Skip to main content
SpringerLink
Log in

An Investigation into Students Responses to Various Phishing Emails and Other Phishing-Related Behaviours

  • Conference paper
  • First Online:
Information Security (ISSA 2018)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 973))

Included in the following conference series:

Abstract

Reports continue to testify that the problem of phishing remains pertinent in many industries today. This descriptive study investigated 126 university students’ responses to various forms of phishing emails and other security-related behaviours through a self-designed questionnaire. The majority of the participants reported having an average experience in using computers and the Internet. Most participants chose to respond to phishing emails purportedly originating from Facebook and university contexts thus supporting that users are more likely to fall victim to phishing if the message is of interest or has relevance to their context. However, susceptibility was significantly reduced when users were presented with emails that imitate well-known South African banking institutions. This may suggest that users are either aware of phishing schemes that impersonate banking institutions, or they feel uncomfortable giving up personal information when they feel more at risk to be affected financially. The results from this study offer insights on behavioural aspects that can assist the information security community in designing and implementing more efficient controls against phishing attacks. Furthermore, this study suggests that researchers should consider exploring the behaviour of social media users as they can be vulnerable to phishing.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Purkait, S.: Phishing counter measures and their effectiveness - literature review. Inf. Manag. Comput. Secur. 20(5), 382–420 (2015)

    Article  Google Scholar 

  2. Yates, D., Harris, A.L.: Phishing attacks over time: a longitudinal study. In: Twenty-First Americas Conference on Information Systems, Puerto Rico (2015)

    Google Scholar 

  3. Symantec, Internet Security Threat Report 2017, vol. 22, April 2017. https://www.symantec.com/content/dam/symantec/docs/reports/istr-22-2017-en.pdf. Accessed 9 Mar 2018

  4. APWG, Phishing Activity Trends Report, 4th Quarter 2016. https://docs.apwg.org/reports/apwg_trends_report_q4_2016.pdf. Accessed 10 Mar 2018

  5. APWG, Phishing Activity Trends Report, 3rd Quarter 2017. http://docs.apwg.org/reports/apwg_trends_report_q3_2017.pdf. Accessed 10 Mar 2018

  6. ProofPoint, Quarterly Threat Summary–Q4 2016 & Year In Review, https://www.proofpoint.com/sites/default/files/proofpoint_q4_threat_report-final.pdf

  7. Roberts, J.J.: Facebook and Google Were Victims of $100M Payment Scam, Fortune, 27 April 2017. http://fortune.com/2017/04/27/facebook-google-rimasauskas/

  8. Abbasi, A., Lau, R.Y., Brown, D.E.: Predicting behavior. IEEE Intell. Syst. 30(3), 35–43 (2015)

    Article  Google Scholar 

  9. Metzger, M.J., Flanagin, A.J.: Credibility and trust of information in online environments: the use of cognitive heuristics. J. Pragmat. 59, 210–220 (2013)

    Article  Google Scholar 

  10. Mayhorn, C.B., Welka, A.K., Zielinska, O.A., Murphy-Hill, E.: Assessing individual differences in a phishing detection task. In: Proceedings 19th Triennial Congress of the IEA, Melbourne (2015)

    Google Scholar 

  11. Wombat Security Technologies, “State of the Phish 2018 Report”. https://www.wombatsecurity.com/state-of-the-phish. Accessed 10 Apr 2018

  12. Statista, Number of monthly active Facebook users worldwide as of 4th quarter 2017 (in millions). https://www.statista.com/statistics/264810/number-of-monthly-active-facebook-users-worldwide/. Accessed 22 Mar 2018

  13. Patricios, O., Goldstuck, A.: SA Social Media Landscape 2018. World Wide Worx (2018). http://website.ornico.co.za/2017/09/sa-social-media-2018/. Accessed 12 Apr 2018

  14. Dhamija, R., Tygar, J.D., Hearst, M.: Why phishing works. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 581–590. ACM, Montreal (2006)

    Google Scholar 

  15. Wu, M., Miller, R.C., Garfinkel, S.L.: Do security toolbars actually prevent phishing attacks? In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 601–610. ACM, Montreal (2006)

    Google Scholar 

  16. Downs, J.S., Holbrook, M.B., Cranor, L.F.: Decision strategies and susceptibility to phishing. In: Proceedings of the 2nd Symposium on Usable Privacy and Security, pp. 79–90. ACM, Pittsburgh (2006)

    Google Scholar 

  17. Egelman, S., Cranor, L.F., Hong, J.: You’ve been warned: an empirical study of the effectiveness of web browser phishing warnings. In: Proceedings of the 26th Annual SIGCHI Conference on Human Factors in Computing Systems, pp. 1065–1074. ACM, Florence(2008)

    Google Scholar 

  18. Jagatic, T.N., Johnson, N.A., Jakobsson, M., Menczer, F.: Social phishing. Commun. ACM 50(10), 94–100 (2007)

    Article  Google Scholar 

  19. Silic, M., Back, A.: The dark side of social networking sites: understanding phishing risks. Comput. Hum. Behav. 60, 35–43 (2016)

    Article  Google Scholar 

  20. Hameed, K., Rehman, N.: Today’s social network sites: an analysis of emerging security risks and their counter measures. In: International Conference on Communication Technologies (ComTech), pp. 143–148. IEEE, Pakistan (2017)

    Google Scholar 

  21. Halevi, T., Lewis, J., Memon, N.: A pilot study of cyber security and privacy related behavior and personality traits. In: Proceedings of the 22nd International Conference on World Wide Web Companion, pp. 737–744. ACM, Rio de Janeiro (2013)

    Google Scholar 

  22. Vishwanath, A.: Habitual Facebook use and its impact on getting deceived on social media. J. Comput. Mediat. Commun. 20, 83–98 (2015)

    Article  Google Scholar 

  23. Vishwanath, A.: Getting phished on social media. Decis. Support Syst. 103, 70–81 (2017)

    Article  Google Scholar 

  24. Mouton, F., Malan, M.M., Venter, H.S.: Social engineering from a normative ethics perspective. In: Information Security South Africa, Johannesburg, pp. 1–8 (2013)

    Google Scholar 

  25. Langheinrich, M., Karjoth, G.: Social networking and the risk to companies and institutions. Inf. Secur. Tech. Rep. 15, 51–56 (2010)

    Article  Google Scholar 

  26. ProofPoint, The Human Factor Report 2016. https://www.proofpoint.com/sites/default/files/human-factor-report-2016.pdf. Accessed 22 Mar 2018

  27. Luo, X., Zhang, W., Burd, S., Seazzu, A.: Investigating phishing victimization with the Heuristic-Systematic model: a theoretical framework and an exploration. Comput. Secur. 38, 28–38 (2013)

    Article  Google Scholar 

  28. Harrison, B., Svetieva, E., Vishwanath, A.: Individual processing of phishing emails How attention and elaboration protect against phishing. Online Inf. Rev. 40(2), 265–281 (2016)

    Article  Google Scholar 

  29. Ferreira, A., Coventry, L., Lenzini, G.: Principles of persuasion in social engineering and their use in phishing. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2015. LNCS, vol. 9190, pp. 36–47. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-20376-8_4

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information Technology, Walter Sisulu University, East London, South Africa

    Edwin Donald Frauenstein

Authors
  1. Edwin Donald Frauenstein
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Edwin Donald Frauenstein .

Editor information

Editors and Affiliations

  1. University of Pretoria, Pretoria, Gauteng, South Africa

    Hein Venter

  2. University of South Africa, Florida, Gauteng, South Africa

    Marianne Loock

  3. University of Johannesburg, Auckland Park, Gauteng, South Africa

    Marijke Coetzee

  4. University of South Africa, Pretoria, Gauteng, South Africa

    Mariki Eloff

  5. University of Pretoria, Pretoria, Gauteng, South Africa

    Jan Eloff

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Frauenstein, E.D. (2019). An Investigation into Students Responses to Various Phishing Emails and Other Phishing-Related Behaviours. In: Venter, H., Loock, M., Coetzee, M., Eloff, M., Eloff, J. (eds) Information Security. ISSA 2018. Communications in Computer and Information Science, vol 973. Springer, Cham. https://doi.org/10.1007/978-3-030-11407-7_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-11407-7_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-11406-0

  • Online ISBN: 978-3-030-11407-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation