Rewind

We discuss the importance of understanding psychological aspects of phishing, and review some recent findings. Given these findings, we critique some commonly used security practices and suggest and review alternatives, including educational approaches. We suggest a...

This study aimed to reveal a baseline level of phishing success, finding a success rate of 16% when phishing emails were sent from unknown senders, rising to a full 72% when phishing emails appeared to be from known senders.    

Fear appeals have long been used in persuasive messages to motivate people to perform adaptive behaviors. This research explored the influence of a fear appeal message concerning breast cancer on attitude accessibility. Messages advocating the efficacy of breast...

Although many of the concepts included in cyber security awareness training are universal, such training often must be tailored to address the policies and requirements of a particular organization. In addition, many forms of training fail because they are rote and do...

Wireless networks are rapidly becoming ubiquitous but are often insecure and leave users responsible for their own security. We empirically study whether users are successfully securing their client computers when using wireless networks. Automated techniques are used...

This whitepaper discusses human vulnerabilities in full, including what they are, why they occur, how they can be mitigated, the challenges of mitigation and potential areas for further research.    

A paper on the factors that make phishing emails and web pages appear authentic and on the factors that make legitamate content appear dubious. Authors draw nine conclusions.  

Context-sensitive guidance (CSG) can help users make better security decisions. Applications with CSG ask the user to provide relevant context information. Based on such information, these applications then decide or suggest an appropriate course of action. However,...

We argue that phishing IQ tests fail to measure susceptibility to phishing attacks. We conducted a study where 40 subjects were asked to answer a selection of questions from existing phishing IQ tests in which we varied the portion (from 25% to 100%) of the questions...

This paper analyses 111 'Nigerian' emails, concluding typical emails draw on a predictable form, purpose and tone designed to appeal to greed, charity, heroism, and other powerful and compelling emotions, and thus trick victims.  

It is widely agreed that a key threat to information security is caused by careless employees who do not adhere to the information security policies of their organizations. In order to ensure that employees comply with the organization’s information security...

This study is a large scale investigation of trust manipulation tactics used by phishing web sites and email messages. The experiment focuses on media authenticity evaluations, rather than content credibility with the assumption that its authors are known. It tests...

The concept of an 'information security culture' is relatively new. A review of published research on the topic suggests that it is not the information security panacea that has been suggested. Instead it tends to refer to a range of existing techniques for addressing...

The key threat to IS security is constituted by careless employees who do not comply with IS security policies. To ensure that employees comply with organizations' IS security procedures, a number of IS security policy compliance means have been proposed in the past....

This paper emphasizes that an information security solution is a crucial element for any organization. One of the main challenges in integrating information security into an organization is the actions and behaviors of employees. For information security to become...

This study reports on what everday user do when they come across suspicious emails. An analysis suggests people can manage risks they're familiar with but are unable to extrapolate their strategies to deal with unfamiliar risks.