A study of email deception based on situation awareness theory

Hsieh Hong Huang, Hsiao Ting Tseng, Chia Lun Lo

Research output: Contribution to conferencePaperpeer-review

Abstract

Information security-related research is traditionally focused on technical aspects, while little attention is paid to user behavior and organizational management and employee behavior is often neglected. In many cases, employees intend to comply with policies, but they cannot avoid “unintentional” violation of information security policies, that is, they are unaware of the existence of deception. Even if the user's intention to comply with the security policy is high and the behavior is toward compliance, it is still possible to have an information security violation in the case of “unawareness” or “mistrust,” resulting in organizational losses. This study uses situation awareness theory to explore how email social engineering attacks can deceive users either unconsciously or unintentionally and to explore using current and possible training methods to reduce the possibility of employees falling victim to a successful email engineering attack.

Original languageEnglish
StatePublished - 2019
Event23rd Pacific Asia Conference on Information Systems: Secure ICT Platform for the 4th Industrial Revolution, PACIS 2019 - Xi'an, China
Duration: 8 Jul 201912 Jul 2019

Conference

Conference23rd Pacific Asia Conference on Information Systems: Secure ICT Platform for the 4th Industrial Revolution, PACIS 2019
Country/TerritoryChina
CityXi'an
Period8/07/1912/07/19

Keywords

  • Email deception
  • Email fraud
  • Situation awareness theory
  • Social engineering

Fingerprint

Dive into the research topics of 'A study of email deception based on situation awareness theory'. Together they form a unique fingerprint.

Cite this