Corporate susceptibility to email phishing: a socio-technical perspective
- Authors: Mphela, Ramatladi Sello
- Date: 2025-04
- Subjects: Computer security , Electronic mail systems , Internet -- Safety measures
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10948/74105 , vital:79648
- Description: Email phishing continues to be a significant challenge for organisations, targeting and exploiting vulnerabilities in corporate environments. These attacks leverage human behaviour and technical gaps to deceive users, leading to substantial financial losses, operational disruptions, and reputational harm. Despite advancements in defence mechanisms, phishing continues to outpace existing strategies, revealing critical gaps in understanding and mitigating susceptibility within organisations. This study aims to develop a socio-technical framework to address corporate susceptibility to email phishing. The framework integrates insights into social, technical, and environmental subsystems to propose comprehensive strategies for reducing vulnerabilities and enhancing organisational resilience. The research employs the Socio-Technical Systems (STS) framework to analyse the interplay between human behaviour, technology, and external environmental influences. This theoretical lens provides a holistic perspective for understanding phishing susceptibility and tailoring defence strategies across hierarchical levels (micro, meso, and macro). A systematic literature review of 62 papers was conducted to identify recurring themes related to phishing vulnerabilities and defence mechanisms. Qualitative data analysis using ATLAS.ti facilitated the coding and thematic synthesis of findings. Logical argumentation was employed to integrate these insights into a coherent socio-technical framework. The study identifies 11 key susceptibility factors across social, technical, and environmental subsystems, such as lack of employee training, weak technical controls, and environmental complexities. It also outlines eight defence strategies, including effective training programs, advanced technical controls, and secure communication protocols. The proposed framework aligns these factors and strategies with hierarchical organisational levels to ensure targeted and scalable interventions. This research advances knowledge and practice by providing a practical and adaptable socio-technical framework for mitigating email phishing risks. By leveraging socio-technical systems theory, the study provides actionable insights that enhance corporate resilience against phishing attacks. The framework encapsulates a layered, adaptive approach to building resilience against email phishing in a continuously evolving digital threat landscape. , Thesis (MIT) -- Faculty of Engineering, the Built Environment, and Technology, School of Information Technology, 2025
- Full Text:
- Date Issued: 2025-04
Phishing within e-commerce: reducing the risk, increasing the trust
- Authors: Megaw, Gregory M
- Date: 2010
- Subjects: Phishing , Identity theft -- Prevention , Electronic commerce , Computer security , Internet -- Safety measures
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11131 , http://hdl.handle.net/10353/376 , Phishing , Identity theft -- Prevention , Electronic commerce , Computer security , Internet -- Safety measures
- Description: E-Commerce has been plagued with problems since its inception and this study examines one of these problems: The lack of user trust in E-Commerce created by the risk of phishing. Phishing has grown exponentially together with the expansion of the Internet. This growth and the advancement of technology has not only benefited honest Internet users, but has enabled criminals to increase their effectiveness which has caused considerable damage to this budding area of commerce. Moreover, it has negatively impacted both the user and online business in breaking down the trust relationship between them. In an attempt to explore this problem, the following was considered: First, E-Commerce’s vulnerability to phishing attacks. By referring to the Common Criteria Security Model, various critical security areas within E-Commerce are identified, as well as the areas of vulnerability and weakness. Second, the methods and techniques used in phishing, such as phishing e-mails, websites and addresses, distributed attacks and redirected attacks, as well as the data that phishers seek to obtain, are examined. Furthermore, the way to reduce the risk of phishing and in turn increase the trust between users and websites is identified. Here the importance of Trust and the Uncertainty Reduction Theory plus the fine balance between trust and control is explored. Finally, the study presents Critical Success Factors that aid in phishing prevention and control, these being: User Authentication, Website Authentication, E-mail Authentication, Data Cryptography, Communication, and Active Risk Mitigation.
- Full Text:
- Date Issued: 2010