Planned maintenance
A system upgrade is planned for 10/12-2024, at 12:00-13:00. During this time DiVA will be unavailable.
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Phishing: A qualitative study of users' e-mail classification process, and how it is influenced by the subjective knowledge
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science.
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science.
2022 (English)Independent thesis Basic level (degree of Bachelor), 12 credits / 18 HE creditsStudent thesis
Abstract [en]

Background. E-mail phishing is a type of social engineering where the threat actor sends e-mails with the intention to, for example, gain sensitive information or gain access to sensitive assets. Anyone can be a target of a phishing attempt, and any user that uses a digital environment should be aware of which factors to be attentive to in an e-mail.

Objectives. This thesis intends to study the practical ability to identify phishing e-mails among users and what factors they are looking for when performing the classification. The intention is also to investigate if subjective knowledge impacts practical ability.

Methods. A user study was conducted where the participants were to classify e-mails from an inbox as either phishing or legitimate. During the observation, the participants thought-out-loud for the authors of this thesis to hear their approach and which factors they noticed. A questionnaire also was conducted to capture the participants' knowledge, previous experience, and confidence in their classifications.

Results. The results show that the majority of the participants did not know what factors to look after, nor how to inspect them, to make a justified classification of an e-mail. Most participants made the classifications based on their gut feelings. Those participants who had any theoretical knowledge showed more confidence and identified more phishing attempts.

Conclusions. This thesis concluded that the participants lacked the required knowledge to identify phishing attempts. Further, it concludes that subjective knowledge leads to high confidence, which helps users make the correct classification. Therefore, this topic needs to be further enlightened to bring more awareness, and education needs to be conducted.

Place, publisher, year, edition, pages
2022. , p. 45
Keywords [en]
phishing, social engineering, security awareness, user study, data security
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:bth-23376OAI: oai:DiVA.org:bth-23376DiVA, id: diva2:1678314
External cooperation
Truesec
Subject / course
DV1583 Degree Project for Bachelor of Science in Engineering Computer Science
Educational program
Bachelor of Science in Engineering: Computer Security
Presentation
2022-05-31, J1640, Valhallavägen 1, Karlskrona, 10:15 (English)
Supervisors
Examiners
Available from: 2022-06-29 Created: 2022-06-29 Last updated: 2022-06-29Bibliographically approved

Open Access in DiVA

Phishing: A qualitative study of users’ e-mail classification process, and how it is influenced by the subjective knowledge(1022 kB)236 downloads
File information
File name FULLTEXT02.pdfFile size 1022 kBChecksum SHA-512
fb7fbb1e637a8879f170bb1db1fd284d162ca2a7c6557c605f7e3c9cadc194771a8d383c243855eb1fb0021e771056df2ff5977a8cc99e9977556a016389d0a2
Type fulltextMimetype application/pdf

By organisation
Department of Computer Science
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 236 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 783 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf