Assessing end-user awareness of social engineering and phishing

Authors

A Karakasiliotis,, University of Plymouth
S M. Furnell, University of Plymouth
M Papadaki, University of Plymouth

Document Type

Conference Proceeding

Publisher

School of Computer and Information Science, Edith Cowan University, Perth, Western Australia

Comments

7th Australian Information Warfare and Security Conference, Edith Cowan University, Perth Western Australia, 4th - 5th December, 2006.

Abstract

Social engineering is a significant problem involving technical and nontechnical ploys in order to acquire information from unsuspecting users. This paper presents an assessment of user awareness of such methods in the form of email phishing attacks. Our experiment used a webbased survey, which presented a mix of 20 legitimate and illegitimate emails, and asked participants to classify them and explain the rationale for their decisions. This assessment shows that the 179 participants were 36% successful in identifying legitimate emails, versus 45% successful in spotting illegitimate ones. Additionally, in many cases, the participants who identified illegitimate emails correctly could not provide convincing reasons for their selections.

DOI

10.4225/75/57a80e47aa0cb