Skip to main content
SpringerLink
Log in

Investigating Mobile Instant Messaging Phishing: A Study into User Awareness and Preventive Measures

  • Conference paper
  • First Online:
HCI for Cybersecurity, Privacy and Trust (HCII 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14045))

Included in the following conference series:

  • 903 Accesses

Abstract

Users of mobile instant messaging (MIM) applications (apps) are increasingly targeted by phishing attacks. MIM apps often lack technical countermeasures for protecting users from phishing. Thus, users need to take preventive measures against phishing threats. Measures include awareness of the threat and the adoption of phishing preventive behaviours. This study adds to the literature by exploring these measures. Using an online survey, we collected data from 111 users of MIM apps and examined their awareness of the phishing attacks targeting them and the preventive measures they take. Previous studies showed that smartphone users exhibit poor security behaviour, which was mostly not the case in our sample, as we have found moderate awareness of phishing and the adoption of preventive measures by the participants. The results also showed several correlations between the participants’ adoption of preventive measures and their phishing self-efficacy, knowledge, and concern about phishing. These findings may be useful in developing user awareness strategies for combating phishing in MIM apps.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Statista. Number of mobile phone messaging app users worldwide from 2018 to 2022 (2021). https://www.statista.com/statistics/483255/number-of-mobile-messaging-users-worldwide/. Accessed 13 Apr 2021

  2. Cao, H., Chen, Z., Cheng, M., Zhao, S., Wang, T., Li, Y.: You recommend, I buy: how and why people engage in instant messaging based social commerce. Proc. ACM Hum.-Comput. Interact. 5(CSCW1), 1–25 (2021). https://doi.org/10.1145/3449141

    Article  Google Scholar 

  3. Ramamoorthi, L.S., Peko, G., Sundaram, D.: Information security attacks on mobile messaging applications: procedural and technological responses. In: 2020 International Conference on Computational Science and Computational Intelligence (CSCI), pp. 275–281 (2020). https://doi.org/10.1109/CSCI51800.2020.00053

  4. Kaspersky. “Phishing in messenger apps – what’s new?” (2021). https://www.kaspersky.com/about/press-releases/2021_phishing-in-messenger-apps-whats-new. Accessed 04 Jan 2022

  5. Stivala, G., Pellegrino, G.: Deceptive Previews: A Study of the Link Preview Trustworthiness in Social Platforms (2020)

    Google Scholar 

  6. Ahmad, R., Terzis, S.: Understanding phishing in mobile instant messaging: a study into user behaviour toward shared links. In: Clarke, N., Furnell, S. (eds.) HAISA 2022. IFIPAICT, vol. 658, pp. 197–206. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-12172-2_15

    Chapter  Google Scholar 

  7. Becher, M., Freiling, F.C., Hoffmann, J., Holz, T., Uellenbeck, S., Wolf, C.: Mobile security catching up? Revealing the nuts and bolts of the security of mobile devices. In: 2011 IEEE Symposium on Security and Privacy, pp. 96–111 (2011). https://doi.org/10.1109/SP.2011.29

  8. Parker, F., Ophoff, J., Van Belle, J.-P., Karia, R.: Security awareness and adoption of security controls by smartphone users. In: 2015 Second International Conference on Information Security and Cyber Forensics (InfoSec), pp. 99–104 (2015). https://doi.org/10.1109/InfoSec.2015.7435513

  9. Kim, D., Shin, D., Shin, D., Kim, Y.-H.: Attack detection application with attack tree for mobile system using log analysis. Mob. Netw. Appl. 24(1), 184–192 (2019)

    Article  Google Scholar 

  10. Khonji, M., Iraqi, Y., Jones, A.: Phishing detection: a literature survey. IEEE Commun. Surv. Tutor. 15(4), 2091–2121 (2013). https://doi.org/10.1109/SURV.2013.032213.00009

    Article  Google Scholar 

  11. Netcraft. “Phishing protection, in your favourite browse” (2020). https://netcraft.app/browser/. Accessed 15 Mar 2020

  12. Rao, R.S., Vaishnavi, T., Pais, A.R.: CatchPhish: detection of phishing websites by inspecting URLs. J. Ambient. Intell. Humaniz. Comput. 11(2), 813–825 (2019). https://doi.org/10.1007/s12652-019-01311-4

    Article  Google Scholar 

  13. Kumaraguru, P., Sheng, S., Acquisti, A., Cranor, L.F., Hong, J.: Teaching johnny not to fall for phish. ACM Trans. Internet Technol. (2010). https://doi.org/10.1145/1754393.1754396

  14. Kumaraguru, P.: PhishGuru: A System for Educating Users about Semantic Attacks. Carnegie Mellon University (2009)

    Google Scholar 

  15. Cain, A.A., Edwards, M.E., Still, J.D.: An exploratory study of cyber hygiene behaviors and knowledge. J. Inf. Secur. Appl. Appl. 42, 36–45 (2018). https://doi.org/10.1016/j.jisa.2018.08.002

    Article  Google Scholar 

  16. Shah, P., Agarwal, A.: Cybersecurity behaviour of smartphone users in India: an empirical analysis. Inf. Comput. Secur. 28(2), 293–318 (2020). https://doi.org/10.1108/ICS-04-2019-0041

    Article  Google Scholar 

  17. McCormac, A., Zwaans, T., Parsons, K., Calic, D., Butavicius, M., Pattinson, M.: Individual differences and information security awareness. Comput. Hum. Behav. 69, 151–156 (2017). https://doi.org/10.1016/j.chb.2016.11.065

    Article  Google Scholar 

  18. Whitty, M., Doodson, J., Creese, S., Hodges, D.: Individual differences in cyber security behaviors: an examination of who is sharing passwords. Cyberpsychol. Behav. Soc. Netw. 18(1), 3–7 (2015). https://doi.org/10.1089/cyber.2014.0179

    Article  Google Scholar 

  19. Merdenyan, B., Petrie, H.: Generational differences in password management behaviour. In: Proceedings of the 32nd International BCS Human Computer Interaction Conference 32, pp. 1–10 (2018)

    Google Scholar 

  20. Verkijika, S.F.: Understanding smartphone security behaviors: an extension of the protection motivation theory with anticipated regret. Comput. Secur. 77, 860–870 (2018). https://doi.org/10.1016/j.cose.2018.03.008

    Article  Google Scholar 

  21. Arachchilage, N.A.G., Love, S.: Security awareness of computer users: a phishing threat avoidance perspective. Comput. Hum. Behav. 38, 304–312 (2014)

    Article  Google Scholar 

  22. Verkijika, S.F.: ‘If you know what to do, will you take action to avoid mobile phishing attacks’: self-efficacy, anticipated regret, and gender. Comput. Hum. Behav. 101, 286–296 (2019). https://doi.org/10.1016/j.chb.2019.07.034

    Article  Google Scholar 

  23. Safa, N.S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N.A., Herawan, T.: Information security conscious care behaviour formation in organizations. Comput. Secur. 53, 65–78 (2015). https://doi.org/10.1016/j.cose.2015.05.012

    Article  Google Scholar 

  24. Torten, R., Reaiche, C., Boyle, S.: The impact of security awarness on information technology professionals’ behavior. Comput. Secur. 79, 68–79 (2018). https://doi.org/10.1016/j.cose.2018.08.007

    Article  Google Scholar 

  25. Reeder, R.W., Ion, I., Consolvo, S.: 152 simple steps to stay safe online: Security advice for non-tech-savvy users. IEEE Secur. Priv. 15(5), 55–64 (2017). https://doi.org/10.1109/MSP.2017.3681050

    Article  Google Scholar 

  26. Indiana University. “Phishing Education & Training” (2022). https://phishing.iu.edu/tips-and-strategies/index.html

  27. Dassanayake, D.: WhatsApp users warned not to trust fake Amazon anniversary free gift message (2021). https://www.express.co.uk/life-style/science-technology/1415675/WhatsApp-message-warning-Amazon-free-gift-scam. Accessed 15 Sept 2022

  28. Li, L., He, W., Xu, L., Ivan, A., Anwar, M., Yuan, X.: Does explicit information security policy affect employees’ cyber security behavior? A pilot study. In: 2014 Enterprise Systems Conference, pp. 169–173 (2014). https://doi.org/10.1109/ES.2014.66

  29. Liang, H., Xue, Y.L.: Understanding security behaviors in personal computer usage: a threat avoidance perspective. J. Assoc. Inf. Syst. 11(7), 1 (2010). https://doi.org/10.17705/1jais.00232

    Article  Google Scholar 

  30. Rashidi, Y., Vaniea, K., Camp, L.J.: Understanding Saudis’ privacy concerns when using WhatsApp. In: Proceedings of the Workshop on Usable Security (USEC 2016), pp. 1–8 (2016)

    Google Scholar 

  31. Jamieson, S.: Likert scales: how to (ab) use them? Med. Educ. 38(12), 1217–1218 (2004)

    Article  Google Scholar 

  32. Norman, G.: Likert scales, levels of measurement and the ‘laws’ of statistics. Adv. Heal. Sci. Educ. 15(5), 625–632 (2010)

    Article  Google Scholar 

  33. Boone, H.N., Boone, D.A.: Analyzing likert data. J. Ext. 50(2), 1–5 (2012)

    Google Scholar 

  34. Albakry, S., Vaniea, K., Wolters, M.K.: What is this URL’s destination? Empirical evaluation of users’ URL reading. In: Proceedings of the Conference on Human Factors in Computing Systems, pp. 1–12 (2020) https://doi.org/10.1145/3313831.3376168

  35. Cronbach, L.J.: Coefficient alpha and the internal structure of tests. Psychometrika 16(3), 297–334 (1951)

    Article  MATH  Google Scholar 

  36. Pallant, J.: SPSS Survival Manual: A Step by Step Guide to Data Analysis Using SPSS for Windows, 3rd edn. McGraw Hill Open University Press, New York (2007)

    Google Scholar 

  37. Aldaraani, N., Petrie, H., Shahandashti, S.F.: Online security attack experience and worries of young adults in the United Kingdom. In: Clarke, N., Furnell, S. (eds.) HAISA 2022, pp. 300–309. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-12172-2_24

    Chapter  Google Scholar 

Download references

Acknowledgment

This work is part of a PhD research sponsored by the Petroleum Technology Development Fund (PTDF)-Nigeria. There were no conflicts of interest in this study.

Author information

Authors and Affiliations

  1. Department of Computer and Information Sciences, University of Strathclyde, Glasgow, UK

    Rufai Ahmad, Sotirios Terzis & Karen Renaud

  2. Rhodes University, Makhanda, South Africa

    Karen Renaud

  3. University of South Africa, Pretoria, South Africa

    Karen Renaud

  4. Abertay University, Dundee, UK

    Karen Renaud

  5. Sokoto State University, Sokoto, Nigeria

    Rufai Ahmad

Authors
  1. Rufai Ahmad
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sotirios Terzis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Karen Renaud
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rufai Ahmad .

Editor information

Editors and Affiliations

  1. San Jose State University, San Jose, CA, USA

    Abbas Moallem

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ahmad, R., Terzis, S., Renaud, K. (2023). Investigating Mobile Instant Messaging Phishing: A Study into User Awareness and Preventive Measures. In: Moallem, A. (eds) HCI for Cybersecurity, Privacy and Trust. HCII 2023. Lecture Notes in Computer Science, vol 14045. Springer, Cham. https://doi.org/10.1007/978-3-031-35822-7_26

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-35822-7_26

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-35821-0

  • Online ISBN: 978-3-031-35822-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation