Understanding the human behavioural factors behind online learners’ susceptibility to phishing attacks

Shargawi, Ayman and Sime, Julie-Ann (2017) Understanding the human behavioural factors behind online learners’ susceptibility to phishing attacks. PhD thesis, Lancaster University.

[thumbnail of 2017shargawiphd]
PDF (2017shargawiphd)
2017shargawiphd.pdf - Published Version
Available under License Creative Commons Attribution-NoDerivs.

Download (4MB)


Phishing is an act of fraudulence to lure victims to respond to an illegitimate request for the sake of a financial or informational gain (Huang, Qian, and Wang, 2012). Phishing can jeopardize the security of online learning (e-Learning) systems. Phishing cannot be prevented by depending on technical controls alone (Proctor, Schultz and Vu, 2009). Effective Information Security Awareness is key to protecting against Phishing (Chen, Shaw and Yang, 2006). However, most information security awareness programs overlook human behavioural factors as a root cause of exploitation in Phishing (Proctor et al 2009, Anttila et al 2007). This research aims to better understand the human behavioural factors behind online learners’ susceptibility to Phishing attacks (Luo et al, 2013). Thus, literature review was conducted to identify and analyse the human behavioural factors exploited in Phishing attacks with relation to the online learners’ awareness needs. A conceptual framework called ‘Security Awareness Model for Phishing’ (SAMFP) has been developed based on the integration of Endsley’s Situation Awareness model (Endsley, 2015), the awareness delivery guidelines by Chen, Shaw and Yang (2006) and Poepjes’ (2012) Information Security Awareness and Capability Model (ISACM). SAMFP aims to improve information security awareness for online learners. Hence, data was gathered from 100 participants, experienced in learning online, who completed 5 activities: a pre-awareness (1st) assessment test, participating in the 1st awareness session and group discussions, an assessment (2nd) test, participating in the 2nd awareness session and group discussions and finally a post-awareness (3rd) assessment test. Data was analysed quantitatively with 18 hypotheses to validate the effectiveness of the SAMFP model. Following a design based research approach, the researcher was heavily engaged in the design, development and testing of the SAMFP model which included development of training materials, tutoring and assessment of learning outcomes against the research questions and objectives.

Item Type:
Thesis (PhD)
ID Code:
Deposited By:
Deposited On:
05 Jul 2018 09:32
Last Modified:
05 May 2024 23:18