nach oben

Erschienen in:

2022 | OriginalPaper | Buchkapitel

Understanding Phishing in Mobile Instant Messaging: A Study into User Behaviour Toward Shared Links

verfasst von : Rufai Ahmad, Sotirios Terzis

Erschienen in: Human Aspects of Information Security and Assurance

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

In recent years, users of Mobile Instant Messaging (MIM) apps like WhatsApp and Telegram are being targeted by phishing attacks. While user susceptibility to phishing in other media is well studied, the literature currently lacks studies on phishing susceptibility in MIM apps. This paper presents a study that offers the first insights into the susceptibility of users of MIM apps to phishing by investigating their behaviour towards shared links. Using an online survey, we collected data from 111 users of MIM apps and found that participants frequently click and forward links during instant messaging, while factors such as the user’s relationship with the sender and the group context of the communication influence these behaviours. The results show that behaviours of most users towards shared links try to reduce their risk to phishing by trusting their friends, family and colleagues to protect them. This raises some interesting questions for further research on the effectiveness and reliability of their strategy.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel A Model for Information Security Culture with Innovation and Creativity as Enablers

Nächstes Kapitel How Privacy Concerns Impact Swedish Citizens’ Willingness to Report Crimes

NCSC: Phishing attacks: defending your organisation. https://www.ncsc.gov.uk/guidance/phishing (2018). Accessed 25 Jan 2021

APWG: Phishing Activity Trend Report (4th Quarter 2021). https://docs.apwg.org/reports/apwg_trends_report_q4_2021.pdf?_ga=2.172997153.361044271.1647946096-1993957391.1647946096&_gl=1*1c9f67o*_ga*MTk5Mzk1NzM5MS4xNjQ3OTQ2MDk2*_ga_55RF0RHXSR*MTY0Nzk0NjA5NS4xLjEuMTY0Nzk0NzU0MC4w (2022)

Kaspersky: “Phishing in messenger apps – what’s new?”. https://www.kaspersky.com/about/press-releases/2021_phishing-in-messenger-apps-whats-new (2021). Accessed 4 Jan 2022

Statista: Number of mobile phone messaging app users worldwide from 2018 to 2022. https://www.statista.com/statistics/483255/number-of-mobile-messaging-users-worldwide/ (2021). Accessed 13 Apr 2021

Stivala, G., Pellegrino, G.: Deceptive previews: a study of the link preview trustworthiness in social platforms (2020)

Medvet, E., Kirda, E., Kruegel, C.: Visual-similarity-based phishing detection. In: Proceedings of the 4th international conference on Security and privacy in communication netowrks (SecureComm ‘08). Association for Computing Machinery, Article 22, pp. 1–6. New York, NY, USA (2008). https://doi.org/10.1145/1460877.1460905

Zhang, Y., Hong, J.I., Cranor, L.F.: Cantina: A content-based approach to detecting phishing web sites. In: Proceedings of the 16th International Conference on World Wide Web (WWW ‘07). Association for Computing Machinery, pp. 639–648. New York, NY, USA (2007). https://doi.org/10.1145/1242572.1242659

Kumaraguru, P., et al.: School of phish: A real-world evaluation of anti-phishing training. In: Proceedings of the 5th Symposium on Usable Privacy and Security (SOUPS ‘09). Association for Computing Machinery, Article 3, pp. 1–12. New York, NY, USA (2009). https://doi.org/10.1145/1572532.1572536

N. A. G. Arachchilage and M. Cole, “Design a mobile game for home computer users to prevent from “phishing attacks”. In: International Conference on Information Society (i-Society 2011), pp. 485–489 (2011). https://doi.org/10.1109/i-society18435.2011.5978543

10.

Volkamer, M., Renaud, K., Reinheimer, B.: Torpedo: tooltip-powered phishing email detection. In: Hoepman, J.-H., Katzenbeisser, S. (eds.) ICT Systems Security and Privacy Protection: 31st IFIP TC 11 International Conference, SEC 2016, Ghent, Belgium, May 30 - June 1, 2016, Proceedings, pp. 161–175. Springer International Publishing, Cham (2016). https://doi.org/10.1007/978-3-319-33630-5_12CrossRef

11.

Alsharnouby, M., Alaca, F., Chiasson, S.: Why phishing still works: user strategies for combating phishing attacks. Int. J. Hum. Comput. Stud. 82, 69–82 (2015). https://doi.org/10.1016/j.ijhcs.2015.05.005CrossRef

12.

Jayatilaka, A., Arachchilage, N.A.G., Babar, M.A.: Falling for phishing: an empirical investigation into people’s email response behaviors. arXiv Prepr. arXiv:2108.04766 (2021)

13.

Parsons, K., Butavicius, M., Pattinson, M., Calic, D., Mccormac, A., Jerram, C.: Do users focus on the correct cues to differentiate between phishing and genuine emails? arXiv Prepr. arXiv:1605.04717 (2016)

14.

Parsons, K., Butavicius, M., Delfabbro, P., Lillie, M.: Predicting susceptibility to social influence in phishing emails. Int. J. Hum. Comput. Stud. 128, 17–26 (2019)CrossRef

15.

Albakry, S., Vaniea, K., Wolters, M.K.: What is this URL’s destination? empirical evaluation of users’ URL reading. In: Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems. Association for Computing Machinery, pp. 1–12. New York, NY, USA (2020). https://doi.org/10.1145/3313831.3376168

16.

Workman, M.: Wisecrackers: A theory-grounded investigation of phishing and pretext social engineering threats to information security. J. Am. Soc. Inf. Sci. Technol. 59(4), 662–674 (2008)CrossRef

17.

Moody, G.D., Galletta, D.F., Dunn, B.K.: Which phish get caught? an exploratory study of individuals′ susceptibility to phishing. Eur. J. Inf. Syst. 26(6), 564–584 (2017)CrossRef

18.

Jagatic, T.N., Johnson, N.A., Jakobsson, M., Menczer, F.: Social phishing. Commun. ACM 50(10), 94–100 (2007)CrossRef

19.

Church, K., De Oliveira, R.: What’s up with WhatsApp? Comparing mobile instant messaging behaviors with traditional SMS. In: Proceedings of the 15th International Conference on Human-computer interaction with mobile devices and services (MobileHCI ‘13), pp. 352–361. Association for Computing Machinery, New York, NY, USA (2013). https://doi.org/10.1145/2493190.2493225

20.

Loxdal, J., Andersson, M., Hacks, S., Lagerström, R.: Why phishing works on smartphones: a preliminary study. In: HICSS, pp. 1–10 (2021)

21.

Ndibwile, J.D., Luhanga, E.T., Fall, D., Miyamoto, D., Kadobayashi, Y.: A comparative study of smartphone-user security perception and preference towards redesigned security notifications. In: Proceedings of the Second African Conference for Human Computer Interaction: Thriving Communities, pp. 1–6 (2018)

22.

Vidas, T., Owusu, E., Wang, S., Zeng, C., Cranor, L.F., Christin, N.: QRishing: The susceptibility of smartphone users to QR code phishing attacks. In: Adams, A.A., Brenner, M., Smith, M. (eds.) FC 2013. LNCS, vol. 7862, pp. 52–69. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-41320-9_4CrossRef

23.

Rashidi, Y., Vaniea, K., Camp, L.J.: Understanding Saudis’ privacy concerns when using WhatsApp. In: Proceedings of the Workshop on Usable Security (USEC’16), pp. 1–8 (2016)

24.

Jamieson, S.: Likert scales: How to (ab) use them? Med. Educ. 38(12), 1217–1218 (2004)CrossRef

25.

Norman, G.: Likert scales, levels of measurement and the ‘laws’ of statistics. Adv. Heal. Sci. Educ. 15(5), 625–632 (2010)CrossRef

26.

Tankovska, H.: Most popular global mobile messenger apps as of January 2021, based on number of monthly active users. https://www.statista.com/statistics/258749/most-popular-global-mobile-messenger-apps/ (2021). Accessed 11 Apr 2021

27.

Sultan, A.J.: Addiction to mobile text messaging applications is nothing to ‘lol’ about. Soc. Sci. J. S1, 57–69 (2014). https://doi.org/10.1016/j.soscij.2013.09.003CrossRef

28.

Frauenstein, E.D., Flowerday, S.V.: Social network phishing: Becoming habituated to clicks and ignorant to threats? In 2016 Information Security for South Africa (ISSA), pp. 98–105 (2016)

Titel: Understanding Phishing in Mobile Instant Messaging: A Study into User Behaviour Toward Shared Links
verfasst von: Rufai Ahmad
Sotirios Terzis
Verlag: Springer International Publishing
Buch: Human Aspects of Information Security and Assurance
Print ISBN: 978-3-031-12171-5

Electronic ISBN: 978-3-031-12172-2

Copyright-Jahr: 2022
DOI: https://doi.org/10.1007/978-3-031-12172-2_15

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner