Home > Research > Publications & Outputs > Understanding the human behavioural factors beh...

Electronic data

  • 2017shargawiphd

    Final published version, 4 MB, PDF document

    Available under license: CC BY-ND: Creative Commons Attribution-NoDerivatives 4.0 International License

Text available via DOI:

View graph of relations

Understanding the human behavioural factors behind online learners’ susceptibility to phishing attacks

Research output: ThesisDoctoral Thesis

Published
  • Ayman Shargawi
Close
Publication date2017
Number of pages244
QualificationPhD
Awarding Institution
Supervisors/Advisors
Publisher
  • Lancaster University
Original languageEnglish

Abstract

Phishing is an act of fraudulence to lure victims to respond to an illegitimate request for the sake of a financial or informational gain (Huang, Qian, and Wang, 2012). Phishing can jeopardize the security of online learning (e-Learning) systems. Phishing cannot be prevented by depending on technical controls alone (Proctor, Schultz and Vu, 2009). Effective Information Security Awareness is key to protecting against Phishing (Chen, Shaw and Yang, 2006). However, most information security awareness programs overlook human behavioural factors as a root cause of exploitation in Phishing (Proctor et al 2009, Anttila et al 2007).
This research aims to better understand the human behavioural factors behind online learners’ susceptibility to Phishing attacks (Luo et al, 2013). Thus, literature review was conducted to identify and analyse the human behavioural factors exploited in Phishing attacks with relation to the online learners’ awareness needs. A conceptual framework called ‘Security Awareness Model for Phishing’ (SAMFP) has been developed based on the integration of Endsley’s Situation Awareness model (Endsley, 2015), the awareness delivery guidelines by Chen, Shaw and Yang (2006) and Poepjes’ (2012) Information Security Awareness and Capability Model (ISACM). SAMFP aims to improve information security awareness for online learners. Hence, data was gathered from 100 participants, experienced in learning online, who completed 5 activities: a pre-awareness (1st) assessment test, participating in the 1st awareness session and group discussions, an assessment (2nd) test, participating in the 2nd awareness session and group discussions and finally a post-awareness (3rd) assessment test. Data was analysed quantitatively with 18 hypotheses to validate the effectiveness of the SAMFP model. Following a design based research approach, the researcher was heavily engaged in the design, development and testing of the SAMFP model which included development of training materials, tutoring and assessment of learning outcomes against the research questions and objectives.