Evaluating User Vulnerabilities Vs Phisher Skills In Spear Phishing

Document Type

Article

Source of Publication

Iadis-International Journal On Computer Science And Information Systems

Publication Date

12-17-2018

Abstract

Spear phishing emails pose great danger to employees of organizations due to the inherent weakness of the employees in identifying the threat from spear phishing cues, as well as the spear phisher's skill in crafting contextually convincing emails. This raises the main question of which construct (user vulnerabilities or phisher skills) has a greater influence on the vulnerable user. Researchers have provided enough evidence of user vulnerabilities, namely the desire for monetary gain, curiosity of the computer user, carelessness on the part of the user, the trust placed in the purported sender by the user, and a lack of awareness on the part of the computer user. However, there is a lack of research on the magnitude of each of these factors in influencing an unsuspecting user to fall for a phishing or spear phishing attack which we explored in this paper. While user vulnerabilities pose major risk, the effect of the spear phisher's ability in skillfully crafting convincing emails (using fear appeals, urgency of action, and email contextualization) to trap even skillful IT security personnel is an area that needs to be explored. Therefore, we explored the relationships between the two major constructs namely 'user vulnerabilities' and 'email contextualization', through the theory of planned behavior with the objective to find out the major factors that lead to computer users biting the phishers' bait. In this theoretical version of the paper, we provided the resulting two constructs that needed to be tested.

ISSN

1646-3692

Publisher

IADIS - International Association for the Development of the Information Society

Volume

13

Issue

2

First Page

93

Last Page

108

Disciplines

Computer Sciences

Keywords

Spear phishing, User Vulnerabilities, Email Contextualization

Indexed in Scopus

no

Open Access

yes

Open Access Type

Bronze: This publication is openly available on the publisher’s website but without an open license

Link to Full Text

Share

COinS