A Study on The Effectiveness of Education and Fear Appeal to Prevent Spear Phishing of Online Users
Date
2024-05-24
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
University of Washington
Abstract
Spear phishing attack is considered one of the most elaborate attacks in social engineering. It presupposes that an attacker designs a scam to obtain the personal information of specific users from their social media accounts. It involves a preliminary analysis of targeted users and their online behaviors needed to persuade them that a malicious link or attachment is sent by a trusted person. This attack implies that human beings are the weakest link within a security system; their vulnerabilities could be exploited. The most detrimental consequences following spear phishing attacks are financial losses, network compromises, loss of login credentials, and malware installation.
This quantitative study used Protective motivated theory (PMT) to examine the impact of education and fear appeals on users’ knowledge and abilities to identify spear phishing attacks. Three interventions were implemented: an educational intervention, a fear appeal intervention, and a combined educational-fear appeal intervention. The control group was used for comparison purposes. This study was conducted as an online experiment that was managed via the Qualtrics platform. It has 726 participants, and they were assigned randomly into four groups; after interventions, there was a spear phishing test to evaluate their knowledge and abilities to identify spear phishing attacks. The spear phishing test was administered to compare the efficacy of every intervention group (education, fear appeal and combined education and fear appeal) to the control group. The experiment findings revealed no statistically significant differences in the mean test for these four groups. The PMT finding revealed that the high effect of threat vulnerability, self-efficacy, and the low effect of cost response can enhance the participant’s knowledge of spear phishing attacks. The study results indicate further research is needed to develop an effective intervention program that would considerably enhance users’ knowledge of spear phishing attacks and their resilience to them.
Description
Keywords
Spear phishing, Education, Fear Appeal, Security Systems, Protective Motivated Theory