Management Information Systems Commons^™

A Naturalistic Methodology For Assessing Susceptibility To Social Engineering Through Phishing, Paula Musuva, Christopher Chepken, Katherine Getao

The African Journal of Information Systems

Phishing continues to be a prevalent social engineering attack. Attacks are relatively easy to setup and can target many people at low cost. This study presents a naturalistic field experiment that can be staged by organisations to determine their exposure. This exercise provides results with high ecological validity and can give organisations the information they need to craft countermeasures to social engineering risks. The study was conducted at a university campus in Kenya where 241 valid system users, also known as “insiders,” are targeted in a staged phishing experiment. The results show that 31.12% of the insiders are susceptible to …