RESUMEN

Cybersecurity continues to be an important concern for financial institutions given the technology's rapid development and increasing adoption of digital services. Effective safety measures must be adopted to safeguard sensitive financial data and protect clients from potential harm due to the rise in cyber threats that target digital organizations. The aim of this study is to investigates how machine learning algorithms are integrated into cyber security measures in the context of digital banking and its benefits and drawbacks. We initially provide a general overview of digital banks and the particular security concerns that differentiate them from conventional banks. Then, we explore the value of machine learning in strengthening cybersecurity defenses. We revealed that insider threats, distributed denial of service (DDoS) assaults, ransomware, phishing attacks, and social engineering are main cyberthreats that are digital banks exposed. We identify the appropriate machine learning algorithms such as support vector machines (SVM), recurrent neural networks (RNN), hidden markov models (HMM), and local outlier factor (LOF) that are used for detection and prevention cyberthreats. In addition, we provide a model that considers ethical concerns while constructing a cybersecurity framework to address potential vulnerabilities in digital banking systems. The advantages and disadvantages of incorporating machine learning into the cybersecurity strategy of digital banks are outlined using strengths, weaknesses, opportunities, threats (SWOT) analysis. This study seeks to provide a thorough knowledge of how machine learning may strengthen cybersecurity procedures, protect digital banks, and maintain customer trust in the ecosystem of digital banking.

RESUMEN

With technological advancements, financial exploitation tactics have expanded into the online realm. Older adults may be particularly susceptible to online scams due to age- and Alzheimer's disease-related changes in cognition. In this study, 182 adults ranging from 18 to 90 years underwent cognitive assessment, genotyping for apolipoprotein E e4 (APOE4), and completed the lab-based Short Phishing Email Suspicion Test (S-PEST) as well as the real-life PHishing Internet Task (PHIT). Across both paradigms, older age predicted heightened susceptibility to phishing, with this enhanced susceptibility pronounced among older APOE4 allele carriers with lower working memory. Additionally, performance in both phishing tasks was correlated in that reduced ability to discriminate between phishing and safe emails in S-PEST predicted greater phishing susceptibility in PHIT. The current study identifies older age, APOE4, and lower cognition as risk factors for phishing vulnerability and introduces S-PEST as an easy-to-administer, ecologically valid tool for assessing phishing susceptibility.

RESUMEN

The advent of Internet technologies has resulted in the proliferation of electronic trading and the use of the Internet for electronic transactions, leading to a rise in unauthorized access to sensitive user information and the depletion of resources for enterprises. As a consequence, there has been a marked increase in phishing, which is now considered one of the most common types of online theft. Phishing attacks are typically directed towards obtaining confidential information, such as login credentials for online banking platforms and sensitive systems. The primary objective of such attacks is to acquire specific personal information to either use for financial gain or commit identity theft. Recent studies have been conducted to combat phishing attacks by examining domain characteristics such as website addresses, content on websites, and combinations of both approaches for the website and its source code. However, businesses require more effective anti-phishing technologies to identify phishing URLs and safeguard their users. The present research aims to evaluate the effectiveness of eight machine learning (ML) and deep learning (DL) algorithms, including support vector machine (SVM), k-nearest neighbors (KNN), random forest (RF), Decision Tree (DT), Extreme Gradient Boosting (XGBoost), logistic regression (LR), convolutional neural network (CNN), and DL model and assess their performances in identifying phishing. This study utilizes two real datasets, Mendeley and UCI, employing performance metrics such as accuracy, precision, recall, false positive rate (FPR), and F-1 score. Notably, CNN exhibits superior accuracy, emphasizing its efficacy. Contributions include using purpose-specific datasets, meticulous feature engineering, introducing SMOTE for class imbalance, incorporating the novel CNN model, and rigorous hyperparameter tuning. The study demonstrates consistent model performance across both datasets, highlighting stability and reliability.

RESUMEN

PURPOSE: Radiology faculty across various specialties have been reported to receive an average of 20.7 invitations to submit manuscripts to bogus journals and 4.1 invitations to speak at unsuitable events over a two-week span. Radiology trainees also receive a fair number of unsolicited invitations from unknown senders to submit manuscripts and speak at meetings. Trainees can be more vulnerable to predatory invitations due to potential naivety. We aimed to determine the prevalence of these spam invitations received by radiology trainees. MATERIAL AND METHODS: The designed survey for evaluating the experience of radiology trainees regarding phishing scams of predatory publications and conferences was sent to radiology residency and neuroradiology fellowship program leadership to redistribute amongst their trainees, and was advertised on social media platforms. The survey was first sent out on September 28, 2023, and was closed two weeks later October 12, 2023. Spearman's correlation, univariable and multivariable linear regression analyses were performed. RESULTS: Our study included 151 respondents who completed the survey. Of the survey respondents, 53 % reported receiving unsolicited emails from predatory publications (mean = 6.76 ± 7.29), and 32 % reported receiving emails from fraudulent conferences (mean = 5.61 ± 5.77). Significant positive correlation was observed between number of unsolicited email invitations with number of PubMed indexed publications, number as corresponding author, number in open access journals and number of abstract presentations. CONCLUSIONS: Trainees in radiology receive many unsolicited invitations to publish papers as well as to present at meetings that are not accredited. This could lead to wasted time and financial resources for unsuspecting trainees.

Asunto(s)

RESUMEN

The rapid advancement of blockchain technology has fueled the prosperity of the cryptocurrency market. Unfortunately, it has also facilitated certain criminal activities, particularly the increasing issue of phishing scams on blockchain platforms such as Ethereum. Consequently, developing an efficient phishing detection system is critical for ensuring the security and reliability of cryptocurrency transactions. However, existing methods have shortcomings in dealing with sample imbalance and effective feature extraction. To address these issues, this study proposes an Ethereum phishing scam detection method based on DA-HGNN (Data Augmentation Method and Hybrid Graph Neural Network Model), validated by real Ethereum datasets to prove its effectiveness. Initially, basic node features consisting of 11 attributes were designed. This study applied a sliding window sampling method based on node transactions for data augmentation. Since phishing nodes often initiate numerous transactions, the augmented samples tended to balance. Subsequently, the Temporal Features Extraction Module employed Conv1D (One-Dimensional Convolutional neural network) and GRU-MHA (GRU-Multi-Head Attention) models to uncover intrinsic relationships between features from the time sequences and to mine adequate local features, culminating in the extraction of temporal features. The GAE (Graph Autoencoder) concept was then leveraged, with SAGEConv (Graph SAGE Convolution) as the encoder. In the SAGEConv reconstruction module, by reconstructing the relationships between transaction graph nodes, the structural features of the nodes were learned, obtaining reconstructed node embedding representations. Ultimately, phishing fraud nodes were further identified by integrating temporal features, basic features, and embedding representations. A real Ethereum dataset was collected for evaluation, and the DA-HGNN model achieved an AUC-ROC (Area Under the Receiver Operating Characteristic Curve) of 0.994, a Recall of 0.995, and an F1-score of 0.994, outperforming existing methods and baseline models.

RESUMEN

This study investigated the roles of phishing knowledge, cue utilization, and decision styles in contributing to phishing email detection. Participants (N = 145) completed an online email sorting task, and measures of phishing knowledge, email decision styles, cue utilization, and email security awareness. Cue utilization was the only factor that uniquely predicted the capacity to discriminate phishing from genuine emails. Phishing knowledge was associated with greater phishing detection and a bias towards classifying all emails as phishing. A preference for intuitive decision making predicted lower detection of phishing emails, driven by a greater tendency to classify emails as genuine. These findings support the proposition that cue utilization is a distinct cognitive process that enables expert performance. The outcomes indicate that, in addition to increasing phishing knowledge and developing safe behavioral patterns, anti-phishing training needs to provide opportunities for trainees to develop meaningful cue associations.

Asunto(s)

RESUMEN

Phishing is one of the most dangerous attacks targeting individuals, organizations, and nations. Although many traditional methods for email phishing detection exist, there is a need to improve accuracy and reduce false-positive rates. Our work investigates one-dimensional CNN-based models (1D-CNNPD) to detect phishing emails in order to address these challenges. Additionally, further improvement is achieved with the augmentation of the base 1D-CNNPD model with recurrent layers, namely, LSTM, Bi-LSTM, GRU, and Bi-GRU, and experimented with the four resulting models. Two benchmark datasets were used to evaluate the performance of our models: Phishing Corpus and Spam Assassin. Our results indicate that, in general, the augmentations improve the performance of the 1D-CNNPD base model. Specifically, the 1D-CNNPD with Bi-GRU yields the best results. Overall, the performance of our models is comparable to the state of the art of CNN-based phishing email detection. The Advanced 1D-CNNPD with Leaky ReLU and Bi-GRU achieved 100% precision, 99.68% accuracy, an F1 score of 99.66%, and a recall of 99.32%. We observe that increasing model depth typically leads to an initial performance improvement, succeeded by a decline. In conclusion, this study highlights the effectiveness of augmented 1D-CNNPD models in detecting phishing emails with improved accuracy. The reported performance measure values indicate the potential of these models in advancing the implementation of cybersecurity solutions to combat email phishing attacks.

RESUMEN

Information technology is one of the most rapidly growing technologies globally. Over the last decade, its usage in healthcare has been remarkable. Over the last decade, its usage in healthcare has been remarkable. The study examines the impact of various factors as barriers to adopting the information system in healthcare. These factors are categorized into three major types: external attacks, which include phishing attacks and ransomware; employee factors, including lack of skills and the issue of information misuse; and technological factors, including complexity and vulnerability. The findings show that external attacks and technological factors are the main barriers to adopting information systems, while employee factors have no significant impact on the adoption of information systems in the healthcare industry of Pakistan. The study provides implications for healthcare policy makers, professionals and organziations regarding the successful adoption of health information system.

RESUMEN

Malicious uniform resource locators (URLs) are prevalent in cyberattacks, particularly in phishing attempts aimed at stealing sensitive information or distributing malware. Therefore, it is of paramount importance to accurately detect malicious URLs. Prior research has explored the use of deep-learning models to identify malicious URLs, using the segmentation of URL strings into character-level or word-level tokens, and embedding and employing trained models to differentiate between URLs. In this study, a bidirectional encoder representation from a transformers-based (BERT) model was devised to tokenize URL strings, employing its self-attention mechanism to enhance the understanding of correlations among tokens. Subsequently, a classifier was employed to determine whether a given URL was malicious. In evaluating the proposed methods, three different types of public datasets were utilized: a dataset consisting solely of URL strings from Kaggle, a dataset containing only URL features from GitHub, and a dataset including both types of data from the University of New Brunswick, namely, ISCX 2016. The proposed system achieved accuracy rates of 98.78%, 96.71%, and 99.98% on the three datasets, respectively. Additionally, experiments were conducted on two datasets from different domains-the Internet of Things (IoT) and Domain Name System over HTTPS (DoH)-to demonstrate the versatility of the proposed model.

RESUMEN

Phishing attacks are evolving with more sophisticated techniques, posing significant threats. Considering the potential of machine-learning-based approaches, our research presents a similar modern approach for web phishing detection by applying powerful machine learning algorithms. An efficient layered classification model is proposed to detect websites based on their URL structure, text, and image features. Previously, similar studies have used machine learning techniques for URL features with a limited dataset. In our research, we have used a large dataset of 20,000 website URLs, and 22 salient features from each URL are extracted to prepare a comprehensive dataset. Along with this, another dataset containing website text is also prepared for NLP-based text evaluation. It is seen that many phishing websites contain text as images, and to handle this, the text from images is extracted to classify it as spam or legitimate. The experimental evaluation demonstrated efficient and accurate phishing detection. Our layered classification model uses support vector machine (SVM), XGBoost, random forest, multilayer perceptron, linear regression, decision tree, naïve Bayes, and SVC algorithms. The performance evaluation revealed that the XGBoost algorithm outperformed other applied models with maximum accuracy and precision of 94% in the training phase and 91% in the testing phase. Multilayer perceptron also worked well with an accuracy of 91% in the testing phase. The accuracy results for random forest and decision tree were 91% and 90%, respectively. Logistic regression and SVM algorithms were used in the text-based classification, and the accuracy was found to be 87% and 88%, respectively. With these precision values, the models classified phishing and legitimate websites very well, based on URL, text, and image features. This research contributes to early detection of sophisticated phishing attacks, enhancing internet user security.

RESUMEN

Internet of Things (IoT) enables day-to-day objects to connect with the Internet and transmit and receive data for meaningful purposes. Recently, IoT has resulted in many revolutions in all sectors. Nonetheless, security risks to IoT networks and devices are persistently disruptive due to the growth of Internet technology. Phishing becomes a common threat to Internet users, where the attacker aims to fraudulently extract confidential data of the system or user by using websites, fictitious emails, etc. Due to the dramatic growth in IoT devices, hackers target IoT gadgets, including smart cars, security cameras, and so on, and perpetrate phishing attacks to gain control over the vulnerable device for malicious purposes. These scams have been increasing and advancing over the last few years. To resolve these problems, this paper presents a binary Hunter-prey optimization with a machine learning-based phishing attack detection (BHPO-MLPAD) method in the IoT environment. The BHPO-MLPAD technique can find phishing attacks through feature selection and classification. In the presented BHPO-MLPAD technique, the BHPO algorithm primarily chooses an optimal subset of features. The cascaded forward neural network (CFNN) model is employed for phishing attack detection. To adjust the parameter values of the CFNN model, the variable step fruit fly optimization (VFFO) algorithm is utilized. The performance assessment of the BHPO-MLPAD method takes place on the benchmark dataset. The results inferred the betterment of the BHPO-MLPAD technique over compared approaches in different evaluation measures.

RESUMEN

Uniform Resource Locator (URL) is a unique identifier composed of protocol and domain name used to locate and retrieve a resource on the Internet. Like any Internet service, URLs (also called websites) are vulnerable to compromise by attackers to develop Malicious URLs that can exploit/devastate the user's information and resources. Malicious URLs are usually designed with the intention of promoting cyber-attacks such as spam, phishing, malware, and defacement. These websites usually require action on the user's side and can reach users across emails, text messages, pop-ups, or devious advertisements. They have a potential impact that can reach, in some cases, to compromise the machine or network of the user, especially those arriving by email. Therefore, developing systems to detect malicious URLs is of great interest nowadays. This paper proposes a high-performance machine learning-based detection system to identify Malicious URLs. The proposed system provides two layers of detection. Firstly, we identify the URLs as either benign or malware using a binary classifier. Secondly, we classify the URL classes based on their feature into five classes: benign, spam, phishing, malware, and defacement. Specifically, we report on four ensemble learning approaches, viz. the ensemble of bagging trees (En_Bag) approach, the ensemble of k-nearest neighbor (En_kNN) approach, and the ensemble of boosted decision trees (En_Bos) approach, and the ensemble of subspace discriminator (En_Dsc) approach. The developed approaches have been evaluated on an inclusive and contemporary dataset for uniform resource locators (ISCX-URL2016). ISCX-URL2016 provides a lightweight dataset for detecting and categorizing malicious URLs according to their attack type and lexical analysis. Conventional machine learning evaluation measurements are used to evaluate the detection accuracy, precision, recall, F Score, and detection time. Our experiential assessment indicates that the ensemble of bagging trees (En_Bag) approach provides better performance rates than other ensemble methods. Alternatively, the ensemble of the k-nearest neighbor (En_kNN) approach provides the highest inference speed. We also contrast our En_Bag model with state-of-the-art solutions and show its superiority in binary classification and multi-classification with accuracy rates of 99.3% and 97.92%, respectively.

RESUMEN

Internet scams are fraudulent attempts aim to lure computer users to reveal their credentials or redirect their connections to spoofed webpages rather than the actual ones. Users' confidential information, such as usernames, passwords, and financial account numbers, is the main target of these fraudulent attempts. Internet scammers often use phishing attacks, which have no boundaries, since they could exceed hijacking conventional cyber ecosystems to hack intelligent systems, which emerged recently for the use within smart cities. This paper therefore develops a real-time framework inspired by the honeybee defense mechanism in nature for filtering phishing website attacks in smart cities. In particular, the proposed framework filters phishing websites through three main phases of investigation: PhishTank-Match (PM), Undesirable-Absent (UA), and Desirable-Present (DP) investigation phases. The PM phase is used at first in order to check whether the requested URL is listed in the blacklist of the PhishTank database. On the other hand, the UA phase is used for investigation and checking for the absence of undesirable symbols in uniform resource locators (URLs) of the requested website. Finally, the DP phase is used as another level of investigation in order to check for the presence of the requested URL in the desirable whitelist. The obtained results show that the proposed framework is deployable and capable of filtering various types of phishing website by maintaining a low rate of false alarms.

RESUMEN

The use of artificial intelligence (AI) to detect phishing emails is primarily dependent on large-scale centralized datasets, which has opened it up to a myriad of privacy, trust, and legal issues. Moreover, organizations have been loath to share emails, given the risk of leaking commercially sensitive information. Consequently, it has been difficult to obtain sufficient emails to train a global AI model efficiently. Accordingly, privacy-preserving distributed and collaborative machine learning, particularly federated learning (FL), is a desideratum. As it is already prevalent in the healthcare sector, questions remain regarding the effectiveness and efficacy of FL-based phishing detection within the context of multi-organization collaborations. To the best of our knowledge, the work herein was the first to investigate the use of FL in phishing email detection. This study focused on building upon a deep neural network model, particularly recurrent convolutional neural network (RNN) and bidirectional encoder representations from transformers (BERT), for phishing email detection. We analyzed the FL-entangled learning performance in various settings, including (i) a balanced and asymmetrical data distribution among organizations and (ii) scalability. Our results corroborated the comparable performance statistics of FL in phishing email detection to centralized learning for balanced datasets and low organizational counts. Moreover, we observed a variation in performance when increasing the organizational counts. For a fixed total email dataset, the global RNN-based model had a 1.8% accuracy decrease when the organizational counts were increased from 2 to 10. In contrast, BERT accuracy increased by 0.6% when increasing organizational counts from 2 to 5. However, if we increased the overall email dataset by introducing new organizations in the FL framework, the organizational level performance improved by achieving a faster convergence speed. In addition, FL suffered in its overall global model performance due to highly unstable outputs if the email dataset distribution was highly asymmetric.

RESUMEN

Organizations and individuals worldwide are becoming increasingly vulnerable to cyberattacks as phishing continues to grow and the number of phishing websites grows. As a result, improved cyber defense necessitates more effective phishing detection (PD). In this paper, we introduce a novel method for detecting phishing sites with high accuracy. Our approach utilizes a Convolution Neural Network (CNN)-based model for precise classification that effectively distinguishes legitimate websites from phishing websites. We evaluate the performance of our model on the PhishTank dataset, which is a widely used dataset for detecting phishing websites based solely on Uniform Resource Locators (URL) features. Our approach presents a unique contribution to the field of phishing detection by achieving high accuracy rates and outperforming previous state-of-the-art models. Experiment results revealed that our proposed method performs well in terms of accuracy and its false-positive rate. We created a real data set by crawling 10,000 phishing URLs from PhishTank and 10,000 legitimate websites and then ran experiments using standard evaluation metrics on the data sets. This approach is founded on integrated and deep learning (DL). The CNN-based model can distinguish phishing websites from legitimate websites with a high degree of accuracy. When binary-categorical loss and the Adam optimizer are used, the accuracy of the k-nearest neighbors (KNN), Natural Language Processing (NLP), Recurrent Neural Network (RNN), and Random Forest (RF) models is 87%, 97.98%, 97.4% and 94.26%, respectively, in contrast to previous publications. Our model outperformed previous works due to several factors, including the use of more layers and larger training sizes, and the extraction of additional features from the PhishTank dataset. Specifically, our proposed model comprises seven layers, starting with the input layer and progressing to the seventh, which incorporates a layer with pooling, convolutional, linear 1 and 2, and linear six layers as the output layers. These design choices contribute to the high accuracy of our model, which achieved a 98.77% accuracy rate.

RESUMEN

Cybersecurity has seen an increasing frequency and impact of cyberattacks and exposure of Protected Health Information (PHI). The uptake of an Electronic Medical Record (EMR), the exponential adoption of Internet of Things (IoT) devices, and the impact of the COVID-19 pandemic has increased the threat surface presented for cyberattack by the healthcare sector. Within healthcare generally and, more specifically, within anaesthesia and Intensive Care, there has been an explosion in wired and wireless devices used daily in the care of almost every patient-the Internet of Medical Things (IoMT); ventilators, anaesthetic machines, infusion pumps, pacing devices, organ support and a plethora of monitoring modalities. All of these devices, once connected to a hospital network, present another opportunity for a malevolent party to access the hospital systems, either to gain PHI for financial, political or other gain or to attack the systems directly to cause erroneous monitoring, altered settings of any device and even to access the EMR via this IoMT window. This exponential increase in the IoMT and the increasing wireless connectivity of anaesthesia and ICU devices as well as implantable devices presents a real and present danger to patient safety. There has, at the same time, been a chronic underfunding of cybersecurity in healthcare. This lack of cybersecurity investment has left the sector exposed, and with the monetisation of PHI, the introduction of technically unsecure IoT devices for monitoring and direct patient care, the healthcare sector is presenting itself for further devastating cyberattacks or breaches of PHI. Coupled with the immense strain that the COVID-19 pandemic has placed on healthcare and the changes in working patterns of many caregivers, this has further amplified the exposure of the sector to cyberattacks.

Asunto(s)

RESUMEN

In today's digitalized era, the world wide web services are a vital aspect of each individual's daily life and are accessible to the users via uniform resource locators (URLs). Cybercriminals constantly adapt to new security technologies and use URLs to exploit vulnerabilities for illicit benefits such as stealing users' personal and sensitive data, which can lead to financial loss, discredit, ransomware, or the spread of malicious infections and catastrophic cyber-attacks such as phishing attacks. Phishing attacks are being recognized as the leading source of data breaches and the most prevalent deceitful scam of cyber-attacks. Artificial intelligence (AI)-based techniques such as machine learning (ML) and deep learning (DL) have proven to be infallible in detecting phishing attacks. Nevertheless, sequential ML can be time intensive and not highly efficient in real-time detection. It can also be incapable of handling vast amounts of data. However, utilizing parallel computing techniques in ML can help build precise, robust, and effective models for detecting phishing attacks with less computation time. Therefore, in this proposed study, we utilized various multiprocessing and multithreading techniques in Python to train ML and DL models. The dataset used comprised 54 K records for training and 12 K for testing. Five experiments were carried out, the first one based on sequential execution followed by the next four based on parallel execution techniques (threading using Python parallel backend, threading using Python parallel backend and number of jobs, threading manually, and multiprocessing using Python parallel backend). Four models, namely, random forest (RF), naïve bayes (NB), convolutional neural network (CNN), and long short-term memory (LSTM) were deployed to carry out the experiments. Overall, the experiments yielded excellent results and speedup. Lastly, to consolidate, a comprehensive comparative analysis was performed.

RESUMEN

In Machine Learning, the datasets used to build models are one of the main factors limiting what these models can achieve and how good their predictive performance is. Machine Learning applications for cyber-security or computer security are numerous including cyber threat mitigation and security infrastructure enhancement through pattern recognition, real-time attack detection, and in-depth penetration testing. Therefore, for these applications in particular, the datasets used to build the models must be carefully thought to be representative of real-world data. However, because of the scarcity of labelled data and the cost of manually labelling positive examples, there is a growing corpus of literature utilizing Semi-Supervised Learning with cyber-security data repositories. In this work, we provide a comprehensive overview of publicly available data repositories and datasets used for building computer security or cyber-security systems based on Semi-Supervised Learning, where only a few labels are necessary or available for building strong models. We highlight the strengths and limitations of the data repositories and sets and provide an analysis of the performance assessment metrics used to evaluate the built models. Finally, we discuss open challenges and provide future research directions for using cyber-security datasets and evaluating models built upon them.

RESUMEN

To design preventive policy measures for email phishing, it is helpful to be aware of the phishing schemes and trends that are currently applied. How phishing schemes and patterns emerge and adapt is an ongoing field of study. Existing phishing works already reveal a rich set of phishing schemes, patterns, and trends that provide insight into the mechanisms used. However, there seems to be limited knowledge about how email phishing is affected in periods of social disturbance, such as COVID-19 in which phishing numbers have quadrupled. Therefore, we investigate how the COVID-19 pandemic influences the phishing emails sent during the first year of the pandemic. The email content (header data and html body, excl. attachments) is evaluated to assess how the pandemic influences the topics of phishing emails over time (peaks and trends), whether email campaigns correlate with momentous events and trends of the COVID-19 pandemic, and what hidden content revealed. This is studied through an in-depth analysis of the body of 500.000 phishing emails addressed to Dutch registered top-level domains collected during the start of the pandemic. The study reveals that most COVID-19 related phishing emails follow known patterns indicating that perpetrators are more likely to adapt than to reinvent their schemes.

RESUMEN

CONTEXT: The cause of cybercrime phishing threats in Malaysia is a lack of knowledge and awareness of phishing. OBJECTIVE: The effects of self-efficacy (the ability to gain anti-phishing knowledge) and protection motivation (attitude toward sharing personal information online) on the risk of instant messaging phishing attacks (phishing susceptibility) are investigated in this study. The protection motivation theory (PMT) was tested in the context of attitudes toward sharing personal information online with a view to improving interventions to reduce the risk of phishing victimisation. METHODS: Data were collected using non-probability purposive sampling. An online survey of 328 Malaysian active instant messaging users was collected and analysed in SmartPLS version 4.0.8.6 using partial least squares structural equation modelling. RESULTS: The results showed that a person's cognitive factor (either high or low self-efficacy) affected their chance of being a victim of instant message phishing. A higher level of self-efficacy and a negative attitude towards sharing personal information online were significant predictors of phishing susceptibility. A negative attitude towards sharing personal information online mediated the relationship between high levels of self-efficacy and phishing susceptibility. A higher level of self-efficacy led to the formation of negative attitudes among internet users. Attitudes toward the sharing of personal information online are critical because they allow phishing attempts to exist and succeed. CONCLUSIONS: The findings give government agencies more information on how to organise anti-phishing campaigns and awareness programmes; awareness and education can improve one's ability to acquire anti-phishing knowledge (self-efficacy).

Asunto(s)