A phishing attack awareness framework for a South African University of Technology
Background: Phishing is a deceptive tactic in which an attacker impersonates a trusted entity to steal sensitive information from Internet users. This creates significant risks for university end-users who depend on computer networks, underscoring the critical need for enhanced phishing awareness....
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
AOSIS
2025-07-01
|
| Series: | South African Journal of Information Management |
| Subjects: | |
| Online Access: | https://sajim.co.za/index.php/sajim/article/view/1949 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849698446161739776 |
|---|---|
| author | Japhet M. Kayomb Errol R. Francke Tabisa Ncubukezi |
| author_facet | Japhet M. Kayomb Errol R. Francke Tabisa Ncubukezi |
| author_sort | Japhet M. Kayomb |
| collection | DOAJ |
| description | Background: Phishing is a deceptive tactic in which an attacker impersonates a trusted entity to steal sensitive information from Internet users. This creates significant risks for university end-users who depend on computer networks, underscoring the critical need for enhanced phishing awareness.
Objectives: This study aims to develop a phishing awareness framework among the University of Technology users and, in so doing, help reduce the number of phishing attacks.
Method: A qualitative method based on a case study was adopted. Data were collected from students, academics and technical staff in the information technology (IT) department with ethical considerations in mind. Data were analysed using thematic analysis with the Technology Threats Avoidance Theory as the theoretical lens for the study.
Results: The findings showed many phishing attacks and victims at the university. Furthermore, phishers use different techniques in phishing attacks, and IT users need constant reminders about the danger of phishing attacks. Lastly, it is important to educate users about phishing attacks.
Conclusion: The study recommended a framework for educating users about phishing attacks within the university. The framework included four elements: the frequencies of phishing attacks, strategies of phishing attacks, awareness of phishing attacks, and the nature of a phishing attack programme.
Contribution: This study has the potential to help protect university data and could reduce downtime on the university’s computer network by reducing the number of cyber-attacks. The outcome can also address the online behaviour of end-users to reduce the number of phishing attack victims on the Internet. |
| format | Article |
| id | doaj-art-64621e2f5f734b02bf6e2210fd50d337 |
| institution | DOAJ |
| issn | 2078-1865 1560-683X |
| language | English |
| publishDate | 2025-07-01 |
| publisher | AOSIS |
| record_format | Article |
| series | South African Journal of Information Management |
| spelling | doaj-art-64621e2f5f734b02bf6e2210fd50d3372025-08-20T03:18:54ZengAOSISSouth African Journal of Information Management2078-18651560-683X2025-07-01271e1e1010.4102/sajim.v27i1.1949845A phishing attack awareness framework for a South African University of TechnologyJaphet M. Kayomb0Errol R. Francke1Tabisa Ncubukezi2Department of Information Technology, Faculty of Informatics and Design, Cape Peninsula University of Technology, Cape TownDepartment of Information Technology, Faculty of Informatics and Design, Cape Peninsula University of Technology, Cape TownDepartment of Information Technology, Faculty of Informatics and Design, Cape Peninsula University of Technology, Cape TownBackground: Phishing is a deceptive tactic in which an attacker impersonates a trusted entity to steal sensitive information from Internet users. This creates significant risks for university end-users who depend on computer networks, underscoring the critical need for enhanced phishing awareness. Objectives: This study aims to develop a phishing awareness framework among the University of Technology users and, in so doing, help reduce the number of phishing attacks. Method: A qualitative method based on a case study was adopted. Data were collected from students, academics and technical staff in the information technology (IT) department with ethical considerations in mind. Data were analysed using thematic analysis with the Technology Threats Avoidance Theory as the theoretical lens for the study. Results: The findings showed many phishing attacks and victims at the university. Furthermore, phishers use different techniques in phishing attacks, and IT users need constant reminders about the danger of phishing attacks. Lastly, it is important to educate users about phishing attacks. Conclusion: The study recommended a framework for educating users about phishing attacks within the university. The framework included four elements: the frequencies of phishing attacks, strategies of phishing attacks, awareness of phishing attacks, and the nature of a phishing attack programme. Contribution: This study has the potential to help protect university data and could reduce downtime on the university’s computer network by reducing the number of cyber-attacks. The outcome can also address the online behaviour of end-users to reduce the number of phishing attack victims on the Internet.https://sajim.co.za/index.php/sajim/article/view/1949cyber-attackscyberspacenetwork securityphishing attacksecurity awareness |
| spellingShingle | Japhet M. Kayomb Errol R. Francke Tabisa Ncubukezi A phishing attack awareness framework for a South African University of Technology South African Journal of Information Management cyber-attacks cyberspace network security phishing attack security awareness |
| title | A phishing attack awareness framework for a South African University of Technology |
| title_full | A phishing attack awareness framework for a South African University of Technology |
| title_fullStr | A phishing attack awareness framework for a South African University of Technology |
| title_full_unstemmed | A phishing attack awareness framework for a South African University of Technology |
| title_short | A phishing attack awareness framework for a South African University of Technology |
| title_sort | phishing attack awareness framework for a south african university of technology |
| topic | cyber-attacks cyberspace network security phishing attack security awareness |
| url | https://sajim.co.za/index.php/sajim/article/view/1949 |
| work_keys_str_mv | AT japhetmkayomb aphishingattackawarenessframeworkforasouthafricanuniversityoftechnology AT errolrfrancke aphishingattackawarenessframeworkforasouthafricanuniversityoftechnology AT tabisancubukezi aphishingattackawarenessframeworkforasouthafricanuniversityoftechnology AT japhetmkayomb phishingattackawarenessframeworkforasouthafricanuniversityoftechnology AT errolrfrancke phishingattackawarenessframeworkforasouthafricanuniversityoftechnology AT tabisancubukezi phishingattackawarenessframeworkforasouthafricanuniversityoftechnology |