Home   >   CSC-OpenAccess Library   >    Manuscript Information
Full Text Available

This is an Open Access publication published under CSC-OpenAccess Policy.
Publications from CSC-OpenAccess Library are being accessed from over 74 countries worldwide.
Phishing: A Field Experiment
Danuvasin Charoen
Pages - 277 - 286     |    Revised - 01-05-2011     |    Published - 31-05-2011
Volume - 5   Issue - 2    |    Publication Date - May / June 2011  Table of Contents
Phishing, Data Security, Computer Crime, Internet Security
Phishing is a method that hackers use to fraudulently acquire sensitive or private information from a victim by impersonating a real entity (Turban, Leidner, McLean, & Wetherbe, 2010). Phishing can be defined as the act of soliciting or stealing sensitive information such as usernames, passwords, bank account numbers, credit card numbers, and social security or citizen ID numbers from individuals using the Internet (Ohaya, 2006). Phishing often involves some kind of deception. The results from a study of Jagatic et al. (2007) indicate that Internet users are four times more likely to become phishing victims if they receive a request from someone appearing to be a known friend or colleague. The Anti-Phishing Work Group indicates that at least five percent of users responded to phishing scams and about two million users gave away their information to spoofed websites (APWG, 2009). This results in direct losses of $1.2 billion for banks and credit card companies (Dhamija, 2006). In order to understand how phishing can be conducted, the researcher set up a phishing experiment in one of Thailandís higher education institutions. The subjects were MBA students. A phishing email was sent to the subjects, and the message led the subject to visit the phishing website. One hundred seventy students became victims. The data collection included a survey, an interview, and a focus group. The results indicated that phishing could be easily conducted, and the result can have a great impact on the security of an organization. Organizations can use and apply the lessons learned from this study to formulate an effective security policy and security awareness training programs.
CITED BY (1)  
1 Chuchuen, C., & Chanvarasuth, P. (2015). Relationship between Phishing Techniques and User Personality Model of Bangkok Internet Users.
1 Google Scholar 
2 Academic Journals Database 
3 CiteSeerX 
4 refSeek 
5 iSEEK 
6 Libsearch 
7 Bielefeld Academic Search Engine (BASE) 
8 Scribd 
9 SlideShare 
10 PdfSR 
1 Turban, E., et al., Information Technology for Management: Transforming Organizations in the Digital Economy 7th ed. 2010: Wiley.
2 Ohaya, C. Managing Phishing Threats in an Organization. in InfoSecCD. 2006. Kennesaw, GA: ACM.
3 APWG. (2009). Phishing Activity Trends Report: www.antiphishing.org. Available: http://www.antiphishing.org/reports/apwg_report_Q4_2009.pdf [December 21, 2010].
4 Office, N. S. (2008). E-Commerce Report Bangkok, Thailand: National Statistical Office Available: http://service.nso.go.th/nso/nsopublish/pocketBook/electThaiRep_52.pdf [November 7, 2010].
5 ThaiCert, Year 2007 ThaiCERT's handled Incident Response Summary, N. Sanglerdinlapachai, Editor. 2007, Thai Computer Emergency Response Team.
6 Turban, E., et al., Information Technology for Management: Transforming Organizations in the Digital Economy 6th ed. 2008: Wiley.
7 APWG. (2010a). Global Phishing Survey: Trends and Domain Name Use in 1H2010 Available: http://www.antiphishing.org/reports/APWG_GlobalPhishingSurvey_1H2010.pdf [December 25, 2010].
8 APWG. (2010b). Phishing Activity Trends Report: APWG. Available: http://www.antiphishing.org/reports/apwg_report_Q1_2010.pdf [December 25, 2010].
9 Jagatic, T.N., et al., Social Phishing. Communications of the ACM, 2007. 50(10).
Dr. Danuvasin Charoen
NIDA Business School - Thailand