The Potential Factors Influencing Information Security Awareness on Phishing Attacks From Various Industries: A Systematic Literature Review (SLR)

  • Authors

    • Ayman Hasan Asfoor
    • Fiza Abdul Rahim
    2018-11-26
    https://doi.org/10.14419/ijet.v7i4.29.21837
  • Information security, Phishing, Security awareness

  • Phishing attack is one of the techniques used by attacker to get private information from Internet banking customers. This study will systematically analyse published research exploring factors that influencing information security awareness on phishing attacks. A total of 150 articles were used in our review a quality criterion was applied on this set of articles, a total of 20 articles were determined for further analysis, and successfully identified eleven factors as being either directly or indirectly related to awareness on phishing attacks. The factors are security concerns, user competence, computer literacy, self-efficacy, neuroticism, openness, response efficacy and years of PC usage. Moreover, studies have also identified the important role played by motivation. In this way, one could group factors relating to awareness on phishing attacks in three major groups including personality traits, motivation and individual differences. This review may be significant in providing useful information on how to understand users’ susceptibility and vulnerability to phishing scams online.

  • References

    1. [1] Subsorn, P., & Limwiriyakul, S. (2011). A comparative analysis of the security of internet banking in Australia: A customer perspective. Paper presented at the 2nd International Cyber Resilience Conference, Perth, Western Australia.

      [2] Gan, C., Clemes, M., Limsombunchai, V. and Weng, A. (2006), “A logit analysis of electronic banking in New Zealandâ€, International Journal of Bank Marketing, 24, 6, pp. 360-383.

      [3] Jansson, K., & von Solms, R. (2013). Phishing for phishing awareness. Behaviour & information technology, 32, 6, pp. 584-593 [4] IEC, Web Forum Tutorials, “Prepaid Servicesâ€.

      [4] Nagalingam, V., Narayana Samy, G., Ahmad, R., Maarop, N., & Ibrahim, R. (2015). Identifying the Level of User Awareness and Factors on Phishing Attempt Among Students. Advanced Science Letters, 21, 10, pp. 3243-3247.

      [5] Arachchilage, N. A. G., & Love, S. (2014). Security awareness of computer users: A phishing threat avoidance perspective. Computers in Human Behavior, 38, 304-312.

      [6] Wright, R. T., & Marett, K. (2010). The influence of experiential and dispositional factors in phishing: An empirical investigation of the deceived. Journal of Management Information Systems, 27, 1, pp. 273-303.

      [7] Okoli, C. (2015). A guide to conducting a standalone systematic literature review. Communications of the Association for Information Systems, 37, 879 – 910.

      [8] Iuga, C., Nurse, J. R., & Erola, A. (2016). Baiting the hook: factors impacting susceptibility to phishing attacks. Human-centric Computing and Information Sciences, 6, 1, pp. 1-20.

      [9] Yoon, C., Hwang, J. W., & Kim, R. (2012). Exploring factors that influence students' behaviors in information security. Journal of Information Systems Education, 23, 4, 407.

      [10] Ahmad Sobri Hashim & Saipunidzam Mahamad. (2017). Factors affecting awareness on information security in internet banking among Universiti Teknologi Petronas (UTP) students in Zulikha, J. & N. H. Zakaria (Eds.), Proceedings of the 6th International Conference of Computing & Informatics (pp 356-362). Sintok: School of Computing.

      [11] Williams, E. J., Beardmore, A., & Joinson, A. N. (2017). Individual differences in susceptibility to online influence: A theoretical review. Computers in Human Behavior, 72, 412-421.

      [12] Halevi, T., Lewis, J., & Memon, N. (2013). Phishing, personality traits and facebook. arXiv preprint arXiv:1301. 7643.

      [13] Kamal, S., & Shahibi, M. (2012). Information Security Awareness Amongst Academic Librarians. Journal of Applied Sciences Research, 8, 3, 1723-1735.

      [14] Alseadoon, I., & Chan, T. (2012). Who is more susceptible to phishing emails?: A Saudi Arabian study. 23rd Australasian Conference on Information Systems.

      [15] Al-Alawi, A., & Al-Kandari, S. (2016). Evaluation of Information Systems Security wareness in Higher Education: An Empirical Study of Kuwait University. Journal of Innovation & Business Best Practice, 4 pages

      [16] Allam, S., & Flowerday, S. (2014). Smartphone information security awareness: A victim of operational pressures. Computers & Security, pp. 56-65.

      [17] Bojmaeh, H. (2015). The Main Factors Influencing Information Security Behavior. International Journal of Science and Engineering Applications, Vol. 4, 6.

      [18] S. Alghathbar, B., & Nabi, S. (2011). Effectiveness of information security awareness methods based on psychological theories. African Journal of Business Management, pp. 10862- 10868.

      [19] Kruger, H., & Flowerday, S. (2011). An assessment of the role of cultural factors in information security awareness. XeploreIEEE.

      [20] N. Zanoon and N. Gharaibeh, (2013). The Impact of Customer Knowledge on the Security of E- Banking. International Journal of Computer Science and Security (IJCSS), 7(2).

      [21] Oxford Dictionary of English, Oxford University Press, Ed. Catherine Soanes, Angus Stevenson. ISBN 0-19-861347-4, ISBN 978-0-19-861347-3.

      [22] Pham, H., Brennan, L., and Richardson, J. (2017). Review Of Behavioural Theories In Security Compliance And Research Challenges. In: Information Science+ Information Technology Education Conference. Ho Chi Minh City (Saigon), Vietnam: Information Technology Education Conference, p.14.

      [23] Halevi, T., Memon, N., & Nov, O. (2015). Spear- Phishing in the Wild: A Real-World Study of Personality, Phishing Self-Efficacy and Vulnerability to Spear-Phishing Attacks. SSRN Electronic Journal. doi:10.2139/ssrn.2544742.

      [24] Veseli, I. (2017). Measuring the Effectiveness of Information Security Awareness Program. Masters. Gjøvik University College.

      [25] Alhawari, S. (2014). Impact Evaluation of Customer Knowledge Process on Customer Knowledge Expansion. Banking, Finance, and Accounting, pp. 919-931. doi:10.4018/978-1-4666-6268-1.ch050.

      [26] Al-Mayahi, I., & Mansoor, S. P. (2013). Information security culture assessment: Case study. In 2013 IEEE Third Int. Conference on Information Science and Technology (ICIST), pp. 789–792. IEEE.

      [27] Donahue, S. E. (2011). Assessing the impact that organizational culture has on enterprise information security incidents.

      [28] Gebrasilase, T., & Lessa, L. (2011). Information Security Culture in Public Hospitals: The Case of Hawassa Referral Hospital. African Journal of Information System, 3, 3, pp. 72–86.

      [29] Puhakainen, P. (2017). a design theory for information security awareness. [online] Available at http://a design theory for information security awareness.

      [30] Bauer, S. (2017). End User Information Security Awareness Programs for Improving Information Security in Banking Organizations: Preliminary Results from an Exploratory Study. [online] Association for Information Systems AIS Electronic Library. Available at: http://End User Information Security Awareness Programs for

  • Downloads

  • How to Cite

    Asfoor, A. H., & Rahim, F. A. (2018). The Potential Factors Influencing Information Security Awareness on Phishing Attacks From Various Industries: A Systematic Literature Review (SLR). International Journal of Engineering & Technology, 7(4.29), 25-30. https://doi.org/10.14419/ijet.v7i4.29.21837