PurposeThe purpose of this paper is to aim to educate the internet consumer, who may be a potential phishing victim, and to suggest a framework of anti‐phishing measures, following the staggering increase in the number of recent phishing attacks. Phishing describes a method of online identity theft, in which phishers typically pose as legitimate organisations when sending deceptive e‐mail messages to internet users. When they respond to such e‐mails, victims are lured to malicious web sites, where they are duped into disclosing their personal details. In this way, phishers are able to commit identity theft, with possibly devastating consequences for the victim.Design/methodology/approachAfter a literature review of the available sources, the phishing threat is investigated by analysing the modus operandi of phishers and the basic components of a typical phishing scheme. A possible solution for the phishing problem is examined.FindingsPhishers continually target the weakest link in the security chain, namely consumers, in their attacks. Educating the online consumer about phishing, as well as the implementation and proper application of anti‐phishing measures, are critical steps in protecting the identities of online consumers against e‐mail phishing attacks.Originality/valueThis article proposes measures that internet consumers can take to ward off phishing attacks, as well as remedial actions that they can take after falling victim to such an attack. By implementing these measures online, consumers can minimise the risk of becoming victims of successful phishing attacks, as well as remedy the negative effects of any past disclosure of information to phishers.
With the increasing dependence on IT in modern enterprises and the significant risks associated with omnipresent IT systems in business, IT governance is becoming imperative to all organisations. King III is based on the “apply or explain” approach, that forces South African entities for the first time to apply the IT governance principles as contained in the report, or explain the reasons for not applying these principles. This paper provides a macrolevel view of IT governance, derived from King III, and determined that it correlates strongly with the growing body of knowledge on IT governance. The paper investigates the responsibilities for IT governance within organisations and provides clear guidelines on the responsibilities of management roles, from the board to the operational level, involved in IT governance to ensure accountability.
Purpose Phishing attacks exploit social vulnerabilities and remain a global concern. Financial institutions often use their websites as part of their online awareness and education efforts. This paper aims to explore the effectiveness of phishing-related information made available by financial institutions to raise awareness and educate customers. Design/methodology/approach In this mixed methods research, a survey of online consumers was first performed and analysed. Second, the information available on the websites of major financial institutions was analysed. Using the construct of information quality (IQ), content analysis was performed to determine whether the phishing-related information meets the IQ criteria. Findings The survey confirmed that consumers are indeed targeted by phishers. It established that they turn to their financial institutions, more often than any other source, for anti-phishing information. When analysing the IQ of phishing-related information, significant deficiencies as well as different levels of performance between the financial institutions, emerged. In general, the worst performing IQ criteria was information being current and fit for purpose. Research limitations/implications As the research is conducted within South Africa, the results cannot be generalised. The ethical clearance did not allow for identification of the different financial institutions and thus comparing consumers’ perceptions with the observed IQ from the content analysis to determine correlation. Practical implications Protecting consumers against phishing attacks remains critical, and this paper confirms that users turn to their financial institutions for information. Yet, the phishing-related information made available on the websites of financial institutions has severe deficiencies. Practitioners should use IQ to determine the appropriateness of phishing-related information and focus on improving customer awareness and education. Originality/value Researchers often highlight the importance of awareness and education programmes in protecting consumers, but rarely investigate if consumers access publicly available information and express an opinion on the quality of this information. Although the results should not generalised, the recommendations, if necessary through similar analysis, has an impact beyond the geographical constraints of the study.
Purpose There is a need for behavioural research within the smartphone context to better understand users’ behaviour, as it is one of the reasons for the proliferation of mobile threats. This study aims to identify the human factors that affect smartphone users’ threat avoidance behaviour. Design/methodology/approach A structured literature review (SLR) was applied to answer the research question. A total of 27 sources were analysed, from which 16 codes emerged. After synthesis, six themes transpired. Findings Six factors were identified as drivers and/or challenges of smartphone users’ threat avoidance behaviour, namely, knowledge and awareness, misconceptions and trust, cost and benefit considerations, carelessness, perceived measure effectiveness and the user’s perceived skills and efficacy. Research limitations/implications The results can encourage and provide a starting point for further research on human behaviour to improve smartphone user behaviour. Practical implications The mobile industry should focus on eradicating common misconceptions and undue trust in mobile security that is prevalent among smartphone users and make cost effective and usable interventions available. Training and awareness programs should be updated to include the factors that were identified in this study to affect smartphone users’ threat avoidance behaviour. In addition to improving users’ declarative knowledge concerning available smartphone measures and tools, procedural knowledge should also be improved to ensure proper use of available protective measures. Users should realise the importance of staying updated with evolving smartphone technology and associated threats. Originality/value This study acknowledges and supports the notion that addressing human behaviour is crucial in the fight against mobile threats. It addresses the need for behavioural research to analyse the factors that drive smartphone user behaviour. Furthermore, it uses and documents the use of a SLR, a research technique often unfamiliar among information security researchers.
Background: The ability to identify and authenticate users is regarded as the foundation of computer security. Although new authentication technologies are evolving, passwords are the most common method used to control access in most computer systems. Research suggests that a large portion of computer security password breaches are the result of poor user security behaviour. The password creation and management practices that online consumers apply have a direct effect on the level of computer security and are often targeted in attacks. Objectives: The objective of this study was to investigate South African online consumers’ computer password security practices and to determine whether consumers’ perceptions regarding their password security ability is reflected in the password creation and management practices that they apply. Method: A Web-based survey was designed to (1) determine online consumers’ perceptions of their skills and competence in respect of computer password security and (2) determine the practices that South African online consumers apply when creating and managing passwords. The measures applied were then compared to (1) the users’ perceptions about their computer password security abilities and (2) the results of international studies to determine agreement and inconsistencies. Results: South African online consumers regard themselves as proficient password users. However, various instances of unsafe passwords practices were identified. The results of this South African study correspond with the results of various international studies confirming that challenges to ensure safe online transacting are in line with international challenges. Conclusion: There is a disparity between South African online consumers’ perceived ability regarding computer password security and the password creation and management practices that they apply.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.