Patsita Sirawongphatsara,Phisit Pornpongtechavanich,Nattapong Phanthuna,Therdpong Daengsi

2024-10-07

Abstract:Nowadays, cybersecurity is crucial. Therefore, cybersecurity awareness should be a concern for businesses, particularly critical infrastructure organizations. The results of this study, using simulated phishing attacks, indicate that in the first attempt, workers of a Thai railway firm received a phony email purporting to inform recipients of a special deal from a reputable retailer of IT equipment. The findings showed that 10.9% of the 735 workers fell for the scam. This demonstrates a good level of awareness regarding cyber dangers. The workers who were duped by the initial attack received awareness training. Next, a second attempt was carried out. This time, the strategy was for the workers to change their passwords through an email notification from the fake IT staff. According to the findings, 1.4% of the workers fell victim to both attacks (different email content), and a further 8.0% of the workers who did not fall victim to the first attack were deceived. Furthermore, after the statistical analysis, it was confirmed that there is a difference in the relationship between the workers and the two phishing attack simulations using different content. As a result, this study has demonstrated that different types of content can affect levels of awareness.

Cryptography and Security,Human-Computer Interaction

Amar Johri,Shailendra Kumar

DOI: https://doi.org/10.1155/2023/2103442

2023-01-12

Human Behavior and Emerging Technologies

Abstract:The annual rate of cybersecurity breaches has risen in the last few years, exposing millions of records in some cases. The average data breach cost in 2021 was a massive $4.24 million. This study examines customer awareness and satisfaction with cybersecurity in the context of the digital transformation of banking in Saudi Arabia. The study is empirical and based on the data collected from 355 banking customers in Saudi Arabia. Three significant aspects of cybersecurity, including cyberattacks, phishing, and hacking, have been analyzed through various dimensions. Customer satisfaction with bank cybersecurity assistance and their expectations of technical support and services on cybersecurity has also been studied. ANOVA and bivariate regression analysis are used to study the impact of cyberattack, phishing, hacking, cybersecurity assistance, and expectations on cybersecurity’s technical awareness on customer satisfaction. The results show that digital transformation has boosted the banking sector, and users benefit from online services. However, an increase in the awareness level of customers on cyberattack, phishing, and hacking activities will influence customers’ satisfaction with digital transactions. The results also revealed that customers need more satisfaction on security level aspects from the bank’s side, and banks should provide regular training programs to safeguard customers from cyberattacks. If banks prepare more secure cybersecurity management, their long-term sustainability goals could be easily achieved.

Mohammed A. Alqahtani

DOI: https://doi.org/10.3390/app12052589

2022-03-02

Applied Sciences

Abstract:One of the essential stages in increasing cyber security is implementing an effective security awareness program. This work studies the present level of security knowledge among Imam Abdulrahman Bin Faisal University college students. A module was created to assist the students in becoming more informed. The main contribution of this work is an assessment of cybersecurity awareness among the university students based on three essential aspects: password security, browser security, and social media. Numerous questions were designed and sent to them to evaluate their awareness. The current survey received as many as 450 responses with their answers. Various statistical analyses were applied to the responses, including the validity and reliability test, feasibility test of a variable, correlation test, multicollinearity test, multiple regression, and heteroskedasticity test, carried out using SPSS. Furthermore, a multiple linear regression model and coefficient of determination, a hypothesis test, ANOVA test, and a partial test using ANOVA were also carried out. The hypothesis investigated here concerns password security, browser security, and social media. The results of partial hypothesis testing using a t-test showed that the password security variable significantly affects cybersecurity awareness (p-value = 0.0001). The regression coefficient of the password security variable in the multiple linear regression model was found to have a beta value of 0.147. In addition, the browser security variable significantly affects awareness, with a p-value = 0.0001. The regression coefficient of the password security variable had a beta value of 0.188. The social media activities variable significantly affects cybersecurity awareness (p-value = 0.0001). The regression coefficient of the social media activities variable had a beta value of 0.241. Based on the research conducted, it is concluded that knowledge of password security, browser security, and social media activities significantly influences cybersecurity awareness in students. Overall, students have realized the importance of cybersecurity awareness.

Wilson Cheong Hin Hong,ChunYang Chi,Jia Liu,YunFeng Zhang,Vivian Ngan-Lin Lei,XiaoShu Xu

DOI: https://doi.org/10.1007/s10639-022-11121-5

2022-07-02

Education and Information Technologies

Abstract:A multitude of studies have suggested potential factors that influence internet security awareness (ISA). Some, for example, used GDP and nationality to explain different ISA levels in other countries but yielded inconsistent results. This study proposed an extended knowledge-attitude-behaviour (KAB) model, which postulates an influence of the education level of society at large is a moderator to the relationship between knowledge and attitude . Using exposure to a full-time working environment as a proxy for the influence, it was hypothesized that significant differences would be found in the attitude and behaviour dimensions across groups with different conditions of exposure and that exposure to full-time work plays a moderating role in KAB. To test the hypotheses, a large-scale survey adopting the Human Aspects of Information Security Questionnaire (HAIS-Q) was conducted with three groups of participants, namely 852 Year 1–3 students, 325 final-year students (age = 18–25) and 475 full-time employees (age = 18–50) in two cities of China. MANOVA and subsequent PROCESS regression analyses found a significant negative moderating effect of work exposure , which confirmed the proposed model. However, the effect was more pervasive than expected and moderation was found in the interaction between work exposure and all three ISA dimensions. The social influence does not only reshape the cybersecurity attitude of the highly educated, but also knowledge and behaviour . Findings contribute theoretically, methodologically and practically, offering novel perspectives on ISA research and prompting new strategies to respond to human factors.

education & educational research

Moti Zwilling,Galit Klien,Dušan Lesjak,Łukasz Wiechetek,Fatih Cetin,Hamdullah Nejat Basim

DOI: https://doi.org/10.1080/08874417.2020.1712269

2020-02-14

Journal of Computer Information Systems

Abstract:Cyber-attacks represent a potential threat to information security. As rates of data usage and internet consumption continue to increase, cyber awareness turned to be increasingly urgent. This study focuses on the relationships between cyber security awareness, knowledge and behavior with protection tools among individuals in general and across four countries: Israel, Slovenia, Poland and Turkey in particular. Results show that internet users possess adequate cyber threat awareness but apply only minimal protective measures usually relatively common and simple ones. The study findings also show that higher cyber knowledge is connected to the level of cyber awareness, beyond the differences in respondent country or gender. In addition, awareness is also connected to protection tools, but not to information they were willing to disclose. Lastly, findings exhibit differences between the explored countries that affect the interaction between awareness, knowledge, and behaviors. Results, implications, and recommendations for effective based cyber security training programs are presented and discussed.

computer science, information systems

Daniele Lain,Kari Kostiainen,Srdjan Capkun

DOI: https://doi.org/10.48550/arXiv.2112.07498

2021-12-14

Cryptography and Security

Abstract:In this paper, we present findings from a large-scale and long-term phishing experiment that we conducted in collaboration with a partner company. Our experiment ran for 15 months during which time more than 14,000 study participants (employees of the company) received different simulated phishing emails in their normal working context. We also deployed a reporting button to the company's email client which allowed the participants to report suspicious emails they received. We measured click rates for phishing emails, dangerous actions such as submitting credentials, and reported suspicious emails. The results of our experiment provide three types of contributions. First, some of our findings support previous literature with improved ecological validity. One example of such results is good effectiveness of warnings on emails. Second, some of our results contradict prior literature and common industry practices. Surprisingly, we find that embedded training during simulated phishing exercises, as commonly deployed in the industry today, does not make employees more resilient to phishing, but instead it can have unexpected side effects that can make employees even more susceptible to phishing. And third, we report new findings. In particular, we are the first to demonstrate that using the employees as a collective phishing detection mechanism is practical in large organizations. Our results show that such crowd-sourcing allows fast detection of new phishing campaigns, the operational load for the organization is acceptable, and the employees remain active over long periods of time.

Giddeon Njamngang Angafor,Iryna Yevseyeva,Leandros Maglaras

DOI: https://doi.org/10.1007/s10207-023-00809-5

2024-01-29

International Journal of Information Security

Abstract:Cyber security threats, including risks to remote workers, are varied and diverse, with the number of scams and business email compromise breaches increasing. Firms and their staff are experiencing mass phishing attacks, several typical precursors to more sinister attacks like cyber-enabled fraud, ransomware, and denial of service (DDoS) attacks. Threat actors are leveraging new technologies such as machine learning and artificial intelligence (AI) to deliver sophisticated scam and phishing messages that are challenging for users to identify as malicious. Several businesses are increasing technical efforts in critical areas, including network hardening, robust patching, anti-malware, ransomware detection applications, and multi-factor authentication to detect, prevent, and recover from potential threats. Despite that, these measures provide only a partial solution if the users who access the systems do not have good security awareness training. In this study, we review some cyber risks related to remote working and detail how they can be remediated through regular security awareness education campaigns (SAECs). The study presents the results of a proof of concept (PoC) experiment conducted to establish the value of regular SAECs in the fight against scams and phishing attacks against remote workers. The pilot results confirm that securing the remote office requires a robust SAEC. It argues that to be successful and help staff protect business systems and data, SAECs must be regular and varied, providing opportunities for staff to understand what to look for in suspicious scams and phishing emails. Moreover, they must provide opportunities for staff to practice their knowledge and understanding through practical exercises such as spam and phishing simulation exercises, which could help users avoid falling victim to spam and phishing emails.

computer science, information systems, theory & methods, software engineering

Laura Gamisch,Daniela Pöhn

DOI: https://doi.org/10.1145/3600160.3605006

2023-08-29

Abstract:Phishing is a major cyber threat to organizations that can cause financial and reputational damage, threatening their existence. The technical measures against phishing should be complemented by awareness training for employees. However, there is little validation of awareness measures. Consequently, organizations have an additional burden when integrating awareness training, as there is no consensus on which method brings the best success. This paper examines how awareness concepts can be successfully implemented and validated. For this purpose, various factors, such as requirements and possible combinations of methods, are taken into account in our case study at a small- and medium-sized enterprise (SME). To measure success, phishing exercises are conducted. The study suggests that pleasant campaigns result in better performance in the simulated phishing exercise. In addition, significant improvements and differences in the target groups could be observed. The implementation of awareness training with integrated key performance indicators can be used as a basis for other organizations.

Cryptography and Security

Indah Daila Sari,Dedy Hariyadi,Rama Sahtyawan,Netania Indi Kusumaningtyas

DOI: https://doi.org/10.30989/teknomatika.v16i2.1250

2023-12-08

Abstract:Phishing is a sort of cybercrime that involves obtaining sensitive information through the use of email, SMS, or compromised websites. The effects of phishing are caused by factors in the Technology Threat Avoidance Theory. The single best way to stop phishing attacks is to increase awareness of the risk of them happening among users or end users (human firewall). To determine the next steps in raising user knowledge, it is necessary to measure cybersecurity awareness, particularly against phishing assaults. Identify a few significant cybersecurity awareness of FTTI University of Jenderal Achmad Yani students in Yogyakarta. The investigation in this case included a phishing test and also employed online observation using observers who were asked questions based on the Technology Threat Avoidance Theory (TTAT). Using the MANOVA analysis method, factors influencing cybersecurity awareness analysis is conducted. Based on the analysis and testing of phishing tests as well as online questionnaires from the sample population, it shows that the sample is at a poor level of awareness. While the analysis of cybersecurity influence factors using the MANOVA analysis method shows that the results of the sig.> 0.05 value so that h0 is rejected. Based on the results of the study, it was concluded that FTTI students were still vulnerable to phishing attacks. Factor analysis using the MANOVA method shows that the dependent factor affects the level of cybersecurity awareness of the respondents but there is no significant difference between the dependent factors.

Alejandra Diaz,Alan T. Sherman,Anupam Joshi

DOI: https://doi.org/10.48550/arXiv.1811.06078

2018-11-15

Abstract:We present an observational study on the relationship between demographic factors and phishing susceptibility at the University of Maryland, Baltimore County (UMBC). In spring 2018, we delivered phishing attacks to 450 randomly-selected students on three different days (1,350 students total) to examine user click rates and demographics among UMBC's undergraduates. Participants were initially unaware of the study. Experiment 1 claimed to bill students; Experiment 2 enticed users with monetary rewards; and Experiment 3 threatened users with account cancellation. We found correlations resulting in lowered susceptibility based on college affiliation, academic year progression, cyber training, involvement in cyber clubs or cyber scholarship programs, time spent on the computer, and age demographics. We found no significant correlation between gender and susceptibility. Contrary to our expectations, we observed greater user susceptibility with greater phishing knowledge and awareness. Students who identified themselves as understanding the definition of phishing had a higher susceptibility than did their peers who were merely aware of phishing attacks, with both groups having a higher susceptibility than those with no knowledge of phishing. Approximately 59% of subjects who opened the phishing email clicked on its phishing link, and approximately 70% of those subjects who additionally answered a demographic survey clicked.

Cryptography and Security

C. D. Omorog,R. P. Medina

DOI: https://doi.org/10.48550/arXiv.2012.03669

2020-11-21

Cryptography and Security

Abstract:Purpose. This paper examines the Internet security perception of Filipinos to establish a need and sense of urgency on the part of the government to create a culture of cybersecurity for every Filipino. Method. A quantitative survey was conducted through traditional, online, and phone interviews among 252 respondents using a two-page questionnaire that covers basic demographic information and two key elements (1) Internet usage and (2) security practices. Results. Based on findings, there is a sharp increase in Internet users for the last three years (50%), and most access to the Internet through mobile (94.4%). Although at home is the most frequent location for Internet access (94.4%), a good percentage still use free WiFi access points available in malls (22.2%), restaurants (11.1%), and other public areas (38.9%) doing Internet services (email and downloading) that are vulnerable to cyberattacks. The study also revealed that although respondents may have good knowledge of Internet security software, proper implementation is very limited. Conclusion. Filipinos are susceptible to cyberattacks, particularly to phishing and malware attacks. Also, the majority of the respondents' Internet security perception is derivative: they practice online measures but with a limited understanding of the purpose. Therefore proper education, through training and awareness, is an effective approach to remedy the situation. Recommendations. The Philippine government must now take actions and tap industries to educate Filipinos about Internet security before any negative consequences happen in the future. Research Implications. The information collected sets a clear picture of the importance of cybersecurity awareness from a regional to a global perspective.

Salinee Thumronglaohapun,Benchalak Maneeton,Narong Maneeton,Sasikarn Limpiti,Natthaporn Manojai,Jeerayut Chaijaruwanich,Unyamanee Kummaraka,Ruethaichanok Kardkasem,Tanarat Muangmool,Suttipong Kawilapat,Kanokkarn Juntaping,Patrinee Traisathit,Pimwarat Srikummoon

DOI: https://doi.org/10.1371/journal.pone.0267702

IF: 3.7

2022-04-29

PLoS ONE

Abstract:The modern online society requires everyone, especially children and young people, to learn how to use the Internet. Cyberbullying is one misuse that can be detrimental to the cyberbullied individuals’ mental health and lifestyle, and it often ends up with the victim becoming depressed, fearful of society, and in the worst cases, suicidal ideation. The aim of this study is to investigate the awareness, perception, and perpetration of cyberbullying by high school students and undergraduates to find ways to prevent cyberbullying in the future. For this cross-sectional study, data were collected in 2020 from 14 schools throughout Thailand and 4 universities in Chiang Mai, Thailand, using two-stage sampling. Chi-squared tests were used to compare differences between the groups. Of the 2,683 high school students, girls perceived cyberbullying more than boys (81.6% vs. 75.4%; p <0.001), with those from the later academic years being more aware of cyberbullying ( p = 0.033) and more likely to conduct cyberbullying behavior ( p = 0.027). Of the 721 undergraduates, women were more aware of cyberbullying than men (92.1% vs. 82.7%; p <0.001). The most common cause of cyberbullying was aiming to tease the target (67.6% of high school students vs. 82.5% of undergraduates). The most commonly cyberbullying victimization was sending mocking or rebuking messages (29.6% of high school students and 39.6% of undergraduates). The most popular solutions for cyberbullying were to avoid leaving a trace on social media and be with friends who accept who you are. Our findings show that most of the cyberbullying perpetrators did not consider that their actions would have serious consequences and only carried out cyberbullying because of wanting to tease their victims. This is useful information for the cyberbullying solution center, teachers, and parents to recognize how to make the students realize the effects of cyberbullying on the victims.

multidisciplinary sciences

Tian Lin,Daniel E. Capecci,Donovan M. Ellis,Harold A. Rocha,Sandeep Dommaraju,Daniela S. Oliveira,Natalie C. Ebner

DOI: https://doi.org/10.1145/3336141

2019-10-31

Abstract:Phishing is fundamental to cyber attacks. This research determined the effect of Internet user age and email content such as weapons of influence (persuasive techniques that attackers can use to lure individuals to fall for an attack) and life domains (a specific topic or aspect of an individual's life that attackers can focus an email on) on spear-phishing (targeted phishing) susceptibility. In total, 100 young and 58 older users received, without their knowledge, daily simulated phishing emails over 21 days. A browser plugin recorded their clicking on links in the emails as an indicator of their susceptibility. Forty-three percent of users fell for the simulated phishing emails, with older women showing the highest susceptibility. While susceptibility in young users declined across the study, susceptibility in older users remained stable. The relative effectiveness of the attacks differed by weapons of influence and life domains with age-group variability. In addition, older compared to young users reported lower susceptibility awareness. These findings support effects of Internet user demographics and email content on susceptibility to phishing and emphasize the need for personalization of the next generation of security solutions.

computer science, information systems, cybernetics

Yi Yong Lee,Chin Lay Gan,Tze Wei Liew

DOI: https://doi.org/10.3390/ijerph20043514

2023-02-16

Abstract:Context: The cause of cybercrime phishing threats in Malaysia is a lack of knowledge and awareness of phishing. Objective: The effects of self-efficacy (the ability to gain anti-phishing knowledge) and protection motivation (attitude toward sharing personal information online) on the risk of instant messaging phishing attacks (phishing susceptibility) are investigated in this study. The protection motivation theory (PMT) was tested in the context of attitudes toward sharing personal information online with a view to improving interventions to reduce the risk of phishing victimisation. Methods: Data were collected using non-probability purposive sampling. An online survey of 328 Malaysian active instant messaging users was collected and analysed in SmartPLS version 4.0.8.6 using partial least squares structural equation modelling. Results: The results showed that a person's cognitive factor (either high or low self-efficacy) affected their chance of being a victim of instant message phishing. A higher level of self-efficacy and a negative attitude towards sharing personal information online were significant predictors of phishing susceptibility. A negative attitude towards sharing personal information online mediated the relationship between high levels of self-efficacy and phishing susceptibility. A higher level of self-efficacy led to the formation of negative attitudes among internet users. Attitudes toward the sharing of personal information online are critical because they allow phishing attempts to exist and succeed. Conclusions: The findings give government agencies more information on how to organise anti-phishing campaigns and awareness programmes; awareness and education can improve one's ability to acquire anti-phishing knowledge (self-efficacy).

Temitayo Oluwaseun Abrahams,Oluwatoyin Ajoke Farayola,Simon Kaggwa,Prisca Ugomma Uwaoma,Azeez Olanipekun Hassan,Samuel Onimisi Dawodu

DOI: https://doi.org/10.51594/csitrj.v5i1.708

2024-01-11

Computer Science & IT Research Journal

Abstract:As organizations continue to grapple with the escalating threat landscape of cyber-attacks, the imperative to fortify their cybersecurity defenses becomes increasingly paramount. This review delves into the critical realm of cybersecurity awareness and education programs, focusing on the pivotal factors of employee engagement and accountability. The effectiveness of these programs in cultivating a cyber-resilient workforce is scrutinized through an extensive examination of existing literature, empirical studies, and industry practices. The review begins by exploring the foundational elements of cybersecurity awareness programs, elucidating the significance of imparting knowledge and instilling a culture of vigilance among employees. It examines the diverse methodologies employed in these programs, ranging from interactive workshops and simulated phishing exercises to online modules and gamified learning platforms. A comparative analysis of these approaches sheds light on their respective strengths and limitations. A central theme of this review revolves around the nexus between employee engagement and cybersecurity resilience. It delves into the psychological and behavioral aspects of engagement, assessing how motivational factors and tailored learning experiences contribute to heightened cybersecurity awareness. The impact of organizational culture and leadership support on fostering a sense of responsibility among employees is also explored, emphasizing the need for a holistic approach that transcends mere compliance. Furthermore, the review investigates the role of accountability in sustaining the efficacy of cybersecurity initiatives. It examines the mechanisms employed by organizations to enforce adherence to security policies and protocols, emphasizing the role of robust monitoring systems, clear communication channels, and consequence management. Case studies and real-world examples are integrated to illustrate instances of successful accountability frameworks and their influence on overall cybersecurity posture. This review synthesizes key findings and identifies emerging trends in cybersecurity awareness and education programs, with a particular focus on optimizing employee engagement and fostering a culture of accountability. The insights gleaned from this analysis provide a roadmap for organizations seeking to fortify their defenses against evolving cyber threats by cultivating a vigilant and proactive workforce. Keywords: Cybersecurity, Education, Cyber threat, Employee engagement, Accountability.

Marten de Bruin,Konstantinos Mersinas

2024-05-29

Abstract:Cyber security incidents are increasing and humans play an important role in reducing their likelihood and impact. We identify a skewed focus towards technical aspects of cyber security in the literature, whereas factors influencing the secure behaviour of individuals require additional research. These factors span across both the individual level and the contextual level in which the people are situated. We analyse two datasets of a total of 37,075 records from a) self-reported security behaviours across the EU, and b) observed phishing-related behaviours from the industry security awareness training programmes. We identify that national culture, industry type, and organisational security culture play are influential Variables (antecedents) of individuals' security behaviour at contextual level. Whereas, demographics (age, gender, and level or urbanisation) and security-specific factors (security awareness, security knowledge, and prior experience with security incidents) are found to be influential variables of security behaviour at individual level. Our findings have implications for both research and practice as they fill a gap in the literature and provide concrete statistical evidence on the variables which influence security behaviour. Moreover, findings provides practical insights for organisations regarding the susceptibility of groups of people to insecure behaviour. Consequently, organisations can tailor their security training and awareness efforts (e.g., through behaviour change interventions and/or appropriate employee group profiles), adapt their communications (e.g., of information security policies), and customise their interventions according to national culture characteristics to improve security behaviour.

Cryptography and Security

Shahryar Baki,Rakesh Verma

DOI: https://doi.org/10.48550/arXiv.2109.04661

2021-09-10

Abstract:Several previous studies have investigated user susceptibility to phishing attacks. A thorough meta-analysis or systematic review is required to gain a better understanding of these findings and to assess the strength of evidence for phishing susceptibility of a subpopulation, e.g., older users. We aim to determine whether an effect exists; another aim is to determine whether the effect is positive or negative and to obtain a single summary estimate of the effect. OBJECTIVES: We systematically review the results of previous user studies on phishing susceptibility and conduct a meta-analysis. METHOD: We searched four online databases for English studies on phishing. We included all user studies in phishing detection and prevention, whether they proposed new training techniques or analyzed users' vulnerability. FINDINGS: A careful analysis reveals some discrepancies between the findings. More than half of the studies that analyzed the effect of age reported no statistically significant relationship between age and users' performance. Some studies reported older people performed better while some reported the opposite. A similar finding holds for the gender difference. The meta-analysis shows: 1) a significant relationship between participants' age and their susceptibility 2) females are more susceptible than males 3) users training significantly improves their detection ability

Cryptography and Security,Human-Computer Interaction

Talal Alharbi,Asifa Tassaddiq

DOI: https://doi.org/10.3390/bdcc5020023

2021-05-10

Big Data and Cognitive Computing

Abstract:Information exchange has become increasingly faster and efficient through the use of recent technological advances, such as instant messaging and social media platforms. Consequently, access to information has become easier. However, new types of cybersecurity threats that typically result in data loss and information misuse have emerged simultaneously. Therefore, maintaining data privacy in complex systems is important and necessary, particularly in organizations where the vast majority of individuals interacting with these systems is students. In most cases, students engage in data breaches and digital misconduct due to the lack of knowledge and awareness of cybersecurity and the consequences of cybercrime. The aim of this study was to investigate and evaluate the level of cybersecurity awareness and user compliance among undergraduate students at Majmaah University using a scientific questionnaire based on several safety factors for the use of the Internet. We quantitatively evaluated the knowledge of cybercrime and protection among students to show the need for user education, training, and awareness. In this study, we used a quantitative research methodology and conducted different statistical tests, such as ANOVA, Kaiser–Meyer–Olkin (KMO), and Bartlett’s tests, to evaluate and analyze the hypotheses. Safety concerns for electronic emails, computer viruses, phishing, forged ads, popup windows, and supplementary outbreaks on the Internet were well-examined in this study. Finally, we present recommendations based on the collected data to deal with this common problem.

Fiona Carroll,John Ayooluwa Adejobi,Reza Montasari

DOI: https://doi.org/10.1007/s42979-022-01069-1

Abstract:Phishing attacks are on the increase. The fact that our ways of living, studying and working have drastically changed as a result of the COVID pandemic (i.e., almost everything being done online) has created many new cyber security concerns. In particular, with the move to remote working, the number of phishing emails threatening employees has increased. The 2020 Phishing Attack Landscape Report (Greathorn: 2020 Phishing attack landscape. https://info.greathorn.com/report-2020-phishing-attack-landscape/, 2020) highlights a sharp increase in the frequency of attempted phishing attacks. In this paper, we are interested in how the phishing email attack has evolved to this very threatening state. In detail, we explore the current phishing attack characteristics especially the growing challenges that have emerged as a result of the COVID-19 pandemic. The paper documents a study that presented test participants with five different categories of emails (including phishing and non phishing) . The findings from the study show that participants, generally, found it difficult to detect modern phishing email attacks. Saying that, participants were alert to the spelling mistakes of the older phishing email attacks, sensitive information being requested from them and any slight change to what they were normally used to from an email. Moreover, we have found that people were not confident, worried and often dissatisfied with the current technologies available to protect them against phishing emails. In terms of trust, these feelings alerted us to the increasing severity of the phishing attack situation and just how vulnerable society has become/ still is.

Ashley Sheil,Jacob Camilleri,Moya Cronin,Melanie Gruben,Michelle O Keefe,Hazel Murray,Sanchari Das

2024-10-21

Abstract:The term `Digital Divide' emerged in the mid-1990s, highlighting the gap between those with access to emerging information technologies and those without. This gap persists for older adults even in the 21st century. To address this, our study focused on how older adults in Ireland can feel safer online. We conducted a two-phase study. In Phase I, 58 participants used Dot Voting to identify top cyber-security priorities, including password management, privacy, and avoiding scams. This informed Phase II, where we held focus groups with 31 participants from rural and urban communities in Ireland. Researchers provided tailored advice through presentations and leaflets, followed by open discussions. Our findings show that, despite being highly aware of cyber-scams, older adults remain very concerned about them. Participants expressed hesitation about using online password managers and two-factor authentication but valued advice on privacy and tools that can help them feel more in control online.

Human-Computer Interaction,Computers and Society