عرض بسيط للتسجيلة

المؤلفAhmed, Aleroud
المؤلفAbu-Shanab, Emad
المؤلفAl-Aiad, Ahmad
المؤلفAlshboul, Yazan
تاريخ الإتاحة2022-10-24T09:59:28Z
تاريخ النشر2020-09-26
اسم المنشورJournal of Information Security and Applications
المعرّفhttp://dx.doi.org/10.1016/j.jisa.2020.102614
الاقتباسAleroud, A., Abu-Shanab, E., Al-Aiad, A., & Alshboul, Y. (2020). An examination of susceptibility to spear phishing cyber attacks in non-English speaking communities. Journal of Information Security and Applications, 55, 102614.
الرقم المعياري الدولي للكتاب2214-2126
معرّف المصادر الموحدhttps://www.sciencedirect.com/science/article/pii/S2214212620307791
معرّف المصادر الموحدhttp://hdl.handle.net/10576/35380
الملخصPurposeSpear phishing is a fraudulent practice that targets specific and well-researched users in an organization to collect their credentials. Previous studies have addressed the underlying drivers that significantly influence susceptibility to spear phishing. However, findings may not be generalized to other cultures and environments such as the developing Non-English-speaking countries. To fill this knowledge gap, this research investigated the drivers that affect susceptibility to spear phishing in the Middle Eastern culture. We proposed and tested a theoretical model that explains users' behavior toward phishing material in the context of Non-English-speaking countries. Design/Methodology/ApproachWe created the proposed model relying on the perceived risk theory, the theory of planned behavior, and the OSIR decision making model. The proposed model addressed the impact of information privacy risks, information security risks, and information security knowledge on the susceptibility to spear phishing attacks through the moderating trust construct. The study was conducted in Jordan, a developing and Non-English-speaking country in the Middle East. We designed a lab experiment to evaluate the robustness of the proposed model based on a multistage research, where 83 university students used a phishing website then answered a related survey. Collected data were empirically tested and evaluated using Partial Least Square Analysis and Structural Equation Modeling. FindingsThe results demonstrated the influence of the identified factors on the susceptibility to spear phishing. The study may provide an assistance in evaluating and selecting tools, methods and features for handling targeted types of phishing. Originality/ValueThere are several novel aspects in this study. 1) the experimental nature of study, where we used a real-life spear phishing scenario. 2) the nature of the targeted websites. We created spoofed pages of two webpages that provide academic activities, where students’ level of trust in those websites is likely higher than other websites. 3) the investigation of the mediation role of trust construct, particularly within a university environment, is a new direction in susceptibility to spear phishing. Unlike existing models that measure the direct effect of personality characteristics on phishing susceptibility, our model introduces trust attitude as an aggregation of positive and negative security-privacy interpretations. Finally, the study was conducted in a developing country environment where the Arabic Language is used in initiating and executing the attack.
اللغةen
الناشرElsevier
الموضوعSpear phishing
Phishing susceptibility
Social engineering
Security risk
Privacy risk
Trust
non-English-speaking countries
العنوانAn examination of susceptibility to spear phishing cyber attacks in non-English speaking communities
النوعArticle
رقم المجلد55
ESSN2214-2134
dc.accessType Full Text


الملفات في هذه التسجيلة

Thumbnail

هذه التسجيلة تظهر في المجموعات التالية

عرض بسيط للتسجيلة