Show simple item record

AuthorAhmed, Aleroud
AuthorAbu-Shanab, Emad
AuthorAl-Aiad, Ahmad
AuthorAlshboul, Yazan
Available date2022-10-24T09:59:28Z
Publication Date2020-09-26
Publication NameJournal of Information Security and Applications
Identifierhttp://dx.doi.org/10.1016/j.jisa.2020.102614
CitationAleroud, A., Abu-Shanab, E., Al-Aiad, A., & Alshboul, Y. (2020). An examination of susceptibility to spear phishing cyber attacks in non-English speaking communities. Journal of Information Security and Applications, 55, 102614.
ISSN2214-2126
URIhttps://www.sciencedirect.com/science/article/pii/S2214212620307791
URIhttp://hdl.handle.net/10576/35380
AbstractPurposeSpear phishing is a fraudulent practice that targets specific and well-researched users in an organization to collect their credentials. Previous studies have addressed the underlying drivers that significantly influence susceptibility to spear phishing. However, findings may not be generalized to other cultures and environments such as the developing Non-English-speaking countries. To fill this knowledge gap, this research investigated the drivers that affect susceptibility to spear phishing in the Middle Eastern culture. We proposed and tested a theoretical model that explains users' behavior toward phishing material in the context of Non-English-speaking countries. Design/Methodology/ApproachWe created the proposed model relying on the perceived risk theory, the theory of planned behavior, and the OSIR decision making model. The proposed model addressed the impact of information privacy risks, information security risks, and information security knowledge on the susceptibility to spear phishing attacks through the moderating trust construct. The study was conducted in Jordan, a developing and Non-English-speaking country in the Middle East. We designed a lab experiment to evaluate the robustness of the proposed model based on a multistage research, where 83 university students used a phishing website then answered a related survey. Collected data were empirically tested and evaluated using Partial Least Square Analysis and Structural Equation Modeling. FindingsThe results demonstrated the influence of the identified factors on the susceptibility to spear phishing. The study may provide an assistance in evaluating and selecting tools, methods and features for handling targeted types of phishing. Originality/ValueThere are several novel aspects in this study. 1) the experimental nature of study, where we used a real-life spear phishing scenario. 2) the nature of the targeted websites. We created spoofed pages of two webpages that provide academic activities, where students’ level of trust in those websites is likely higher than other websites. 3) the investigation of the mediation role of trust construct, particularly within a university environment, is a new direction in susceptibility to spear phishing. Unlike existing models that measure the direct effect of personality characteristics on phishing susceptibility, our model introduces trust attitude as an aggregation of positive and negative security-privacy interpretations. Finally, the study was conducted in a developing country environment where the Arabic Language is used in initiating and executing the attack.
Languageen
PublisherElsevier
SubjectSpear phishing
Phishing susceptibility
Social engineering
Security risk
Privacy risk
Trust
non-English-speaking countries
TitleAn examination of susceptibility to spear phishing cyber attacks in non-English speaking communities
TypeArticle
Volume Number55
ESSN2214-2134
dc.accessType Full Text


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record