Home   >   CSC-OpenAccess Library   >    Manuscript Information
Phishing: A Field Experiment
Danuvasin Charoen
Pages - 277 - 286     |    Revised - 01-05-2011     |    Published - 31-05-2011
Volume - 5   Issue - 2    |    Publication Date - May / June 2011  Table of Contents
MORE INFORMATION
KEYWORDS
Phishing, Data Security, Computer Crime, Internet Security
ABSTRACT
Phishing is a method that hackers use to fraudulently acquire sensitive or private information from a victim by impersonating a real entity (Turban, Leidner, McLean, & Wetherbe, 2010). Phishing can be defined as the act of soliciting or stealing sensitive information such as usernames, passwords, bank account numbers, credit card numbers, and social security or citizen ID numbers from individuals using the Internet (Ohaya, 2006). Phishing often involves some kind of deception. The results from a study of Jagatic et al. (2007) indicate that Internet users are four times more likely to become phishing victims if they receive a request from someone appearing to be a known friend or colleague. The Anti-Phishing Work Group indicates that at least five percent of users responded to phishing scams and about two million users gave away their information to spoofed websites (APWG, 2009). This results in direct losses of $1.2 billion for banks and credit card companies (Dhamija, 2006). In order to understand how phishing can be conducted, the researcher set up a phishing experiment in one of Thailand’s higher education institutions. The subjects were MBA students. A phishing email was sent to the subjects, and the message led the subject to visit the phishing website. One hundred seventy students became victims. The data collection included a survey, an interview, and a focus group. The results indicated that phishing could be easily conducted, and the result can have a great impact on the security of an organization. Organizations can use and apply the lessons learned from this study to formulate an effective security policy and security awareness training programs.
CITED BY (1)  
1 Chuchuen, C., & Chanvarasuth, P. (2015). Relationship between Phishing Techniques and User Personality Model of Bangkok Internet Users.
1 Google Scholar 
2 Academic Journals Database 
3 CiteSeerX 
4 refSeek 
5 iSEEK 
6 Libsearch 
7 Bielefeld Academic Search Engine (BASE) 
8 Scribd 
9 SlideShare 
10 PdfSR 
APWG. (2009). Phishing Activity Trends Report: www.antiphishing.org. Available: http://www.antiphishing.org/reports/apwg_report_Q4_2009.pdf [December 21, 2010].
APWG. (2010a). Global Phishing Survey: Trends and Domain Name Use in 1H2010 Available: http://www.antiphishing.org/reports/APWG_GlobalPhishingSurvey_1H2010.pdf [December 25, 2010].
APWG. (2010b). Phishing Activity Trends Report: APWG. Available: http://www.antiphishing.org/reports/apwg_report_Q1_2010.pdf [December 25, 2010].
Jagatic, T.N., et al., Social Phishing. Communications of the ACM, 2007. 50(10).
Office, N. S. (2008). E-Commerce Report Bangkok, Thailand: National Statistical Office Available: http://service.nso.go.th/nso/nsopublish/pocketBook/electThaiRep_52.pdf [November 7, 2010].
Ohaya, C. Managing Phishing Threats in an Organization. in InfoSecCD. 2006. Kennesaw, GA: ACM.
ThaiCert, Year 2007 ThaiCERT's handled Incident Response Summary, N. Sanglerdinlapachai, Editor. 2007, Thai Computer Emergency Response Team.
Turban, E., et al., Information Technology for Management: Transforming Organizations in the Digital Economy 6th ed. 2008: Wiley.
Turban, E., et al., Information Technology for Management: Transforming Organizations in the Digital Economy 7th ed. 2010: Wiley.
Dr. Danuvasin Charoen
NIDA Business School - Thailand
danuvasin@gmail.com


CREATE AUTHOR ACCOUNT
 
LAUNCH YOUR SPECIAL ISSUE
View all special issues >>
 
PUBLICATION VIDEOS