Vulnerability of Students of Masaryk University to Two Different Types of Phishing

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14230%2F24%3A00138044" target="_blank" >RIV/00216224:14230/24:00138044 - isvavai.cz</a>

Výsledek na webu

<a href="https://www.acigjournal.com/Vulnerability-of-Students-of-Masaryk-University-to-Two-Different-Types-of-Phishing,190268,0,2.html" target="_blank" >https://www.acigjournal.com/Vulnerability-of-Students-of-Masaryk-University-to-Two-Different-Types-of-Phishing,190268,0,2.html</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.60097/ACIG/190268" target="_blank" >10.60097/ACIG/190268</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Vulnerability of Students of Masaryk University to Two Different Types of Phishing

Popis výsledku v původním jazyce

According to the European Union Agency for Cybersecurity’s (ENISA) Threat Landscape (ETL) report 2020, phishing is the most commonly used type of cyberattack. Phishing is the technique of delivering false communications that appear to be from a real and respectable source, typically via e-mail or text message. The attacker aims to steal money, obtain access to sensitive data, and login information, or install malware on the victim’s device. Data from the same report shows that during the COVID-19 pandemic, phishing attacks increased by 667% in one month. Simultaneously, warnings about expected waves of phishing e-mails at Masaryk University in Czechia were encountered more often. However, at the time this article was written, there was de facto no anti-phishing research dealing with the problem of phishing attacks on Czech universities. The present article focuses on unintentional human error on the side of students of Masaryk University. The main aim of this article is to uncover the profile of the user who is most prone to victimisation of phishing in the university setting. These results were achieved by performing two real-life phishing simulations. Data suggests that female students are more prone to crash for targeted e-mails. At the same time, all students are more susceptible to spear-phishing attacks than to the generic ones. Findings are explained by analysing the empirical results of the two real-life phishing attacks conducted.

Název v anglickém jazyce

Vulnerability of Students of Masaryk University to Two Different Types of Phishing

Popis výsledku anglicky

According to the European Union Agency for Cybersecurity’s (ENISA) Threat Landscape (ETL) report 2020, phishing is the most commonly used type of cyberattack. Phishing is the technique of delivering false communications that appear to be from a real and respectable source, typically via e-mail or text message. The attacker aims to steal money, obtain access to sensitive data, and login information, or install malware on the victim’s device. Data from the same report shows that during the COVID-19 pandemic, phishing attacks increased by 667% in one month. Simultaneously, warnings about expected waves of phishing e-mails at Masaryk University in Czechia were encountered more often. However, at the time this article was written, there was de facto no anti-phishing research dealing with the problem of phishing attacks on Czech universities. The present article focuses on unintentional human error on the side of students of Masaryk University. The main aim of this article is to uncover the profile of the user who is most prone to victimisation of phishing in the university setting. These results were achieved by performing two real-life phishing simulations. Data suggests that female students are more prone to crash for targeted e-mails. At the same time, all students are more susceptible to spear-phishing attacks than to the generic ones. Findings are explained by analysing the empirical results of the two real-life phishing attacks conducted.

Druh

J_ost - Ostatní články v recenzovaných periodicích

CEP obor

—

OECD FORD obor

50601 - Political science

Projekt

—

Návaznosti

I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace

Rok uplatnění

2024

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název periodika

Applied Cybersecurity & Internet Governance

ISSN

2956-3119

e-ISSN

2956-4395

Svazek periodika

3

Číslo periodika v rámci svazku

2

Stát vydavatele periodika

PL - Polská republika

Počet stran výsledku

18

Strana od-do

268-285

Kód UT WoS článku

—

EID výsledku v databázi Scopus

—