An Assessment of End-user Vulnerability to Phishing Attacks

ABSTRACT

Phishing has grown to become a significant threat to unsuspecting Internet users. This paper investigates user susceptibility to such attacks by assessing the degree to which they can differentiate between phishing messages and those that are genuine. A web-based survey was used to present a mix of 20 legitimate and illegitimate emails, and participants were asked to classify them and explain the rationale for their decisions. A total of 179 participants were involved in the study, and results reveal that they were 36% successful in identifying legitimate emails and 45% successful in spotting illegitimate ones.  Additionally, in many cases, the participants who identified illegitimate emails correctly could not provide convincing reasons for their selections.  


AUTHORS

Computer Engineering and Communications, John Moores University, Liverpool
UK

Athanasios Karakasiliotis was born in Athens, Greece, and studied Computer Engineering and Communications in John Moores University in Liverpool, UK. After his graduation in July 2005, he attended the MRes Information System Security course at University of Plymouth, UK (2005-2006), where he was a researcher within the Network Research Group. His current interests include security awareness of Internet users in social engineering and phishing attacks.

Photo of Professor Steve Furnell

School of Computer Science University of Nottingham,
Nottingham, United Kingdom

Steven Furnell is a professor of cyber security at the University of Nottingham. He is also an Honorary Professor with Nelson Mandela University in South Africa and an Adjunct Professor with Edith Cowan University in Western Australia. His research interests include: usability of security and privacy, security management and culture, and technologies for user authentication and intrusion detection. He has authored over 340 papers in refereed international journals and conference proceedings, as well as books including Cybercrime: Vandalizing the Information Society and Computer Insecurity: Risking the System. Prof. Furnell is the Chair of Technical Committee 11 (security and privacy) within the International Federation for Information Processing, and a board member of the Chartered Institute of Information Security.

Network Research Group of Engineering, University of Plymouth
UK

Maria Papadaki was born in Iraklio of Crete, Greece and studied Informatics in the Technological Educational Institute (T.E.I.) of Athens. After her graduation in November 1997, she worked for two years for the Library and the Network Operating Centre of the Athens School of Fine Arts. Funded by the State Scholarships Foundation (SSF) of Engineering at University of Plymouth, UK, and is currently a PhD student within the Network Research Group of the University. Current interests include intrusion detection and methods of automated system response.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.

Subscribe

Keywords

A

AI
APT

C

C2
C2S
CDX
CIA
CIP
CPS

D

DNS
DoD
DoS

I

IA
ICS

S

SOA

X

XRY

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

Principal Office

  • Journal of Information Warfare
  • ArmisteadTEC
  • 525 Landfall Arch,
  • Virginia Beach, VA 23462

Registered Agent and Mailing Address

  • Journal of Information Warfare
  •  ArmisteadTEC
  • Dr Leigh Armistead, President
  • 1624 Wakefield Drive
  • Virginia Beach, VA 23455

 757.510.4574

 JIW@ArmisteadTec.com