Phishing for phishing awareness

Using various social-engineering techniques, criminals run havoc on the Internet and defraud many people in a number of different ways. This puts various organisational communities at risk. Therefore, it is important that people within such communities should learn how to protect themselves when active in cyberspace, or when dealing with cyber-related technologies. Training can indeed play a big role in this regard, and consequently, assist by altering the insecure behaviour of many people. The objective of this article is to ascertain whether simulating phishing attacks together with embedded training can contribute towards cultivating users’ resistance towards ‘phishing attacks’. In order to achieve this objective, a phishing exercise at an institution in South Africa was conducted.

[1]  Markus Jakobsson,et al.  Designing ethical phishing experiments: a study of (ROT13) rOnl query features , 2006, WWW '06.

[2]  Greg Aaron The state of phishing , 2010 .

[3]  JakobssonMarkus,et al.  Why and How to Perform Fraud Experiments , 2008, S&P 2008.

[4]  John Pawlowski,et al.  Education on-demand: the development of a simulator-based medical education service. , 2002, Academic medicine : journal of the Association of American Medical Colleges.

[5]  Lorrie Faith Cranor,et al.  School of phish: a real-world evaluation of anti-phishing training , 2009, SOUPS.

[6]  Mohammad Zulkernine,et al.  Trustworthiness testing of phishing websites: A behavior model-based approach , 2012, Future Gener. Comput. Syst..

[7]  Einar Snekkenes,et al.  Measuring Resistance to Social Engineering , 2005, ISPEC.

[8]  Rossouw von Solms,et al.  Social Engineering: Towards A Holistic Solution , 2010, SAISMC.

[9]  A. Hughes Oxford English Dictionary. , 2008, Isis; an international review devoted to the history of science and its cultural influences.

[10]  A. J. Ferguson Fostering E-Mail Security Awareness: The West Point Carronade , 2005 .

[11]  Lorrie Faith Cranor,et al.  Anti-Phishing Phil: the design and evaluation of a game that teaches people not to fall for phish , 2007, SOUPS '07.

[12]  Lorrie Faith Cranor,et al.  Teaching Johnny not to fall for phish , 2010, TOIT.

[13]  Hennie A. Kruger,et al.  Identity Theft - Empirical evidence from a Phishing Exercise , 2007, SEC.

[14]  R. Burchfield Oxford English dictionary , 1982 .

[15]  Ronald C. Dodge,et al.  Phishing for user security awareness , 2007, Comput. Secur..

[16]  Raj Sharman,et al.  Handbook of Research on Social and Organizational Liabilities in Information Security , 2008 .

[17]  Rick Wash,et al.  Organization Interfaces—collaborative computing General Terms , 2022 .

[18]  Douglas P. Twitchell Social Engineering and its Countermeasures , 2009 .

[19]  Fadi A. Thabtah,et al.  Intelligent phishing detection system for e-banking using fuzzy data mining , 2010, Expert Syst. Appl..

[20]  I. Mann Hacking the Human: Social Engineering Techniques and Security Countermeasures , 2008 .

[21]  Markus Jakobsson,et al.  Using Cartoons to Teach Internet Security , 2008, Cryptologia.