User security awareness of social engineering and phishing |
Social engineering is a significant problem involving technical and non-technical ploys in order to extract information from unsuspected users. This paper presents an assessment of user resilience to such ploys in the form of email phishing attack. Our experiment used an online web survey which included a mix of legitimate and illegitimate emails and asked users to differentiate between them. A total of 179 participants were involved and the assessment shows that they correctly identified legitimate emails on average of 50%, whereas illegitimate emails were correctly identified on average of 60%. However, in many cases participants who correctly identified illegitimate emails could not reason their selection based on criteria that illustrate their security awareness.
Karakasiliotis A, Furnell SM, Papadaki M