This dissertation addresses the problem of practice of the high rate of employees in financial organizations clicking on phishing links, positioning their companies at risk of a data incident or breach. The financial sector was the most breached industry in 2022 (Schwartz, 2022) and was impacted the most by malicious phishing emails (Trellix…

Phishing is a common social engineering attack aimed to steal personal information. Universities attract phishing attacks because: (1) they store employees and students sensitive data; (2) they save confidential documents; and (3) their infrastructures often lack security. In this paper, we showcase a phishing assessment at the University of…

Prevalent security threats caused by human errors necessitate security education, training, and awareness (SETA) programs in organizations. Despite strong theoretical foundations in behavioral cybersecurity, field evidence on the effectiveness of SETA programs in mitigating actual threats is scarce. Since memory decay will inevitably occur after…

Cybersecurity is crucial at present because cyber threats (e.g., phishing) have become a very common occurrence in everyday life. A literature review showed that there are no studies based on cybersecurity awareness which involved a large number of Thai users. Thus, this research focused on the cybersecurity awareness of approximately 20,000…

A high number of cyber breaches in organizations occur as a result of email phishing attempts. Research has shown that cyber education has a positive impact in user awareness of attack methods resulting in the reduction of compromises from email phishing attempts. However, in some instances, cyber education does not have a positive impact on the…

As the digital world evolves, so does the risk of cyberattacks. Despite technology playing a vital role in nullifying these threats, the human factor is still regarded as one of the greatest weaknesses. End-user behavior is a major cause of information security breaches. This quantitative empirical study used a single-group, pre-post-test,…

Social engineering is a large problem in our modern technological world, but while conceptually understood, it is harder to teach compared to traditional pen testing techniques. This research details a class project where students implemented a phishing exercise against real-world targets. Through cooperation with an external corporate partner,…

Community colleges aren't quite as high on the list of hackers and scammers as institutions like banks, hospitals and four-year research universities, yet the institutional and personal data stored on their servers and in the online cloud can be valuable, so they need to lock down their data like any other entity. This requires a combination of…

Distracted users can fail to correctly distinguish the differences between legitimate and malicious emails or search engine results. Mobile phone users can have a more challenging time identifying malicious content due to the smaller screen size and the limited security features in mobile phone applications. Thus, the main goal of this research…

Email attacks comprise an overwhelming majority of the daily attacks on modern enterprise. "Phishing" is the leading attack vector for the world's most dangerous threats such as the so-called, Advanced Persistent Threat (APT), and hacktivist groups such as Anonymous and LulzSec. The leading mitigation strategy is a combination of user…

As the popularity of online banking Websites has increased, the security of these sites has become increasingly critical as attacks against these sites are on the rise. However, the design decisions made during construction of the sites could make usability more difficult, where the user has difficulty making good security decisions. This study…

The ethical development of information systems is but one of those sensitive scenarios associated with computer technology that has a tremendous impact on individuals and social life. The significance of these issues of concern cannot be overstated. However, since computer ethics is meant to be everybody's responsibility, the result can often be…

The Association Supporting Computer Users in Education (ASCUE) is a group of people interested in small college computing issues. It is a blend of people from all over the country who use computers in their teaching, academic support, and administrative support functions. ASCUE has a strong tradition of bringing its members together to pool their…