This dissertation addresses the problem of practice of the high rate of employees in financial organizations clicking on phishing links, positioning their companies at risk of a data incident or breach. The financial sector was the most breached industry in 2022 (Schwartz, 2022) and was impacted the most by malicious phishing emails (Trellix…

This article is the second of a two-part series on best practices in receiving digital documents. Part I focused on national databases, third-party digital repositories, institutional websites, and certified documents. Part II looks at a problematic and prevalent of digital records options: email attachments. It discusses the security of email and…

Phishing is a common social engineering attack aimed to steal personal information. Universities attract phishing attacks because: (1) they store employees and students sensitive data; (2) they save confidential documents; and (3) their infrastructures often lack security. In this paper, we showcase a phishing assessment at the University of…

Prevalent security threats caused by human errors necessitate security education, training, and awareness (SETA) programs in organizations. Despite strong theoretical foundations in behavioral cybersecurity, field evidence on the effectiveness of SETA programs in mitigating actual threats is scarce. Since memory decay will inevitably occur after…

Phishing research presents conflicting findings regarding the psychological predictors of phishing susceptibility. The present work aimed to resolve these discrepancies by utilizing a diverse online sample and email set. Participants completed a survey that included an email classification task and measured several individual differences,…

Every electronic message poses some threat of being a phishing attack. If recipients underestimate that threat, they expose themselves, and those connected to them, to identity theft, ransom, malware, or worse. If recipients overestimate that threat, then they incur needless costs, perhaps reducing their willingness and ability to respond over…

Cybersecurity is crucial at present because cyber threats (e.g., phishing) have become a very common occurrence in everyday life. A literature review showed that there are no studies based on cybersecurity awareness which involved a large number of Thai users. Thus, this research focused on the cybersecurity awareness of approximately 20,000…

A high number of cyber breaches in organizations occur as a result of email phishing attempts. Research has shown that cyber education has a positive impact in user awareness of attack methods resulting in the reduction of compromises from email phishing attempts. However, in some instances, cyber education does not have a positive impact on the…

As the digital world evolves, so does the risk of cyberattacks. Despite technology playing a vital role in nullifying these threats, the human factor is still regarded as one of the greatest weaknesses. End-user behavior is a major cause of information security breaches. This quantitative empirical study used a single-group, pre-post-test,…

Social engineering is a large problem in our modern technological world, but while conceptually understood, it is harder to teach compared to traditional pen testing techniques. This research details a class project where students implemented a phishing exercise against real-world targets. Through cooperation with an external corporate partner,…

Community colleges aren't quite as high on the list of hackers and scammers as institutions like banks, hospitals and four-year research universities, yet the institutional and personal data stored on their servers and in the online cloud can be valuable, so they need to lock down their data like any other entity. This requires a combination of…

Distracted users can fail to correctly distinguish the differences between legitimate and malicious emails or search engine results. Mobile phone users can have a more challenging time identifying malicious content due to the smaller screen size and the limited security features in mobile phone applications. Thus, the main goal of this research…

Email attacks comprise an overwhelming majority of the daily attacks on modern enterprise. "Phishing" is the leading attack vector for the world's most dangerous threats such as the so-called, Advanced Persistent Threat (APT), and hacktivist groups such as Anonymous and LulzSec. The leading mitigation strategy is a combination of user…

Technology is playing an increasingly significant role in people's lives. They use it for work, education, business and social activities; however, their use of different kinds of information communication technologies (ICTs) puts their personal information at risk. It is essential for everyone using ICTs to be aware of the potential information…

The majority of documented phishing attacks have been carried by email, yet few studies have measured the impact of email headers on the predictive accuracy of machine learning techniques in detecting email phishing attacks. Research has shown that the inclusion of a limited subset of email headers as features in training machine learning…