Phishing for phishing awareness

  title={Phishing for phishing awareness},
  author={Kenny Olof Robert Jansson and Rossouw von Solms},
  journal={Behaviour \& Information Technology},
  pages={584 - 593}
  • K. Jansson, R. Solms
  • Published 1 June 2013
  • Computer Science
  • Behaviour & Information Technology
Using various social-engineering techniques, criminals run havoc on the Internet and defraud many people in a number of different ways. This puts various organisational communities at risk. Therefore, it is important that people within such communities should learn how to protect themselves when active in cyberspace, or when dealing with cyber-related technologies. Training can indeed play a big role in this regard, and consequently, assist by altering the insecure behaviour of many people. The… 
Human Factors in Phishing Attacks: A Systematic Literature Review
A systematic literature review conducted to draw a “big picture” of the most important research works performed on human factors and phishing helps in understanding how human factors should be considered to defend against phishing attacks.
Phishing and Organisational Learning
This paper describes a practical phishing experiment that was conducted at a large organisation and shows how a learning process was initiated and how security incidents such as phishing can be used successfully for both single and double-loop learning.
Spear phishing in a barrel: Insights from a targeted phishing campaign
The results indicate that training users with individual loss messaging might increase the effectiveness of the training, and potential evidence that organizational training can lead to increased overall spear phishing awareness, even for those not directly trained is found.
Influencing Outcomes and Behaviors in Simulated Phishing Exercises
It is found that behavior-based controls were more successful in reducing susceptibility to phishing, primarily when implemented as targeted training that was repeated multiple times.
A Framework to Protect Against Phishing Attacks
A framework to protect againstphishing attacks by enhancing the users' awareness to detect phishing attacks is presented, which has two major components, which are animation videos for training awareness and gamification part to assess the delivered knowledge.
Using Intervention Mapping to Breach the Cyber-Defence Deficit
This paper proposes using a technique borrowed from the health arena, “Intervention Mapping”, to target security awareness training more effectively, and opens a discourse in the community about how to arrive at more effective awareness-raising endeavours.
This paper based on recent literature first gives a general overview on social engineering as mean for phishing and then evaluates how awareness as preventive measure is considered effective in the selected literature.
Developing a measure of information seeking about phishing
Higher perceived threat severity, self-efficacy and response efficacy were associated with greater intentions, while greater perceived vulnerability was associated with lower intentions and no relationship was found with phishing discrimination ability.
The Role of Health Concerns in Phishing Susceptibility: Survey Design Study
This study shed light on the danger of higher health concerns in enabling the number one cybercrime, and highlighted the important of personality-based factors in phishing attacks.
Baiting the hook: factors impacting susceptibility to phishing attacks
Gender and the years of PC usage have a statistically significant impact on the detection rate of phishing; pop-up based attacks have a higher rate of success than the other tested strategies; and, the psychological anchoring effect can be observed in phishing as well.


Identity Theft - Empirical evidence from a Phishing Exercise
The findings of this phishing experiment are presented where alarming results on the staff behavior are shown and educational and awareness activities pertaining to email environments are of utmost importance to manage the increased risks of identity theft.
Teaching Johnny not to fall for phish
The results suggest that, while automated detection systems should be used as the first line of defense against phishing attacks, user education offers a complementary approach to help people better recognize fraudulent emails and websites.
The state of phishing
Phishing for user security awareness
Measuring Resistance to Social Engineering
A real life SE experiment involving 120 participants has been completed and suggests that SE may indeed represent an Achilles heel, and there needs to be a SE resistance metric.
Fostering E-Mail Security Awareness: The West Point Carronade
An e-mail security awareness exercise called the West Point Carronade was designed and developed as a proof-ofconcept response to this need to make sure cadets were practicing good e- Mail security, and was designed to point out this security awareness deficiency.
Social Engineering: Towards A Holistic Solution
This paper is to present guidance in the form of a flowchart which should give employees some guidance on how to act when faced with a potential Social Engineering attack, and should reduce the risk related to Social Engineering significantly.
School of phish: a real-world evaluation of anti-phishing training
Results of this study show that users trained with PhishGuru retain knowledge even after 28 days; adding a second training message to reinforce the original training decreases the likelihood of people giving information to phishing websites; and training does not decrease users' willingness to click on links in legitimate messages.
Social Engineering and its Countermeasures
A taxonomy for classifying social engineering attacks along four dimensions is introduced: who or what the targets are, what media are used, how the attacks fit in an attack cycle, and the techniques used to execute the attacks.