This item is available under a Creative Commons License for non-commercial use only
In the past 25 years, the internet has grown and evolved from a niche networking technology, used almost exclusively by researchers and enthusiasts, into the driving force of modern economies. Fraud has evolved too, with rates of cybercrime on the increase as criminals become increasingly sophisticated in using technology to deceive their victims. The world is an online place, and data is the new oil. Phishing is a form of social engineering that is not that different from traditional fraud. Phishing attackers try to trick their victims into revealing valuable private information, usually for financial gain, by posing as a legitimate, trusted entity through the use of technical and contentrelated deceptions. There have been several high profile data breaches in the last number of years, and these usually begin with a successful phishing attack. At the other end of the spectrum, private individuals regularly fall victim to smaller phishing crimes, the majority of which are never reported. A lot of research has been done to identify exactly who falls for a phishing scam, identifying four categories: 1. Demographics, 2. Experience, 3. Attitude to Privacy and 4. Computer SelfEfficacy. The existing body of knowledge, however, is inconclusive regarding what groups within these categories are most at risk. This study seeks to better understand what factors influence a person’s susceptibility to phishing attacks, revisiting existing research but in a climate where even the most basic internet user is now aware of cybercrime and using a large and diverse sample of participants. In addition, the study investigates if respondents from different groups rely more or less on technical or nontechnical slues when evaluating the legitimacy of an email. The study was conducted over a period of several weeks, and over two hundred participants completed a survey and phishing test where they were asked to evaluate the legitimacy of ten emails presented as screenshots and accompanied by a scenario describing the context within which the email was received. The results of the survey and test were analysed to identify any statistically significant information. Results from the study indicate that factors of demographics and computer self-efficacy may have a significant impact on user susceptibility to phishing. Information regarding the relevance of experience and attitude to privacy were inconclusive. The investigation into how respondents were processing information found no significant difference between the best and worst performers across all categories however the group of respondents, as a whole, were more successful at identifying content-based deception over technical deception by a marginal amount.
Marriott, Charlie (2018). Through the net: investigating how user characteristics influence susceptibility to phishing. Masters dissertation, DIT, 2018.