A Modern Perspective on Phishing: An investigation into susceptibility to phishing attacks between mobile and desktop email clients
Research on how to counter phishing from a user behavior perspective has been explored for over a decade, yet the prevalence of such threats is increasing. This thesis aims to provide a modern perspective by considering if there is a difference in how susceptible an individual is on a mobile device versus a desktop email client. Currently very few studies consider phishing on mobile devices and the research is unclear as to the potential difference in susceptibility rates between the two device types. Initially a review of 60 phishing emails received by the university that had passed mail filtering were used to assist in the design of the messages to be used in the second stage of the study. Following this a simulated phishing attack on two groups in one unit of professional administrative staff in the university (141 in total with 71 in Group A and 70 in Group B) within the university was undertaken. The defining characteristic between the groups was how they responded to a message with a ‘loss versus gain’ appeal. This area has received limited exploration in the research and findings remain unclear. This study found that people were statistically far more susceptible to the ‘gain’ message of a free coffee at 28.2% than the ‘loss’ message of Office365 account suspension 7.1% . For device type there appears to be no statistically significant difference, even between the groups. This study highlights the complexities of device usage around phishing, that have not been clearly highlighted in previous studies, such as people viewing emails with one device and falling victim on another device.