Phishing and Cybercrime Risks in a University Student Community

Roderic Broadhurst, Katie Skinner, Nick Sifniotis, Bryan Matamoros Macias, Yuguang Ipsen

    Research output: Contribution to journalArticle

    Abstract

    In an exploratory quasi-experimental observational study, 138 participants recruited during a university orientation week were exposed to social engineering directives in the form of fake email or phishing attacks over several months in 2017. These email attacks attempted to elicit personal information from participants or entice them into clicking links which may have been compromised in a real-world setting. The study aimed to determine the risks of cybercrime for students by observing their responses to social engineering and exploring attitudes to cybercrime risks before and after the phishing phase. Three types of scam emails were distributed that varied in the degree of individualization: generic, tailored, and targeted or ‘spear.’ To differentiate participants on the basis of cybercrime awareness, participants in a ‘Hunter’ condition were primed throughout the study to remain vigilant to all scams, while participants in a ‘Passive’ condition received no such instruction. The study explored the influence of scam type, cybercrime awareness, gender, IT competence, and perceived Internet safety on susceptibility to email scams. Contrary to the hypotheses, none of these factors were associated with scam susceptibility. Although, tailored and individually crafted email scams were more likely to induce engagement than generic scams. Analysis of all the variables showed that international students and first year students were deceived by significantly more scams than domestic students and later year students. A Generalized Linear Model (GLM) analysis was undertaken to further explore the role of all the variables of interest and the results were consistent with the descriptive findings showing that student status (domestic compared to international) and year of study (first year student compared to students in second, third and later years of study) had a higher association to the risk of scam deception. Implications and future research directions are discussed.
    Original languageEnglish
    Pages (from-to)4-23pp
    JournalInternational Journal of Cybersecurity Intelligence and Cybercrime
    Volume2
    Issue number1
    DOIs
    Publication statusPublished - 2019

    Fingerprint Dive into the research topics of 'Phishing and Cybercrime Risks in a University Student Community'. Together they form a unique fingerprint.

    Cite this