Vulnerability of Students of Masaryk University to Two Different Types of Phishing

• Authors: DUBOVECKÁ Klára
• Year of publication: 2024
• Type: Article in Periodical
• Magazine / Source: Applied Cybersecurity & Internet Governance
• MU Faculty or unit: Faculty of Social Studies
• web: https://www.acigjournal.com/Vulnerability-of-Students-of-Masaryk-University-to-Two-Different-Types-of-Phishing,190268,0,2.html
• Doi: http://dx.doi.org/10.60097/ACIG/190268
• Keywords: phishing; university students; social engineering; the human factor; unintentional threat
• Description: According to the European Union Agency for Cybersecurity’s (ENISA) Threat Landscape (ETL) report 2020, phishing is the most commonly used type of cyberattack. Phishing is the technique of delivering false communications that appear to be from a real and respectable source, typically via e-mail or text message. The attacker aims to steal money, obtain access to sensitive data, and login information, or install malware on the victim’s device. Data from the same report shows that during the COVID-19 pandemic, phishing attacks increased by 667% in one month. Simultaneously, warnings about expected waves of phishing e-mails at Masaryk University in Czechia were encountered more often. However, at the time this article was written, there was de facto no anti-phishing research dealing with the problem of phishing attacks on Czech universities. The present article focuses on unintentional human error on the side of students of Masaryk University. The main aim of this article is to uncover the profile of the user who is most prone to victimisation of phishing in the university setting. These results were achieved by performing two real-life phishing simulations. Data suggests that female students are more prone to crash for targeted e-mails. At the same time, all students are more susceptible to spear-phishing attacks than to the generic ones. Findings are explained by analysing the empirical results of the two real-life phishing attacks conducted.