Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Exploring User Risk Factors and Target Groups for Phishing Victimization in Pakistan

Javara A. Bukhsh, Maya Daneva, Marten van Sinderen

TL;DR

The study investigates phishing susceptibility in Pakistan by examining how demographics, technological usage, prior phishing experience, and email-source cues influence victims. Using a questionnaire with 164 participants and 43 emails (phishing and legitimate), the authors employ logistic regression and Levene tests to identify predictors and cue effects. Key findings show that male and older individuals, plus those who spend more time online shopping or banking, are more susceptible; higher email security awareness reduces risk, and prior victimization increases future vulnerability. Email cues such as authority and urgency heighten susceptibility, while risks cues may promote vigilance; Gmail/LinkedIn-like sources pose higher risk than government or social media sources. The results offer targeted guidance for cybersecurity awareness and interventions in Pakistan, emphasizing demographic-specific and source-aware strategies in a rapidly digitizing context.

Abstract

Phishing attacks pose a significant cybersecurity threat globally. This study investigates phishing susceptibility within the Pakistani population, examining the influence of demographic factors, technological aptitude and usage, previous phishing victimization, and email characteristics. Data was collected through convenient sampling; a total of 164 people completed the questionnaire. Contrary to some assumptions, the results indicate that men, individuals over 25, employed persons and frequent online shoppers have relatively high phishing susceptibility. The characteristics of email significantly affected phishing victimization, with authority and urgency signaling increasing susceptibility, while risk cues sometimes improved vigilance. In particular, users were more susceptible to emails from communication services such as Gmail and LinkedIn compared to government or social media sources. These findings highlight the need for targeted security awareness interventions tailored to specific demographics and email types. A multifaceted approach combining technology and education is crucial to combat phishing attacks.

Exploring User Risk Factors and Target Groups for Phishing Victimization in Pakistan

TL;DR

The study investigates phishing susceptibility in Pakistan by examining how demographics, technological usage, prior phishing experience, and email-source cues influence victims. Using a questionnaire with 164 participants and 43 emails (phishing and legitimate), the authors employ logistic regression and Levene tests to identify predictors and cue effects. Key findings show that male and older individuals, plus those who spend more time online shopping or banking, are more susceptible; higher email security awareness reduces risk, and prior victimization increases future vulnerability. Email cues such as authority and urgency heighten susceptibility, while risks cues may promote vigilance; Gmail/LinkedIn-like sources pose higher risk than government or social media sources. The results offer targeted guidance for cybersecurity awareness and interventions in Pakistan, emphasizing demographic-specific and source-aware strategies in a rapidly digitizing context.

Abstract

Phishing attacks pose a significant cybersecurity threat globally. This study investigates phishing susceptibility within the Pakistani population, examining the influence of demographic factors, technological aptitude and usage, previous phishing victimization, and email characteristics. Data was collected through convenient sampling; a total of 164 people completed the questionnaire. Contrary to some assumptions, the results indicate that men, individuals over 25, employed persons and frequent online shoppers have relatively high phishing susceptibility. The characteristics of email significantly affected phishing victimization, with authority and urgency signaling increasing susceptibility, while risk cues sometimes improved vigilance. In particular, users were more susceptible to emails from communication services such as Gmail and LinkedIn compared to government or social media sources. These findings highlight the need for targeted security awareness interventions tailored to specific demographics and email types. A multifaceted approach combining technology and education is crucial to combat phishing attacks.

Paper Structure

This paper contains 14 sections, 2 tables.

Table of Contents

  1. Introduction
  2. Background and related work
  3. Demographics
  4. Technological aptitude and usage
  5. Repeat phishing experience
  6. Decision factors
  7. Source of emails
  8. Phishing susceptibility in Pakistan
  9. Hypothesis
  10. Results
  11. Individual Characteristics and Phishing Susceptibility
  12. Email Characteristics and Phishing Susceptibility
  13. Discussion
  14. Conclusion and Limitations