The Potential Factors Influencing Information Security Awareness on Phishing Attacks From Various Industries: A Systematic Literature Review (SLR)

  • Authors

    • Ayman Hasan Asfoor
    • Fiza Abdul Rahim
    https://doi.org/10.14419/ijet.v7i4.29.21837

    Received date: November 27, 2018

    Accepted date: November 27, 2018

    Published date: November 26, 2018

  • Information security, Phishing, Security awareness

  • Abstract

    Phishing attack is one of the techniques used by attacker to get private information from Internet banking customers. This study will systematically analyse published research exploring factors that influencing information security awareness on phishing attacks. A total of 150 articles were used in our review a quality criterion was applied on this set of articles, a total of 20 articles were determined for further analysis, and successfully identified eleven factors as being either directly or indirectly related to awareness on phishing attacks. The factors are security concerns, user competence, computer literacy, self-efficacy, neuroticism, openness, response efficacy and years of PC usage. Moreover, studies have also identified the important role played by motivation. In this way, one could group factors relating to awareness on phishing attacks in three major groups including personality traits, motivation and individual differences. This review may be significant in providing useful information on how to understand users’ susceptibility and vulnerability to phishing scams online.

  • References

    1. Subsorn, P., & Limwiriyakul, S. (2011). A comparative analysis of the security of internet banking in Australia: A customer perspective. Paper presented at the 2nd International Cyber Resilience Conference, Perth, Western Australia.
    2. Gan, C., Clemes, M., Limsombunchai, V. and Weng, A. (2006), “A logit analysis of electronic banking in New Zealand”, International Journal of Bank Marketing, 24, 6, pp. 360-383.
    3. Jansson, K., & von Solms, R. (2013). Phishing for phishing awareness. Behaviour & information technology, 32, 6, pp. 584-593 [4] IEC, Web Forum Tutorials, “Prepaid Services”.
    4. Nagalingam, V., Narayana Samy, G., Ahmad, R., Maarop, N., & Ibrahim, R. (2015). Identifying the Level of User Awareness and Factors on Phishing Attempt Among Students. Advanced Science Letters, 21, 10, pp. 3243-3247.
    5. Arachchilage, N. A. G., & Love, S. (2014). Security awareness of computer users: A phishing threat avoidance perspective. Computers in Human Behavior, 38, 304-312.
    6. Wright, R. T., & Marett, K. (2010). The influence of experiential and dispositional factors in phishing: An empirical investigation of the deceived. Journal of Management Information Systems, 27, 1, pp. 273-303.
    7. Okoli, C. (2015). A guide to conducting a standalone systematic literature review. Communications of the Association for Information Systems, 37, 879 – 910.
    8. Iuga, C., Nurse, J. R., & Erola, A. (2016). Baiting the hook: factors impacting susceptibility to phishing attacks. Human-centric Computing and Information Sciences, 6, 1, pp. 1-20.
    9. Yoon, C., Hwang, J. W., & Kim, R. (2012). Exploring factors that influence students' behaviors in information security. Journal of Information Systems Education, 23, 4, 407.
    10. Ahmad Sobri Hashim & Saipunidzam Mahamad. (2017). Factors affecting awareness on information security in internet banking among Universiti Teknologi Petronas (UTP) students in Zulikha, J. & N. H. Zakaria (Eds.), Proceedings of the 6th International Conference of Computing & Informatics (pp 356-362). Sintok: School of Computing.
    11. Williams, E. J., Beardmore, A., & Joinson, A. N. (2017). Individual differences in susceptibility to online influence: A theoretical review. Computers in Human Behavior, 72, 412-421.
    12. Halevi, T., Lewis, J., & Memon, N. (2013). Phishing, personality traits and facebook. arXiv preprint arXiv:1301. 7643.
    13. Kamal, S., & Shahibi, M. (2012). Information Security Awareness Amongst Academic Librarians. Journal of Applied Sciences Research, 8, 3, 1723-1735.
    14. Alseadoon, I., & Chan, T. (2012). Who is more susceptible to phishing emails?: A Saudi Arabian study. 23rd Australasian Conference on Information Systems.
    15. Al-Alawi, A., & Al-Kandari, S. (2016). Evaluation of Information Systems Security wareness in Higher Education: An Empirical Study of Kuwait University. Journal of Innovation & Business Best Practice, 4 pages
    16. Allam, S., & Flowerday, S. (2014). Smartphone information security awareness: A victim of operational pressures. Computers & Security, pp. 56-65.
    17. Bojmaeh, H. (2015). The Main Factors Influencing Information Security Behavior. International Journal of Science and Engineering Applications, Vol. 4, 6.
    18. S. Alghathbar, B., & Nabi, S. (2011). Effectiveness of information security awareness methods based on psychological theories. African Journal of Business Management, pp. 10862- 10868.
    19. Kruger, H., & Flowerday, S. (2011). An assessment of the role of cultural factors in information security awareness. XeploreIEEE.
    20. N. Zanoon and N. Gharaibeh, (2013). The Impact of Customer Knowledge on the Security of E- Banking. International Journal of Computer Science and Security (IJCSS), 7(2).
    21. Oxford Dictionary of English, Oxford University Press, Ed. Catherine Soanes, Angus Stevenson. ISBN 0-19-861347-4, ISBN 978-0-19-861347-3.
    22. Pham, H., Brennan, L., and Richardson, J. (2017). Review Of Behavioural Theories In Security Compliance And Research Challenges. In: Information Science+ Information Technology Education Conference. Ho Chi Minh City (Saigon), Vietnam: Information Technology Education Conference, p.14.
    23. Halevi, T., Memon, N., & Nov, O. (2015). Spear- Phishing in the Wild: A Real-World Study of Personality, Phishing Self-Efficacy and Vulnerability to Spear-Phishing Attacks. SSRN Electronic Journal. doi:10.2139/ssrn.2544742.
    24. Veseli, I. (2017). Measuring the Effectiveness of Information Security Awareness Program. Masters. Gjøvik University College.
    25. Alhawari, S. (2014). Impact Evaluation of Customer Knowledge Process on Customer Knowledge Expansion. Banking, Finance, and Accounting, pp. 919-931. doi:10.4018/978-1-4666-6268-1.ch050.
    26. Al-Mayahi, I., & Mansoor, S. P. (2013). Information security culture assessment: Case study. In 2013 IEEE Third Int. Conference on Information Science and Technology (ICIST), pp. 789–792. IEEE.
    27. Donahue, S. E. (2011). Assessing the impact that organizational culture has on enterprise information security incidents.
    28. Gebrasilase, T., & Lessa, L. (2011). Information Security Culture in Public Hospitals: The Case of Hawassa Referral Hospital. African Journal of Information System, 3, 3, pp. 72–86.
    29. Puhakainen, P. (2017). a design theory for information security awareness. [online] Available at http://a design theory for information security awareness.
    30. Bauer, S. (2017). End User Information Security Awareness Programs for Improving Information Security in Banking Organizations: Preliminary Results from an Exploratory Study. [online] Association for Information Systems AIS Electronic Library. Available at: http://End User Information Security Awareness Programs for
    31. Williams, E. J., Beardmore, A., & Joinson, A. N. (2017). Individual differences in susceptibility to online influence: A theoretical review. Computers in Human Behavior, 72, 412-421. doi:10.1016/j.chb.2017.03.002.
    32. Veseli, I. (2017). Measuring the Effectiveness of Information Security Awareness Program. Masters. Gjøvik University College.
    33. AlHogail, A. (2015). Design and validation of information security culture framework. Computers in Human Behavior, 49(2015), 567– 575.
    34. Van Niekerk, J. F., & Von Solms, R. (2010). Information security culture: A management perspective. Computers & Security, 29(4), 476– 486.
    35. Parsons, K., McCormac, A., Butavicius, M. and Ferguson, L. (2017). Human Factors and Information Security: Individual, Culture and Security Environment. [online] Available at: http://Human Factors and Information Security: Individual, Culture and Security Environment [Accessed 20 Dec. 2017].
    36. Drevin, L., Kruger, H. and Steyn, T. (2017). Value-Focused Assessment of Information Communication and Technology Security Awareness in an Academic Environment Lynette Drevin1, Hennie Kruger2 and Tjaart Steyn3. [online] Potchefstroom: North-West University South Africa, p.7. Available at: : https://www.researchgate.net/publication/2207223 98.
    37. Abraham, S. (2011). Information Security Behavior: Factors and Research Directions. In AMCIS.
    38. Arachchilage, N. A. G., Love, S., & Beznosov, K. (2016). Phishing threat avoidance behaviour: An empirical investigation. Computers in Human Behavior, 60, 185-197.
    39. Martin, N., & Rice, J. (2011). Cybercrime: Understanding and addressing the concerns of stakeholders. Computers & Security, 30(8), 803- 814.
    40. Abawajy, J. (2014). User preference of cyber security awareness delivery methods. Behaviour & Information Technology, 33, 3, pp. 237-248.
    41. Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance model in organizations. Computers & Security, 56, pp. 70-82.
    42. Kajzer, M., D'Arcy, J., Crowell, C. R., Striegel, A., & Van Bruggen, D. (2014). An exploratory investigation of message-person congruence in information security awareness campaigns. Computers & Security, 43, pp. 64-76.
    43. Flores, W. R., & Ekstedt, M. (2016). Shaping intention to resist social engineering through transformational leadership, information security culture and awareness. Computers & Security, 59, 26-44.
    44. Darwish, A., El Zarka, A., & Aloul, F. (2012, December). Towards understanding phishing victims' profile. In Computer Systems and Industrial Informatics (ICCSII), 2012 International Conference on (pp. 1-5). IEEE.
    45. Top 5 of Anything, (2018), https://top5ofanything.com/list/df54459c/ [Accessed: 1 May 2018].

  • Downloads

  • How to Cite

    Asfoor, A. H., & Rahim, F. A. (2018). The Potential Factors Influencing Information Security Awareness on Phishing Attacks From Various Industries: A Systematic Literature Review (SLR). International Journal of Engineering and Technology, 7(4.29), 25-30. https://doi.org/10.14419/ijet.v7i4.29.21837