Phishing is essentially a social engineering crime on the Web, whose rampant occurrences and technique advancements are posing big challenges for researchers in both academia and…
Abstract
Purpose
Phishing is essentially a social engineering crime on the Web, whose rampant occurrences and technique advancements are posing big challenges for researchers in both academia and the industry. The purpose of this study is to examine the available phishing literatures and phishing countermeasures, to determine how research has evolved and advanced in terms of quantity, content and publication outlets. In addition to that, this paper aims to identify the important trends in phishing and its countermeasures and provides a view of the research gap that is still prevailing in this field of study.
Design/methodology/approach
This paper is a comprehensive literature review prepared after analysing 16 doctoral theses and 358 papers in this field of research. The papers were analyzed based on their research focus, empirical basis on phishing and proposed countermeasures.
Findings
The findings reveal that the current anti‐phishing approaches that have seen significant deployments over the internet can be classified into eight categories. Also, the different approaches proposed so far are all preventive in nature. A Phisher will mainly target the innocent consumers who happen to be the weakest link in the security chain and it was found through various usability studies that neither server‐side security indicators nor client‐side toolbars and warnings are successful in preventing vulnerable users from being deceived.
Originality/value
Educating the internet users about phishing, as well as the implementation and proper application of anti‐phishing measures, are critical steps in protecting the identities of online consumers against phishing attacks. Further research is required to evaluate the effectiveness of the available countermeasures against fresh phishing attacks. Also there is the need to find out the factors which influence internet user's ability to correctly identify phishing websites.
Details
Keywords
Cassandra Cross and Rosalie Gillett
This paper aims to explore current knowledge of business email compromise (BEC) fraud, or approaches that specifically target organisations for financial gain, through the…
Abstract
Purpose
This paper aims to explore current knowledge of business email compromise (BEC) fraud, or approaches that specifically target organisations for financial gain, through the exploitation of trusted relationships. BEC fraud affects organisations globally and is estimated to have netted offenders over US$26bn since 2016. Despite the sheer magnitude of these losses, there is a dearth of academic research seeking to better understand this crime type, and prevent it from occurring.
Design/methodology/approach
This review summarises the known literature on BEC fraud. It uses a variety of academic and industry sources to ascertain the current state of knowledge, including how it is perpetrated, its impact (on businesses and individuals), how law enforcement have responded and its prevention.
Findings
This review highlights many gaps in knowledge surrounding BEC fraud. There has been a large focus on the technical aspects of BEC fraud, to the detriment of the human elements. Often, BEC fraud is successful through targeted and effective use of social engineering techniques and is able to overcome any technical solutions through the manipulation of personal relationships. Further, while the financial impacts of BEC fraud are obvious, there is no known research which has explored the non-financial harms of BEC fraud (across organisational and individual perspectives). With companies starting to (unsuccessfully) take legal action against those who have responded, there is a clear need to understand how organisations can better respond to incidents when they occur. Finally, there are gaps in knowledge on what is the best combination of both technical and human measures to prevent BEC fraud.
Research limitations/implications
This review is based on information presently available, and as indicated, there are significant gaps in what is currently known.
Practical implications
This review highlights the need to undertake research into the current gaps, with a view to improving best practice knowledge on prevention and response.
Social implications
Currently unknown, BEC fraud is posited to have significant impacts at both personal and collective levels. Increased knowledge of these non-financial impacts will improve how organisations respond to BEC fraud and how employees can be supported before and after an incident occurs.
Originality/value
Despite the magnitude of the problem, there is limited academic scholarship on BEC fraud. This literature review offers a summary of current knowledge and advocates a strong research agenda moving forward.
Details
Keywords
S.E. Kruck, Faye Teer and William A. Christian
The purpose of this paper is to describe a new software tool that graphically depicts analysis of visitor traffic. This new tool is the graph‐based server log analysis program…
Abstract
Purpose
The purpose of this paper is to describe a new software tool that graphically depicts analysis of visitor traffic. This new tool is the graph‐based server log analysis program (GSLAP).
Design/methodology/approach
Discovering hidden and meaningful information about web users' patterns of usage is critical to optimization of the web server. The authors designed and developed GSLAP. Presented in this paper is an example of GSLAP in the context of an analysis of the web site of a small fictitious company. Also included is an explanation of current literature that supports graphical display of data as a cognitive aid to understanding data.
Findings
GSLAP is shown to provide a visual server log analysis that is a great improvement on the textual server log.
Research limitations/implications
The benefits of the output from GSLAP are compared with the typical textual output.
Originality/value
The paper describes a software tool that helps the analysis of usage patterns of web traffic.
Details
Keywords
S.E. Kruck, Danny Gottovi, Farideh Moghadami, Ralph Broom and Karen A. Forcht
The rapid advance of technology has permitted the creation of vast amounts of information, both on and off the Internet. The public is only just beginning to realize how this…
Abstract
The rapid advance of technology has permitted the creation of vast amounts of information, both on and off the Internet. The public is only just beginning to realize how this information, especially personal information, may be used in ways that may not be acceptable. Laws across different countries are often conflicting, making it difficult to control how personal information is being used and how individual privacy is being violated. The solution to this problem lies somewhere between government, industry, and the individual. This paper discusses the current state of personal privacy in each of these three areas.
Details
Keywords
Swapan Purkait, Sadhan Kumar De and Damodar Suar
The aim of this study is to report on the results of an empirical investigation of the various factors which have significant impacts on the Internet user’s ability to correctly…
Abstract
Purpose
The aim of this study is to report on the results of an empirical investigation of the various factors which have significant impacts on the Internet user’s ability to correctly identify a phishing website.
Design/methodology/approach
The research participants were Internet users who have had at least some experience of financial transactions over the Internet. This study conducted a quantitative research with the help of a structured survey questionnaire along with three experimental tasks. A total of 621 valid samples were collected and the multiple regression analysis technique was used to deduce the answers to the research question.
Findings
The results show that the model is useful and has explanatory power. And adjusted R2 computed as 0.927, means that 92.7 per cent of the variations in the Internet user’s ability to identify phishing website can be explained by the predictors selected for the model.
Research limitations/implications
Future research should account for the Internet user’s general security practices and behaviour, attitude towards online financial activity, risk-taking ability or risk behaviour and their potential effects on Internet users' ability to identify a phishing website.
Practical implications
The implications of this study provide the foundation for future research on the areas that intend to explain the Internet user’s necessity to take protection or avoid risky behaviour while performing financial transaction over the Internet.
Originality/value
This study provides the body of knowledge with an empirical analysis of impact of various factors on an Internet user’s ability to identify phishing websites. The results of this study can help practitioners create a more successful research model and help researchers better understand user behaviour on the Internet.
Details
Keywords
Luka Tomat, Peter Trkman and Anton Manfreda
The importance of information systems (IS) professions is increasing. As personality–job fit theory claims, employees must have suitable personality traits for particular IS…
Abstract
Purpose
The importance of information systems (IS) professions is increasing. As personality–job fit theory claims, employees must have suitable personality traits for particular IS professions. However, candidates can try to fake-good on personality tests towards the desired personality type. Thus, the purpose of this study is to identify archetypal IS professions, their associated personality types and examine the reliability of the Myers–Briggs Type Indicator (MBTI) personality test in IS recruitment decisions.
Design/methodology/approach
The authors reviewed academic literature related to IS professions to identify job archetypes and personality traits for IS professions. Then, the authors conducted an experiment with 452 participants to investigate whether candidates can fake-good on personality tests when being tested for a particular IS profession.
Findings
The identified job archetypes were IS project manager, IS marketing specialist, IS consultant, IS security specialist, data scientist and business process analyst. The experimental results show that the participants were not able to fake-good considerably regarding their personality traits for a particular archetype.
Research limitations/implications
The taxonomy of IS professions should be validated further. The experiment was executed in an educational organisation and not in a real-life environment. Actual work performance was not measured.
Practical implications
This study enables a better identification of suitable candidates for a particular IS profession. Personality tests are good indicators of the candidate's true personality type but must be properly interpreted.
Originality/value
This study enhances the existing body of knowledge on IS professions' archetypes, proposes suitable MBTI personality types for each profession and provides experimental support for the appropriateness of using personality tests to identify potentially suitable candidates.
Details
Keywords
Satoshi Sugahara and Steven Dellaportas
The purpose of this study is to investigate the effect of an accounting education pedagogy incorporating active learning approaches designed to engage first-year undergraduate…
Abstract
Purpose
The purpose of this study is to investigate the effect of an accounting education pedagogy incorporating active learning approaches designed to engage first-year undergraduate business students and to aspire them to continue accounting as their academic major and entry into the accounting profession.
Design/methodology/approach
Data were collected from a questionnaire with a pre-/post-test design of 24 undergraduate business students enrolled in a course titled Accounting Active Learning Seminar (AALS) (test group) and 33 students who did not participate in the AALS (control group). The AALS incorporates various types of active learning methods designed by the authors to inspire students to continue with accounting as a career choice.
Findings
The findings show that participation in the AALS improved student’s motivation in accounting education and the likelihood of choosing accounting as their academic major. The active learning methods implemented in the AALS were effective in improving students’ confidence, of which degree contributed to students’ stronger works aspiration towards accounting professions. Further it was found that students who did not participate in the AALS tended to have lower attention dimensions of motivation, which was also significantly associated with lower percentage of students’ choice of academic major in accounting.
Originality/value
This is one of the few studies to empirically examine active learning on student engagement and performance with a focus on accounting. While the evidence shows that active learning has pedagogical benefits, the full potential of active learning is more likely to be realized when accounting educators design active learning carefully to address the “attention” and “confidence” attributes.
Details
Keywords
The purpose of this paper is to add a layer of understanding to a previous survey of information technology (IT) security concerns and issues in global financial services…
Abstract
Purpose
The purpose of this paper is to add a layer of understanding to a previous survey of information technology (IT) security concerns and issues in global financial services institutions (GFSI).
Design/methodology/approach
This paper uses data obtained from a secondary source. The dimensions of national culture used in this paper come from Hofstede's work. Two analyses are performed on the data. First, a non‐parametric test is conducted to determine whether there are significant differences on the 13 IT security concerns when the dimensions of national culture are used to group responses. Second, a correlation analysis is carried out between the study's variables.
Findings
First, the results indicate that the dimensions of national culture are not statistically important in differentiating responses and perceptions of IT security concerns across GFSI. Second, some of the dimensions of national culture are found to have significant correlations with a few of the IT security concerns investigated.
Research limitations/implications
The use of a secondary data source introduces some limitations. The views captured in the survey are those of management team, it is likely that end‐users' perceptions may vary considerably. Nonetheless, the main finding of the paper for corporate managers in the financial services industry is that IT security concerns appear to be uniform across cultures. Further, the data show that the dimension of uncertainty avoidance deserves further attention with regard to the assessment of security concerns in GFSI. This information may be useful for decision making and planning purposes in the financial services industry.
Originality/value
This paper is believed to be among the first to examine the impacts of national culture on IT security concerns in GFSI. The paper's conclusions may offer useful insights to corporate managers in the industry.
Details
Keywords
Luis V. Casaló, Carlos Flavián and Miguel Guinalíu
The purpose of this research is to analyse the influence of perceived web site security and privacy, usability and reputation on consumer trust in the context of online banking…
Abstract
Purpose
The purpose of this research is to analyse the influence of perceived web site security and privacy, usability and reputation on consumer trust in the context of online banking. Moreover, the paper also aims to analyse the trust‐commitment relationship since commitment is a key variable for establishing successful long‐term relationships with customers.
Design/methodology/approach
The paper describes the positive effects of security and privacy, usability and reputation on consumer trust in a web site in the online banking context. Besides this, it also suggests that trust has a positive effect on consumer commitment. After the validation of measurement scales, the hypotheses are contrasted through structural modelling. Finally, the paper compares the hypothesised model with a rival one in order to test the mediating role of trust.
Findings
The data showed that web site security and privacy, usability and reputation have a direct and significant effect on consumer trust in a financial services web site. Besides this, consumer trust is positively related to relationship commitment. Finally, it is observed that trust is a key mediating factor in the development of relationship commitment in the online banking context.
Research implications/limitations
The high costs every company has to face in order to attract new customers make it increasingly necessary to reinforce the ties established with customers. In this respect, this research offers several alternatives for improving the levels of consumer trust and commitment in the context of online banking. The limitation is that data were collected to a web survey only of Spanish‐speaking subjects.
Originality/value
This study proposes a model for analysing empirically the link between security, privacy and trust, amongst others, in the online banking context.
Details
Keywords
Amy Wax, Raquel Asencio, Jeffrey R. Bentley and Catherine Warren
This study aims to explore psychological safety as a potential moderating mechanism for the relation between functional diversity and individual perceptions of learning, and…
Abstract
Purpose
This study aims to explore psychological safety as a potential moderating mechanism for the relation between functional diversity and individual perceptions of learning, and functional diversity and team performance in self-assembled teams.
Design/methodology/approach
To test these relationships, the authors conducted a cross-level, time-lagged, quasi-experiment, using a sample of 143 self-assembled teams. In one condition, participants formed into functionally diverse teams, and in another condition, participants formed functionally homogeneous teams.
Findings
Results suggest that functional diversity and psychological safety have an interactive effect on both individual learning and self-assembled team performance, albeit in different directions. Specifically, low psychological safety was more deleterious for individuals on functionally diverse teams than functionally homogeneous teams when it came to perceptions of learning, but the opposite was true when it came to team performance.
Originality/value
The results of this study indicate that it is critical to train team members on developing psychological safety, both in traditional and functionally diverse contexts.