| Popis: |
A Phishing attack is a type of cybercrime where individuals' personal and sensitive information is stolen by perpetrators for their financial gain. In this type of cyber-attack, the perpetrator pretends to be a genuine person or organisation by contacting them through email or other communication mediums. These malicious email links and attachments contain various malicious functions, which can capture victims' usernames, passwords, and online banking details. This is also known as an online identity theft as it harms individuals by not only stealing money but also the identity of victims. Previous research demonstrates that numerous anti-phishing tools have been developed to protect individuals' from being a victim of this kind of cybercrime. However, there is a very minimal amount of research on how to educate people. As phishing attacks are more central to humans, it is very important to educate them about anti-phishing as well as phishing. According to previous research, users' self-efficacy plays a vital role in phishing threat avoidance behaviour by motivating them. This self-efficacy has a co-relation with knowledge. This means one can enhance self-efficacy by enhancing knowledge. The study reported in this thesis focuses on user's self-efficacy to enhance computer users' phishing threat avoidance behaviour. The proposed research work is accomplished by first identifying knowledge elements that enhance IT users' self-efficacy. Then a theoretical model is developed that incorporates knowledge attributes such as observational knowledge, heuristic knowledge, and structural knowledge along with procedural and conceptual knowledge. The theoretical model depicts a mechanism that links knowledge attributes, user self-efficacy, threat avoidance motivation, and threat avoidance behaviour. A game design prototype based on a scenario was designed to demonstrate how investigated knowledge elements can be incorporated into an anti-phishing learning gaming tool. In addition, this also demonstrates how phishing education can be given and learned in a knowledge-based way by using an anti-phishing educational gaming tool. Finally, the research work reported in this thesis identified knowledge attributes that positively influence user's self-efficacy through their phishing threat avoidance behaviour. Therefore, it can be argued that anti-phishing education and educational tools should consider these knowledge attributes as well as IT users' self-efficacy. |
