Abstract
Identity theft is an emerging threat in our networked world and more individuals and companies fall victim to this type of fraud. User training is an important part of ICT security awareness; however, IT management must know and identify where to direct and focus these awareness training efforts. A phishing exercise was conducted in an academic environment as part of an ongoing information security awareness project where system data or evidence of users’ behavior was accumulated. Information security culture is influenced by amongst other aspects the behavior of users. This paper presents the findings of this phishing experiment where alarming results on the staff behavior are shown. Educational and awareness activities pertaining to email environments are of utmost importance to manage the increased risks of identity theft.
Please use the following format when citing this chapter: Steyn, T., Kruger, H., and Drevin, L., 2007, in IFIP International Federation for Information Processing, Volume 232, New Approaches for Security, Privacy and Trust in Complex Environments, eds. Venter, H., Eloff, M. Labuschagne, L., Eloff, j., von Sohns, R., (Boston: Springer), pp. 193–203.
Chapter PDF
Similar content being viewed by others
References
G. Oilman, The Phishing guide: Understanding & Preventing Phishing attacks, (October 25, 2006); http://www.ngssoftware.com/research/papers.
A. Granova and J.H.P. Eloff, A legal overview of phishing, Computer Fraud and Security, 6–11, (July 2005).
Identity Theft Resource Center. (October 24, 2006); http://www.idtheftcenter.org/cresources.shtml.
A. Litan, Phishing attack victims likely targets for Identity Theft, (October 24, 2006); http://www.gartner.com 4 May 2004.
L. Drevin, H.A. Kruger and T. Steyn, Value-focused assessment of ICT security awareness in an academic environment, In: IFIP International Federation for Information Processing, Volume 201, Security and Privacy in Dynamic Environments, eds. Fischer-Hubner, S., Ranneberg, K., Yngstrom, L, Lindskog, S. (Boston: Springer, 2006), pp. 448–453.
R.C. Dodge and A.J. Ferguson, Using Phishing for User Email Security Awareness, In: IFIP International Federation for Information Processing, Volume 201, Security and Privacy in Dynamic Environments, eds. Fischer-Hubner, S., Ranneberg, K., Yngstrom, L, Lindskog, S. (Boston: Springer, 2006), pp. 454–459.
H.A. Kruger, L. Drevin, and T. Steyn, A framework for evaluating ICT security awareness, In: Proceedings of the 2006 ISSA Conference, Johannesburg, South Africa, (5-7 July 2006, on CD).
A.G.W. Steyn, CF. Smit, S.H.C. Du Toit and C. Strasheim, Moderne Statistiek vir die Praktyk, (Sesde uitgawe. JL van Schaik. Pretoria, 1998).
T. Wegner, Applied Business Statistics, (Juta& Co, Ltd. Kenwyn, 1993).
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 International Federation for Information Processing
About this paper
Cite this paper
Steyn, T., Kruger, H.A., Drevin, L. (2007). Identity Theft — Empirical evidence from a Phishing Exercise. In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., von Solms, R. (eds) New Approaches for Security, Privacy and Trust in Complex Environments. SEC 2007. IFIP International Federation for Information Processing, vol 232. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-72367-9_17
Download citation
DOI: https://doi.org/10.1007/978-0-387-72367-9_17
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-72366-2
Online ISBN: 978-0-387-72367-9
eBook Packages: Computer ScienceComputer Science (R0)