Phishing and Cybercrime Risks in a University Student Community

21 Pages Posted: 26 Jun 2018 Last revised: 24 Mar 2019

See all articles by Roderic Broadhurst

Roderic Broadhurst

Australian National University (ANU); ANU Cybercrime Observatory

Katie Skinner

Australian National University (ANU) - Cybercrime Observatory; Australian National University (ANU), Students

Nick Sifniotis

(ANU) - Cybercrime Observatory; Australian National University (ANU), Students

Bryan Matamoros-Macias,

Australian National University (ANU), Students

Yuguang Ipsen

Australian National University (ANU), Research School of Finance, Actuarial Studies and Applied Statistics, Students

Date Written: May 9, 2018

Abstract

In an exploratory quasi-experimental observational study, 138 participants recruited during a university orientation week were exposed to social engineering directives in the form of fake email or phishing attacks over several months in 2017. These email attacks attempted to elicit personal information from participants, or entice them into clicking links which may have been compromised in a real-world setting. The study aimed to determine the risks of cybercrime for students by observing their responses to social engineering and exploring attitudes to cybercrime risks before and after the phishing phase. Three types of scam emails were distributed that varied the degree of individualization: generic, tailored and targeted or ‘spear’. To differentiate participants on the basis of cybercrime awareness, participants in a ‘Hunter’ condition were primed throughout the study to remain vigilant to all scams, while participants in a ‘Passive’ condition received no such instruction. The study explored the influence of scam type, cybercrime awareness, gender, IT competence, and perceived Internet safety on susceptibility to email scams. Contrary to the hypotheses, none of these factors were associated with scam susceptibility although tailored and individually crafted email scams were more likely to induce engagement than generic scams. Analysis of all the variables showed that international students and first year students were deceived by significantly more scams than domestic students and later year students. A Generalized Linear Model (GLM) analysis was undertaken to further explore the role of all the variables of interest and the results were consistent with the descriptive findings showing that student status (domestic compared to international) and year of study (first year student compared to students in second, third and later years of study) had a higher association to the risk of scam deception. Implications and future research directions are discussed.

Keywords: cybercrime, social engineering, phishing

Suggested Citation

Broadhurst, Roderic and Skinner, Katie and Sifniotis, Nick and Matamoros-Macias,, Bryan and Ipsen, Yuguang, Phishing and Cybercrime Risks in a University Student Community (May 9, 2018). Available at SSRN: https://ssrn.com/abstract=3176319 or http://dx.doi.org/10.2139/ssrn.3176319

Roderic Broadhurst (Contact Author)

Australian National University (ANU) ( email )

Canberra, Australian Capital Territory 2601
Australia

ANU Cybercrime Observatory ( email )

Canberra, Australian Capital Territory 0200
Australia

Katie Skinner

Australian National University (ANU) - Cybercrime Observatory ( email )

Acton, ACT 2601
Australia

Australian National University (ANU), Students ( email )

Canberra
Australia

Nick Sifniotis

(ANU) - Cybercrime Observatory ( email )

Acton, ACT 2601
Australia

Australian National University (ANU), Students ( email )

Canberra
Australia

Bryan Matamoros-Macias,

Australian National University (ANU), Students ( email )

Canberra
Australia

Yuguang Ipsen

Australian National University (ANU), Research School of Finance, Actuarial Studies and Applied Statistics, Students ( email )

Kingsley Street
Acton
Australia
6125 5871 (Phone)

Register to save articles to
your library

Register

Paper statistics

Downloads
22
Abstract Views
147
PlumX Metrics
!

Under construction: SSRN citations while be offline until July when we will launch a brand new and improved citations service, check here for more details.

For more information