Abstract

While antiphishing techniques have evolved over the years, phishing remains one of the most threatening attacks on current network security. This is because phishing exploits one of the weakest links in a network system—people. The purpose of this research is to predict the possible phishing victims. In this study, we propose the multidimensional phishing susceptibility prediction model (MPSPM) to implement the prediction of user phishing susceptibility. We constructed two types of emails: legitimate emails and phishing emails. We gathered 1105 volunteers to join our experiment by recruiting volunteers. We sent these emails to volunteers and collected their demographic, personality, knowledge experience, security behavior, and cognitive processes by means of a questionnaire. We then applied 7 supervised learning methods to classify these volunteers into two categories using multidimensional features: susceptible and nonsusceptible. The experimental results indicated that some machine learning methods have high accuracy in predicting user phishing susceptibility, with a maximum accuracy rate of 89.04%. We conclude our study with a discussion of our findings and their future implications.

Highlights

  • Phishing mainly uses social engineering and technical deception to obtain private user information. e most typical phishing attack lures the recipient to a phishing website that is carefully designed to closely resemble the target organization’s website and obtains sensitive personal information entered by the recipient [1]

  • Phishing activities peaked in October 2020, and 369254 phishing attacks occurred in January 2020 alone. e frequency of phishing attacks continues to grow, and the property securities of Internet users, businesses, and organizations remain at great risk

  • Studies report that Internet users perform poorly in distinguishing legitimate websites from phishing sites; users are unable to correctly identify phishing sites 40–80% of the time, and 70% of users are willing to transact with phishing sites [3]

Read more

Summary

Introduction

With the rapid development of the communication industry and Internet-related technologies, people are using the Internet more frequently, and online activities are increasing. While people enjoy the convenience brought by the Internet, phishing and other attacks are threatening their lives. E areas related to users’ property are the most affected by phishing attacks, which seriously affect the safety of people’s online transactions. Phishing attacks affect more than 40 million Internet users each year. According to an APWG (Antiphishing Working Group) report [2], 15208832 phishing websites and 103347 phishing emails were detected in 2020. E frequency of phishing attacks continues to grow, and the property securities of Internet users, businesses, and organizations remain at great risk. Studies report that Internet users perform poorly in distinguishing legitimate websites from phishing sites; users are unable to correctly identify phishing sites 40–80% of the time, and 70% of users are willing to transact with phishing sites [3]

Objectives
Methods
Results

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.