Abstract
Users of mobile instant messaging (MIM) applications (apps) are increasingly targeted by phishing attacks. MIM apps often lack technical countermeasures for protecting users from phishing. Thus, users need to take preventive measures against phishing threats. Measures include awareness of the threat and the adoption of phishing preventive behaviours. This study adds to the literature by exploring these measures. Using an online survey, we collected data from 111 users of MIM apps and examined their awareness of the phishing attacks targeting them and the preventive measures they take. Previous studies showed that smartphone users exhibit poor security behaviour, which was mostly not the case in our sample, as we have found moderate awareness of phishing and the adoption of preventive measures by the participants. The results also showed several correlations between the participants’ adoption of preventive measures and their phishing self-efficacy, knowledge, and concern about phishing. These findings may be useful in developing user awareness strategies for combating phishing in MIM apps.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Statista. Number of mobile phone messaging app users worldwide from 2018 to 2022 (2021). https://www.statista.com/statistics/483255/number-of-mobile-messaging-users-worldwide/. Accessed 13 Apr 2021
Cao, H., Chen, Z., Cheng, M., Zhao, S., Wang, T., Li, Y.: You recommend, I buy: how and why people engage in instant messaging based social commerce. Proc. ACM Hum.-Comput. Interact. 5(CSCW1), 1–25 (2021). https://doi.org/10.1145/3449141
Ramamoorthi, L.S., Peko, G., Sundaram, D.: Information security attacks on mobile messaging applications: procedural and technological responses. In: 2020 International Conference on Computational Science and Computational Intelligence (CSCI), pp. 275–281 (2020). https://doi.org/10.1109/CSCI51800.2020.00053
Kaspersky. “Phishing in messenger apps – what’s new?” (2021). https://www.kaspersky.com/about/press-releases/2021_phishing-in-messenger-apps-whats-new. Accessed 04 Jan 2022
Stivala, G., Pellegrino, G.: Deceptive Previews: A Study of the Link Preview Trustworthiness in Social Platforms (2020)
Ahmad, R., Terzis, S.: Understanding phishing in mobile instant messaging: a study into user behaviour toward shared links. In: Clarke, N., Furnell, S. (eds.) HAISA 2022. IFIPAICT, vol. 658, pp. 197–206. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-12172-2_15
Becher, M., Freiling, F.C., Hoffmann, J., Holz, T., Uellenbeck, S., Wolf, C.: Mobile security catching up? Revealing the nuts and bolts of the security of mobile devices. In: 2011 IEEE Symposium on Security and Privacy, pp. 96–111 (2011). https://doi.org/10.1109/SP.2011.29
Parker, F., Ophoff, J., Van Belle, J.-P., Karia, R.: Security awareness and adoption of security controls by smartphone users. In: 2015 Second International Conference on Information Security and Cyber Forensics (InfoSec), pp. 99–104 (2015). https://doi.org/10.1109/InfoSec.2015.7435513
Kim, D., Shin, D., Shin, D., Kim, Y.-H.: Attack detection application with attack tree for mobile system using log analysis. Mob. Netw. Appl. 24(1), 184–192 (2019)
Khonji, M., Iraqi, Y., Jones, A.: Phishing detection: a literature survey. IEEE Commun. Surv. Tutor. 15(4), 2091–2121 (2013). https://doi.org/10.1109/SURV.2013.032213.00009
Netcraft. “Phishing protection, in your favourite browse” (2020). https://netcraft.app/browser/. Accessed 15 Mar 2020
Rao, R.S., Vaishnavi, T., Pais, A.R.: CatchPhish: detection of phishing websites by inspecting URLs. J. Ambient. Intell. Humaniz. Comput. 11(2), 813–825 (2019). https://doi.org/10.1007/s12652-019-01311-4
Kumaraguru, P., Sheng, S., Acquisti, A., Cranor, L.F., Hong, J.: Teaching johnny not to fall for phish. ACM Trans. Internet Technol. (2010). https://doi.org/10.1145/1754393.1754396
Kumaraguru, P.: PhishGuru: A System for Educating Users about Semantic Attacks. Carnegie Mellon University (2009)
Cain, A.A., Edwards, M.E., Still, J.D.: An exploratory study of cyber hygiene behaviors and knowledge. J. Inf. Secur. Appl. Appl. 42, 36–45 (2018). https://doi.org/10.1016/j.jisa.2018.08.002
Shah, P., Agarwal, A.: Cybersecurity behaviour of smartphone users in India: an empirical analysis. Inf. Comput. Secur. 28(2), 293–318 (2020). https://doi.org/10.1108/ICS-04-2019-0041
McCormac, A., Zwaans, T., Parsons, K., Calic, D., Butavicius, M., Pattinson, M.: Individual differences and information security awareness. Comput. Hum. Behav. 69, 151–156 (2017). https://doi.org/10.1016/j.chb.2016.11.065
Whitty, M., Doodson, J., Creese, S., Hodges, D.: Individual differences in cyber security behaviors: an examination of who is sharing passwords. Cyberpsychol. Behav. Soc. Netw. 18(1), 3–7 (2015). https://doi.org/10.1089/cyber.2014.0179
Merdenyan, B., Petrie, H.: Generational differences in password management behaviour. In: Proceedings of the 32nd International BCS Human Computer Interaction Conference 32, pp. 1–10 (2018)
Verkijika, S.F.: Understanding smartphone security behaviors: an extension of the protection motivation theory with anticipated regret. Comput. Secur. 77, 860–870 (2018). https://doi.org/10.1016/j.cose.2018.03.008
Arachchilage, N.A.G., Love, S.: Security awareness of computer users: a phishing threat avoidance perspective. Comput. Hum. Behav. 38, 304–312 (2014)
Verkijika, S.F.: ‘If you know what to do, will you take action to avoid mobile phishing attacks’: self-efficacy, anticipated regret, and gender. Comput. Hum. Behav. 101, 286–296 (2019). https://doi.org/10.1016/j.chb.2019.07.034
Safa, N.S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N.A., Herawan, T.: Information security conscious care behaviour formation in organizations. Comput. Secur. 53, 65–78 (2015). https://doi.org/10.1016/j.cose.2015.05.012
Torten, R., Reaiche, C., Boyle, S.: The impact of security awarness on information technology professionals’ behavior. Comput. Secur. 79, 68–79 (2018). https://doi.org/10.1016/j.cose.2018.08.007
Reeder, R.W., Ion, I., Consolvo, S.: 152 simple steps to stay safe online: Security advice for non-tech-savvy users. IEEE Secur. Priv. 15(5), 55–64 (2017). https://doi.org/10.1109/MSP.2017.3681050
Indiana University. “Phishing Education & Training” (2022). https://phishing.iu.edu/tips-and-strategies/index.html
Dassanayake, D.: WhatsApp users warned not to trust fake Amazon anniversary free gift message (2021). https://www.express.co.uk/life-style/science-technology/1415675/WhatsApp-message-warning-Amazon-free-gift-scam. Accessed 15 Sept 2022
Li, L., He, W., Xu, L., Ivan, A., Anwar, M., Yuan, X.: Does explicit information security policy affect employees’ cyber security behavior? A pilot study. In: 2014 Enterprise Systems Conference, pp. 169–173 (2014). https://doi.org/10.1109/ES.2014.66
Liang, H., Xue, Y.L.: Understanding security behaviors in personal computer usage: a threat avoidance perspective. J. Assoc. Inf. Syst. 11(7), 1 (2010). https://doi.org/10.17705/1jais.00232
Rashidi, Y., Vaniea, K., Camp, L.J.: Understanding Saudis’ privacy concerns when using WhatsApp. In: Proceedings of the Workshop on Usable Security (USEC 2016), pp. 1–8 (2016)
Jamieson, S.: Likert scales: how to (ab) use them? Med. Educ. 38(12), 1217–1218 (2004)
Norman, G.: Likert scales, levels of measurement and the ‘laws’ of statistics. Adv. Heal. Sci. Educ. 15(5), 625–632 (2010)
Boone, H.N., Boone, D.A.: Analyzing likert data. J. Ext. 50(2), 1–5 (2012)
Albakry, S., Vaniea, K., Wolters, M.K.: What is this URL’s destination? Empirical evaluation of users’ URL reading. In: Proceedings of the Conference on Human Factors in Computing Systems, pp. 1–12 (2020) https://doi.org/10.1145/3313831.3376168
Cronbach, L.J.: Coefficient alpha and the internal structure of tests. Psychometrika 16(3), 297–334 (1951)
Pallant, J.: SPSS Survival Manual: A Step by Step Guide to Data Analysis Using SPSS for Windows, 3rd edn. McGraw Hill Open University Press, New York (2007)
Aldaraani, N., Petrie, H., Shahandashti, S.F.: Online security attack experience and worries of young adults in the United Kingdom. In: Clarke, N., Furnell, S. (eds.) HAISA 2022, pp. 300–309. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-12172-2_24
Acknowledgment
This work is part of a PhD research sponsored by the Petroleum Technology Development Fund (PTDF)-Nigeria. There were no conflicts of interest in this study.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Ahmad, R., Terzis, S., Renaud, K. (2023). Investigating Mobile Instant Messaging Phishing: A Study into User Awareness and Preventive Measures. In: Moallem, A. (eds) HCI for Cybersecurity, Privacy and Trust. HCII 2023. Lecture Notes in Computer Science, vol 14045. Springer, Cham. https://doi.org/10.1007/978-3-031-35822-7_26
Download citation
DOI: https://doi.org/10.1007/978-3-031-35822-7_26
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-35821-0
Online ISBN: 978-3-031-35822-7
eBook Packages: Computer ScienceComputer Science (R0)