Spear phishing in organisations explained-Reference-Cited by-同舟云学术

Spear phishing in organisations explained

Published:2017-11-13 Issue:5 Volume:25 Page:593-613
ISSN:2056-4961
Container-title:Information & Computer Security
language:en
Short-container-title:ICS

Author:

Bullee Jan-Willem,Montoya Lorena,Junger Marianne,Hartel Pieter

Abstract

Purpose The purpose of this study is to explore how the opening phrase of a phishing email influences the action taken by the recipient. Design/methodology/approach Two types of phishing emails were sent to 593 employees, who were asked to provide personally identifiable information (PII). A personalised spear phishing email opening was randomly used in half of the emails. Findings Nineteen per cent of the employees provided their PII in a general phishing email, compared to 29 per cent in the spear phishing condition. Employees having a high power distance cultural background were more likely to provide their PII, compared to those with a low one. There was no effect of age on providing the PII requested when the recipient’s years of service within the organisation is taken into account. Practical implications This research shows that success is higher when the opening sentence of a phishing email is personalised. The resulting model explains victimisation by phishing emails well, and it would allow practitioners to focus awareness campaigns to maximise their effect. Originality/value The innovative aspect relates to explaining spear phishing using four socio-demographic variables.

Publisher

Emerald

Subject

Management of Technology and Innovation,Information Systems and Management,Computer Networks and Communications,Information Systems,Software,Management Information Systems

Reference72 articles.

1. Phishing IQ tests measure fear, not ability;Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 4886 LNCS,2007

2. Susceptibility of practical phishing attacks in academic fields,2015

3. Risk aversion and physical prowess: prediction, choice and Bias;Journal of Risk and Uncertainty,2010

4. Preference parameters and behavioral heterogeneity: an experimental approach in the health and retirement study;The Quarterly Journal of Economics,1997

5. Belmont Report (1979), The Belmont Report: Ethical Principles and Guidelines for the Protection of Human Subjects of Research, The Commission.

Cited by 37 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Do Personality Traits Really Impact Susceptibility to Persuasion in Social Engineering? A Study Among UK and Arab Samples;2024-09-02

2. Can serious gaming tactics bolster spear-phishing and phishing resilience? : Securing the human hacking in Information Security;Information and Software Technology;2024-06

3. Internet-Based Social Engineering Psychology, Attacks, and Defenses: A Survey;Proceedings of the IEEE;2024-03

4. Cognition in Social Engineering Empirical Research: A Systematic Literature Review;ACM Transactions on Computer-Human Interaction;2024-01-29

5. Who will take the bait? Using an embedded, experimental study to chart organization-specific phishing risk profiles and the effect of a voluntary microlearning among employees of a Dutch municipality;Journal of Cybersecurity;2024