An Assessment of End-user Vulnerability to Phishing Attacks


Phishing has grown to become a significant threat to unsuspecting Internet users. This paper investigates user susceptibility to such attacks by assessing the degree to which they can differentiate between phishing messages and those that are genuine. A web-based survey was used to present a mix of 20 legitimate and illegitimate emails, and participants were asked to classify them and explain the rationale for their decisions. A total of 179 participants were involved in the study, and results reveal that they were 36% successful in identifying legitimate emails and 45% successful in spotting illegitimate ones.  Additionally, in many cases, the participants who identified illegitimate emails correctly could not provide convincing reasons for their selections.  


Computer Engineering and Communications, John Moores University, Liverpool

Athanasios Karakasiliotis was born in Athens, Greece, and studied Computer Engineering and Communications in John Moores University in Liverpool, UK. After his graduation in July 2005, he attended the MRes Information System Security course at University of Plymouth, UK (2005-2006), where he was a researcher within the Network Research Group. His current interests include security awareness of Internet users in social engineering and phishing attacks.

Network Research Group, University of Plymouth, UK;
Adjunct Associate Professor, Edith Cowan University, Western Australia

Prof. Steven Furnell is the head of the Network Research Group at the University of Plymouth in the United Kingdom, and an Adjunct Associate Professor with Edith Cowan University in Western Australia. He specialises in computer security and has been actively researching in the area for fourteen years, with current areas of interest including security management, computer crime, user authentication, and security usability.

Prof. Furnell is a Fellow and Branch Chair of the British Computer Society (BCS), a Senior Member of the Institute of Electrical and Electronics Engineers (IEEE), and a UK representative in International Federation for Information Processing (IFIP) working groups relating to Information Security Management (of which he is the current chair), Network Security, and Information Security Education. He is the author of over 160 papers in refereed international journals and conference proceedings, as well as the books Cybercrime: Vandalizing the Information Society (2001) and Computer Insecurity: Risking the System (2005). Further details can be found at

Network Research Group of Engineering, University of Plymouth

Maria Papadaki was born in Iraklio of Crete, Greece and studied Informatics in the Technological Educational Institute (T.E.I.) of Athens. After her graduation in November 1997, she worked for two years for the Library and the Network Operating Centre of the Athens School of Fine Arts. Funded by the State Scholarships Foundation (SSF) of Engineering at University of Plymouth, UK, and is currently a PhD student within the Network Research Group of the University. Current interests include intrusion detection and methods of automated system response.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.













Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.


Get in touch

  • Journal of Information Warfare
    114 Ballard Street
    Yorktown, VA
  • 757.871.3949