Credulity to Phishing Attacks: A Real-World Study of Personnel with Higher Education

Abstract

Phishing is an attack where the attacker creates the fake object (e-mail, web site, etc) to fool an online user into eliciting personal information. This is a base for a big variety of other security attacks as during this social engineering attack user provides sensitive personal information. In order to protect against phishing attacks a variety of tools are proposed; however, the majority agrees that the best countermeasure is user training and education rather than hardware or software solutions. In this paper, we analyze how credulous to phishing attacks are educated persons (people with no less than bachelor degree). The real-world study was executed to inspect how personnel of higher education organization react to phishing email, how credulous, suspicious they are and how far they will go in revealing their personal data.