International Journal of Information Science and Management (IJISM)

Current Issue

By Issue

By Author

By Subject

Author Index

Keyword Index

About Journal

Aims and Scope

Editorial Board

Publication Ethics

Indexing and Abstracting

Peer Review Process

Journal Metrics

Open Access Policy

Language editing services

Email and Website-Based Phishing Attack: Examining Online Users Security Behavior in Cyberspace Environment

Document Type : Articles

Authors

1 Arba Minch University

2 Ethiopian Civil Service University

Abstract

Despite Emails and websites being widely used for communication, collaboration, and day-to-day activity, not all online users have the same knowledge and skills when determining the credibility of visited websites and email content. As a result, phishing, an identity theft cyber-attack that targets humans rather than computers, was born to harvest internet users' confidential information by taking advantage of human behavior and hurting an organization's continuity, reputation, and credibility. Because the success of phishing attacks depends on human behavior, using the Health-Belief Model, the study's objective is to examine significant factors that influence online users' security behavior in the context of Email and website-based phishing attacks. The model included eight predictor variables and was validated using quantitative data from 138 academic staff. The study findings exhibit that 4 out of 8 predictor variables, namely Perceived-Barriers, Perceived-Susceptibility, Self-efficacy, and Security-Awareness, are statistically significant in determining users' security behavior. The study's outcome is to assist in the appropriate design of both online and offline content for cyber security awareness programs, focusing on Email and website-based phishing attacks.

Keywords

References
Arachchilage, N. A. G. & Love, S. (2014). Security awareness of computer users: A phishing threat avoidance perspective. Computers in Human Behavior, 38, 304-312. https://doi.org/10.1016/j.chb.2014.05.046
Baadel, S. & Lu, J. (2019). Data Analytics: Intelligent Anti-Phishing Techniques Based on Machine Learning. Journal of Information and Knowledge Management, 18(1),1-20. https://doi.org/10.1142/S0219649219500059
Chen, M., Wang, R., Schneider, J. K., Tsai, C., Jiang, D. D., Hung, M. & Lin, L. (2011). Using the health belief model to understand caregiver factors influencing childhood influenza vaccinations. Journal of Community Health Nursing, 28(1), 29–40. https://doi.org/10.1080/07370016.2011.539087
Claar, C. L. (2011). The adoption of computer security: An analysis of home personal computer user behavior using the health belief model. Utah State University. Retrieved from http://digitalcommons.usu.edu/etd/878/
Collett, D. (1991) Modelling Binary Data. Texts in Statistical Science Series, Chapman and Hall, London
Cronbach, L. J. & Meehl, P. E. (1955). Construct validity in psychological test. Psychological Bulletin, 52, 281–302.
Edwards, K. (2015). Examining the security awareness, information privacy, and the security behaviors of home computer users. Doctoral dissertation, Nova Southeastern University. Retrieved from https://nsuworks.nova.edu/gscis_etd/947.
EUC (2020). Survey on scams and fraud experienced by consumers. European Union Commission Fact Sheet, 1-47.
Fagerland, M. W. & Hosmer, D. W. (2017). How to test for goodness of fit in ordinal logistic regression models. Stata Journal, 17(3), 668–686. https://doi.org/10.1177/1536867x1701700308
Frauenstein, E. D. (2014). A framework to mitigate phishing threats. Doctoral Dissertation, Nelson Mandela Metropolitan University, 1- 262. Retrieved from https://www.researchgate.net/publication/267512601
Hair, J. F., Hult, G. T. M., Ringle, C. M. & Sarstedt, M. (2017). A Primer on Partial Least Squares Structural Equation Modeling (PLS-SEM). New York: Sage Publications, 1-390.
Kathrine, G. J. W., Praise, P. M., Rose, A. A. & Kalaivani, E. C. (2019). Variants of phishing attacks and their detection techniques. In Proceedings of the International Conference on Trends in Electronics and Informatics, ICOEI 2019, 255–259. https://doi.org/10.1109/ICOEI.2019.8862697
Kirlappos, I. & Sasse, M. A. (2012). Security Education against Phishing: A Modest Proposal for a Major Rethink. IEEE Security & Privacy Magazine, 10(2), 24–32. https://doi.org/10.1109/msp.2011.179
Krol, K., Moroz, M. & Sasse, M. A. (2012). Don't work. Can't work? Why it's time to rethink security warnings. In  Seventh International Conference on Risks and Security of Internet and Systems (CRiSIS). https://doi.org/10.1109/crisis.2012.6378951
Li, L., Xu, L., He, W., Chen, Y. & Chen, H. (2016). Cyber Security Awareness and Its Impact on Employee's Behavior. In 10th International Conference on Research and Practical Issues of  Enterprise Information Systems (CONFENIS), Vienna, Austria, 103-111. Retrieved from https://hal.inria.fr/hal-01630550
Ng, B., Kankanhalli, A. & Xu, Y. (2009). Studying users' computer security behavior: A health belief perspective. Decision Support Systems, 46, 815-825. https://doi.org/10.1016/j.dss.2008.11.010
Patil, S. & Dhage, S. (2019). A methodical overview on phishing detection along with an organized way to construct an anti-phishing framework. In Fifth International Conference on Advanced Computing & Communication Systems (ICACCS) (pp. 588-593). IEEE.
Pharris, L. J. (2019). Social engineering: How US businesses strengthen the weakest link against cybersecurity threats. Liberty University, 1-216. Retrieved from https://digitalcommons.liberty.edu/doctoral/2159
PhishLabs. (2019). 2019 Phishing Trends and Intelligence Report: The Growing Social Engineering Threat. PhishLabs, Annual Report, 1-30. Retrieved from https://info.phishlabs.com/hubfs/2019%20PTI%20Report/2019%20Phishing%20Trends%20and%20Intelligence%20Report.pdf
PhishMe. (2016). Q1 2016 Malware Review.  PhishMe Intelligence, 2016 1st Quarter Active Threat Reports, 1–15. Retrieved from https://cofense.com/wpcontent/uploads/2017/10/Q1_2016_Malware_Review_PhishMe.pdf
Proofpoint (2020). State of the Phish: An in-depth look at user awareness, vulnerability and resilience, Annual Report, 1-48.
Rea, L. M. & Parker, R. A. (2005). Designing & Conducting Survey Research: A Comprehensive Guide (3rd ed.). Hoboken, NJ: John Wiley & Sons, Inc.
Rosenstock, I. M. (1974). The Health Belief Model and Preventive Health Behavior. Health Education Monographs, 2(4), 354–386. https://doi.org/10.1177/109019817400200405
Schneier. B. (2000). Semantic Attacks: The Third Wave of Network Attacks. Crypto-Gram Newsletter. Retrieved from http://www.schneier.com/crypto-gram-0010.html
Smith, H. J., Milberg, S. J. & Burke, S. J. (1996). Information privacy: Measuring individuals' concerns about organizational practices. MIS Quarterly: Management Information Systems, 20(2), 167–195. https://doi.org/10.2307/249477
Son, J. Y. & Kim, S. S. (2008). Internet users' information privacy-protective responses: A Taxonomy and a nomological model. MIS Quarterly: Management Information Systems, 32(3), 503–529. https://doi.org/10.2307/25148854
Triwidyati, H. & Tentama, F. (2020). Validity and Reliability Construct of Subjective Well-being Scale. International Journal of Sciences: Basic and Applied Research, 51(2), 191–200. Retrieved from http://eprints.uad.ac.id/id/eprint/20150
Williams, C. K., Madupalli, R., Karahanna, E. & Duncan, B.K. (2014). Explaining Users' Security Behaviors with the Security Belief Model. Journal of Organizational and End User Computing, 26(3), 23-46. https://doi.org/10.4018/joeuc.2014070102
Williams, E. J., Hinds, J. & Joinson, A. N. (2018). Exploring susceptibility to phishing in the workplace. International Journal of Human Computer Studies, 120, 1–13. https://doi.org/10.1016/j.ijhcs.2018.06.004
International Journal of Information Science and Management (IJISM)
Volume 21, Issue 1 - Serial Number 1
January 2023
Pages 245-262
Files
History
  • Receive Date: 17 April 2022
  • Revise Date: 26 December 2022
  • Accept Date: 26 December 2022
Share
How to cite
Statistics