nach oben

Erschienen in:

2023 | OriginalPaper | Buchkapitel

Investigating Mobile Instant Messaging Phishing: A Study into User Awareness and Preventive Measures

verfasst von : Rufai Ahmad, Sotirios Terzis, Karen Renaud

Erschienen in: HCI for Cybersecurity, Privacy and Trust

Verlag: Springer Nature Switzerland

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Users of mobile instant messaging (MIM) applications (apps) are increasingly targeted by phishing attacks. MIM apps often lack technical countermeasures for protecting users from phishing. Thus, users need to take preventive measures against phishing threats. Measures include awareness of the threat and the adoption of phishing preventive behaviours. This study adds to the literature by exploring these measures. Using an online survey, we collected data from 111 users of MIM apps and examined their awareness of the phishing attacks targeting them and the preventive measures they take. Previous studies showed that smartphone users exhibit poor security behaviour, which was mostly not the case in our sample, as we have found moderate awareness of phishing and the adoption of preventive measures by the participants. The results also showed several correlations between the participants’ adoption of preventive measures and their phishing self-efficacy, knowledge, and concern about phishing. These findings may be useful in developing user awareness strategies for combating phishing in MIM apps.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Cybersecurity as Part of Mission Assurance

Nächstes Kapitel Look Before You Leap! Perceptions and Attitudes Towards Inferences in Wearable Fitness Trackers

Statista. Number of mobile phone messaging app users worldwide from 2018 to 2022 (2021). https://www.statista.com/statistics/483255/number-of-mobile-messaging-users-worldwide/. Accessed 13 Apr 2021

Cao, H., Chen, Z., Cheng, M., Zhao, S., Wang, T., Li, Y.: You recommend, I buy: how and why people engage in instant messaging based social commerce. Proc. ACM Hum.-Comput. Interact. 5(CSCW1), 1–25 (2021). https://doi.org/10.1145/3449141CrossRef

Ramamoorthi, L.S., Peko, G., Sundaram, D.: Information security attacks on mobile messaging applications: procedural and technological responses. In: 2020 International Conference on Computational Science and Computational Intelligence (CSCI), pp. 275–281 (2020). https://doi.org/10.1109/CSCI51800.2020.00053

Kaspersky. “Phishing in messenger apps – what’s new?” (2021). https://www.kaspersky.com/about/press-releases/2021_phishing-in-messenger-apps-whats-new. Accessed 04 Jan 2022

Stivala, G., Pellegrino, G.: Deceptive Previews: A Study of the Link Preview Trustworthiness in Social Platforms (2020)

Ahmad, R., Terzis, S.: Understanding phishing in mobile instant messaging: a study into user behaviour toward shared links. In: Clarke, N., Furnell, S. (eds.) HAISA 2022. IFIPAICT, vol. 658, pp. 197–206. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-12172-2_15CrossRef

Becher, M., Freiling, F.C., Hoffmann, J., Holz, T., Uellenbeck, S., Wolf, C.: Mobile security catching up? Revealing the nuts and bolts of the security of mobile devices. In: 2011 IEEE Symposium on Security and Privacy, pp. 96–111 (2011). https://doi.org/10.1109/SP.2011.29

Parker, F., Ophoff, J., Van Belle, J.-P., Karia, R.: Security awareness and adoption of security controls by smartphone users. In: 2015 Second International Conference on Information Security and Cyber Forensics (InfoSec), pp. 99–104 (2015). https://doi.org/10.1109/InfoSec.2015.7435513

Kim, D., Shin, D., Shin, D., Kim, Y.-H.: Attack detection application with attack tree for mobile system using log analysis. Mob. Netw. Appl. 24(1), 184–192 (2019)CrossRef

10.

Khonji, M., Iraqi, Y., Jones, A.: Phishing detection: a literature survey. IEEE Commun. Surv. Tutor. 15(4), 2091–2121 (2013). https://doi.org/10.1109/SURV.2013.032213.00009CrossRef

11.

Netcraft. “Phishing protection, in your favourite browse” (2020). https://netcraft.app/browser/. Accessed 15 Mar 2020

12.

Rao, R.S., Vaishnavi, T., Pais, A.R.: CatchPhish: detection of phishing websites by inspecting URLs. J. Ambient. Intell. Humaniz. Comput. 11(2), 813–825 (2019). https://doi.org/10.1007/s12652-019-01311-4CrossRef

13.

Kumaraguru, P., Sheng, S., Acquisti, A., Cranor, L.F., Hong, J.: Teaching johnny not to fall for phish. ACM Trans. Internet Technol. (2010). https://doi.org/10.1145/1754393.1754396

14.

Kumaraguru, P.: PhishGuru: A System for Educating Users about Semantic Attacks. Carnegie Mellon University (2009)

15.

Cain, A.A., Edwards, M.E., Still, J.D.: An exploratory study of cyber hygiene behaviors and knowledge. J. Inf. Secur. Appl. Appl. 42, 36–45 (2018). https://doi.org/10.1016/j.jisa.2018.08.002CrossRef

16.

Shah, P., Agarwal, A.: Cybersecurity behaviour of smartphone users in India: an empirical analysis. Inf. Comput. Secur. 28(2), 293–318 (2020). https://doi.org/10.1108/ICS-04-2019-0041CrossRef

17.

McCormac, A., Zwaans, T., Parsons, K., Calic, D., Butavicius, M., Pattinson, M.: Individual differences and information security awareness. Comput. Hum. Behav. 69, 151–156 (2017). https://doi.org/10.1016/j.chb.2016.11.065CrossRef

18.

Whitty, M., Doodson, J., Creese, S., Hodges, D.: Individual differences in cyber security behaviors: an examination of who is sharing passwords. Cyberpsychol. Behav. Soc. Netw. 18(1), 3–7 (2015). https://doi.org/10.1089/cyber.2014.0179CrossRef

19.

Merdenyan, B., Petrie, H.: Generational differences in password management behaviour. In: Proceedings of the 32nd International BCS Human Computer Interaction Conference 32, pp. 1–10 (2018)

20.

Verkijika, S.F.: Understanding smartphone security behaviors: an extension of the protection motivation theory with anticipated regret. Comput. Secur. 77, 860–870 (2018). https://doi.org/10.1016/j.cose.2018.03.008CrossRef

21.

Arachchilage, N.A.G., Love, S.: Security awareness of computer users: a phishing threat avoidance perspective. Comput. Hum. Behav. 38, 304–312 (2014)CrossRef

22.

Verkijika, S.F.: ‘If you know what to do, will you take action to avoid mobile phishing attacks’: self-efficacy, anticipated regret, and gender. Comput. Hum. Behav. 101, 286–296 (2019). https://doi.org/10.1016/j.chb.2019.07.034CrossRef

23.

Safa, N.S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N.A., Herawan, T.: Information security conscious care behaviour formation in organizations. Comput. Secur. 53, 65–78 (2015). https://doi.org/10.1016/j.cose.2015.05.012CrossRef

24.

Torten, R., Reaiche, C., Boyle, S.: The impact of security awarness on information technology professionals’ behavior. Comput. Secur. 79, 68–79 (2018). https://doi.org/10.1016/j.cose.2018.08.007CrossRef

25.

Reeder, R.W., Ion, I., Consolvo, S.: 152 simple steps to stay safe online: Security advice for non-tech-savvy users. IEEE Secur. Priv. 15(5), 55–64 (2017). https://doi.org/10.1109/MSP.2017.3681050CrossRef

26.

Indiana University. “Phishing Education & Training” (2022). https://phishing.iu.edu/tips-and-strategies/index.html

27.

Dassanayake, D.: WhatsApp users warned not to trust fake Amazon anniversary free gift message (2021). https://www.express.co.uk/life-style/science-technology/1415675/WhatsApp-message-warning-Amazon-free-gift-scam. Accessed 15 Sept 2022

28.

Li, L., He, W., Xu, L., Ivan, A., Anwar, M., Yuan, X.: Does explicit information security policy affect employees’ cyber security behavior? A pilot study. In: 2014 Enterprise Systems Conference, pp. 169–173 (2014). https://doi.org/10.1109/ES.2014.66

29.

Liang, H., Xue, Y.L.: Understanding security behaviors in personal computer usage: a threat avoidance perspective. J. Assoc. Inf. Syst. 11(7), 1 (2010). https://doi.org/10.17705/1jais.00232CrossRef

30.

Rashidi, Y., Vaniea, K., Camp, L.J.: Understanding Saudis’ privacy concerns when using WhatsApp. In: Proceedings of the Workshop on Usable Security (USEC 2016), pp. 1–8 (2016)

31.

Jamieson, S.: Likert scales: how to (ab) use them? Med. Educ. 38(12), 1217–1218 (2004)CrossRef

32.

Norman, G.: Likert scales, levels of measurement and the ‘laws’ of statistics. Adv. Heal. Sci. Educ. 15(5), 625–632 (2010)CrossRef

33.

Boone, H.N., Boone, D.A.: Analyzing likert data. J. Ext. 50(2), 1–5 (2012)

34.

Albakry, S., Vaniea, K., Wolters, M.K.: What is this URL’s destination? Empirical evaluation of users’ URL reading. In: Proceedings of the Conference on Human Factors in Computing Systems, pp. 1–12 (2020) https://doi.org/10.1145/3313831.3376168

35.

Cronbach, L.J.: Coefficient alpha and the internal structure of tests. Psychometrika 16(3), 297–334 (1951)CrossRefMATH

36.

Pallant, J.: SPSS Survival Manual: A Step by Step Guide to Data Analysis Using SPSS for Windows, 3rd edn. McGraw Hill Open University Press, New York (2007)

37.

Aldaraani, N., Petrie, H., Shahandashti, S.F.: Online security attack experience and worries of young adults in the United Kingdom. In: Clarke, N., Furnell, S. (eds.) HAISA 2022, pp. 300–309. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-12172-2_24CrossRef

Titel: Investigating Mobile Instant Messaging Phishing: A Study into User Awareness and Preventive Measures
verfasst von: Rufai Ahmad
Sotirios Terzis
Karen Renaud
Verlag: Springer Nature Switzerland
Buch: HCI for Cybersecurity, Privacy and Trust
Print ISBN: 978-3-031-35821-0

Electronic ISBN: 978-3-031-35822-7

Copyright-Jahr: 2023
DOI: https://doi.org/10.1007/978-3-031-35822-7_26

Neuer Inhalt

Bildnachweise

VDI-Icon, Profil Icon, inhalt2, Springer Professional Modul/© Springer Fachmedien Wiesbaden GmbH, Zukunftswerkstatt Sales Excellence_ieS/© Springer Fachmedien Wiesbaden GmbH, Search Icon, Banner Hanser, Bunte Männchen, die Kunden darstelle, werden von einem riesigen Magneten angezogen. /© Oleksiy Mark, Dr. Daniel Schneider/© Fraunhofer IESE, Interview Level Ten PPA Bild/© LevelTen, Zeitschrift Wissensmanagement Cover, PatentFit-Logo/© Springer Fachmedien Wiesbaden GmbH, Zukunftswerkstatt Sales Excellence 2024/© AndreyPopov / Getty Images / iStock, 2023_Antrieb/© supervisuell, ATZ-Webinar: Prototypenfreie Entwicklung durch Offline- und Driver-in-the-Loop-HiL-Tests /© (c) VI-grade

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Neuer Inhalt

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.