Acta Informatica Pragensia 2018, 7(2), 138-151 | DOI: 10.18267/j.aip.1194904

A Users’ Awareness Study and Influence of Socio-Demography Perception of Anti-Phishing Security Tips

Abdul Orunsolu1, Omorinola Afolabi2, Simon Sodiya3, Adio Akinwale3
1 Department of Computer Science, Moshood Abiola Polytechnic, Ojere, P.M.B. 2210, Abeokuta, Nigeria
2 Department of General Studies, Moshood Abiola Polytechnic, Ojere, P.M.B. 2210, Abeokuta, Nigeria
3 Department of Computer Science, Federal University of Agriculture, Alabata, P.M.B 2240, Abeokuta, Nigeria

Security tips are now used as a method of priming online users from falling prey for fraudulent scams. These security tips usually come as email, SMS or online posts where they can be easily accessed by the users. In this work, phishing attacks are simulated with varying cues that are available in such fraudulent email messages, SMS and web pages were used to investigate the effectiveness of the security tips used by Nigerian banks to prime their customers of online threats. A total of 427 respondents, purposively selected from three tertiary institutions in Ogun State, participated in the study. Each respondent was asked to identify five messages with varying phishing cues to evaluate their understanding of the security tips messages. The results which were computed at 95% Confidence Interval, indicated that 58.91% failed on the first attribute, 58.59% failed on the second attribute while 58.73% failed on the third attribute. 74.24% of the participant could not correctly identify a fake email message (fourth attribute) while 76.71% could not correctly identify a phished bank verification number update message (fifth attribute). Using the Mann Whitney Test, the result further showed that overall, those who failed the test are significantly more than those who passed. Moreover, a regression model is proposed to evaluate the influence of the socio demographic factors used in the study. This result indicated that gender, academic qualification and user's computer knowledge significantly influences their ability to recognize phished messages.

Keywords: Anti-phishing, Electronic commerce, Phishing cues, Security tips, User awareness

Received: August 7, 2018; Accepted: November 4, 2018; Prepublished online: November 4, 2018; Published: December 31, 2018  Show citation

ACS AIP APA ASA Harvard Chicago Chicago Notes IEEE ISO690 MLA NLM Turabian Vancouver
Orunsolu, A., Afolabi, O., Sodiya, S., & Akinwale, A. (2018). A Users’ Awareness Study and Influence of Socio-Demography Perception of Anti-Phishing Security Tips. Acta Informatica Pragensia7(2), 138-151. doi: 10.18267/j.aip.119
Download citation

References

  1. Alsharnouby, M., Alaca, F., & Chiasson, S. (2015). Why phishing still works: User strategies for combating phishing attacks. International Journal of Human-Computer Studies, 82, 70-82. doi: 10.1016/j.ijhcs.2015.05.005 Go to original source...
  2. APWG. (2017). APWG Phishing Attack Trends Reports. Anti-Phishing Working Group. Retrieved August 27, 2018, from: https://www.antiphishing.org/resources/apwg-reports/
  3. Arachchilage N., & Love S. (2013). A game design framework for avoiding phishing attacks. Computers in Human Behavior, 29(3), 706-714. doi: 10.1016/j.chb.2012.12.018 Go to original source...
  4. Dhamija, R., Tygar, J.D. & Hearst, M. (2006). Why phishing works. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (pp. 581-590). New York: ACM. doi: 10.1145/1124772.1124861 Go to original source...
  5. Downs, J.S., Holbrook, M.B. & Cranor, L.F. (2006). Decision strategies and susceptibility to phishing. In Proceedings of the second symposium on Usable privacy and security (pp. 79-90). New York: ACM. doi: 10.1145/1143120.1143131 Go to original source...
  6. Hong, J. (2012). The state of phishing attacks. Communication of the ACM, 55(1), 74-81. doi: 10.1145/2063176.2063197 Go to original source...
  7. Jagatic, T., Johnson, N., Jakobsson, M. & Menczer, F. (2007). Social Phishing. Communications of the ACM, 50(10), 94-100. doi: 10.1145/1290958.1290968 Go to original source...
  8. Jakobsson, M. & Myers, S. A. (2007). Phishing and Countermeasures: Understanding the increasing problem of identity theft. New York: John Wiley & Sons. Go to original source...
  9. Konradt, C., Schilling, A., & Werners, B. (2016). Phishing: An economic analysis of cybercrime perpetrators. Computers & Security, 58, 39-46. doi: 10.1016/j.cose.2015.12.001 Go to original source...
  10. Kumaraguru, P., Rhee, Y.W., Acquisti, A., Cranor, L., Hong, J., & Nunge, E. (2007). Protecting People from Phishing: The Design and Evaluation of an Embedded Training Email System. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (pp. 905-914). New York: ACM. doi: 10.1145/1240624.1240760 Go to original source...
  11. Li, Y., Yang, L. & Ding, J. (2016). A minimum enclosing ball-based support vector machine approach for detection of phishing websites. Optik - International Journal for Light and Electron Optics, 127(1), 345-351. doi: 10.1016/j.ijleo.2015.10.078 Go to original source...
  12. Lin, J., & Lu T. (2000). Towards an understanding of the behavioral intention to use a website. International Journal of Information Management, 20(3), 197-208. doi: 10.1016/S0268-4012(00)00005-0 Go to original source...
  13. Longe, T. (2014). Ensuring Information Security Assurance through Policy Framework. In Proceedings of the First National Cyber Security Forum. Nigeria: Punch News.
  14. Maurer, M., & Hofer, L. (2012). Sophisticated Phishers Make More Spelling Mistakes: Using URL Similarity Against Phishing. In Cyberspace Safety and Security (pp. 414-426). Berlin: Springer. doi: 10.1007/978-3-642-35362-8_31 Go to original source...
  15. Neupane, A., Rahman, L., Saxena, N., & Hirshfield, L. (2015). A Multi-Modal Neuro-Physiological Study of Phishing Detection and Malware Warning. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (pp. 479-491). New York: ACM. doi: 10.1145/2810103.2813660 Go to original source...
  16. Orunsolu, A.A, Alaran, M.A, Bamgboye, O.O, Sodiya, A.S., & Omorinola, A.O. (2016). A User's Awareness Study of Anti-Phishing Security Tips. In Proceedings of the 2nd International Conference on Intelligent Computing and Emerging Technologies (pp. 46-55). Ilisan-Remo: Babcock University.
  17. PandaLabs Report. (2012). PandaLabs Annual Report - 2012. Retrieved September 30, 2018, from: https://www.pandasecurity.com/mediacenter/social-media/pandalabs-annual-report-2012/
  18. Parsons, K., McCormac, A., Pattinson, M., Butavicius, M., & Jerram, C. (2015). The design of phishing studies: Challenges for researchers. Computers & Security, 52, 194-206. doi: 10.1016/j.cose.2015.02.008 Go to original source...
  19. Ramanathan V., & Wechsler H. (2013). Phishing detection and impersonated entity discovery using Conditional Random Field and Latent Dirichlet Allocation. Computers & Security, 34, 123-139. doi: 10.1016/j.cose.2012.12.002 Go to original source...
  20. Sheng, S., Holbrook, M., Kumaraguru, P., Cranor, L.F. & Downs, J. (2010). Who falls for phish?: A demographic analysis of phishing susceptibility and the effectiveness of interventions. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (pp. 373-382). New York: ACM. doi: 10.1145/1753326.1753383 Go to original source...
  21. Vishwanath, A. (2016). Mobile device affordance: Explicating how smartphones influence the outcome of phishing attacks. Computers in Human Behavior, 63, 198-207. doi: 10.1016/j.chb.2016.05.035 Go to original source...

This is an open access article distributed under the terms of the Creative Commons Attribution 4.0 International License (CC BY 4.0), which permits use, distribution, and reproduction in any medium, provided the original publication is properly cited. No use, distribution or reproduction is permitted which does not comply with these terms.