School of Computer and Information Science, Edith Cowan University, Perth, Western Australia
Social engineering is a significant problem involving technical and nontechnical ploys in order to acquire information from unsuspecting users. This paper presents an assessment of user awareness of such methods in the form of email phishing attacks. Our experiment used a webbased survey, which presented a mix of 20 legitimate and illegitimate emails, and asked participants to classify them and explain the rationale for their decisions. This assessment shows that the 179 participants were 36% successful in identifying legitimate emails, versus 45% successful in spotting illegitimate ones. Additionally, in many cases, the participants who identified illegitimate emails correctly could not provide convincing reasons for their selections.