persuasion in social engineering and their use in phishing. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2015. LNCS, vol. 9190, pp. 36–47. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-20376-8_4
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Frauenstein, E.D. (2019). An Investigation into Students Responses to Various Phishing Emails and Other Phishing-Related Behaviours. In: Venter, H., Loock, M., Coetzee, M., Eloff, M., Eloff, J. (eds) Information Security. ISSA 2018. Communications in Computer and Information Science, vol 973. Springer, Cham. https://doi.org/10.1007/978-3-030-11407-7_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-11407-7_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-11406-0
Online ISBN: 978-3-030-11407-7
eBook Packages: Computer ScienceComputer Science (R0)