Identity theft: empirical evidence from a phishing exercise
Abstract
Identity theft is an emerging threat in our networked world and
more individuals and companies fall victim to this type of fraud. User training
is an important part of ICT security awareness; however, IT management must
know and identify where to direct and focus these awareness training efforts.
A phishing exercise was conducted in an academic environment as part of an
ongoing information security awareness project where system data or evidence
of users' behavior was accumulated. Information security culture is influenced
by amongst other aspects the behavior of users. This paper presents the
findings of this phishing experiment where alarming results on the staff
behavior are shown. Educational and awareness activities pertaining to email
environments are of utmost importance to manage the increased risks of
identity theft