References
- James L. Phishing exposed. Rockland (MA): Syngress; 2009.
- Avanan. Avanan | how email became the weakest link. 2019 [accessed 2019 Nov 14]. https://www.avanan.com/how-email-became-the-weakest-link
- Hong J. The state of phishing attacks. Commun ACM. 2012;55(1):74. doi:https://doi.org/10.1145/2063176.2063197.
- Goel S, Williams K, Dincelli E. Got phished: internet security and human vulnerability. J Assoc Inf Syst. 2017;18(1):22–44. doi:https://doi.org/10.17705/1jais.00447.
- Trend Micro. Spear-phishing email: most favored APT attack bait. 2012:1–8. http://www.trendmicro.co.uk/cloud-content/us/pdfs/security-intelligence/white-papers/wp-spear-phishing-email-most-favored-apt-attack-bait.pdf
- Verizon. 2019 Data breach investigations report. 2019. https://enterprise.verizon.com/resources/reports/2019-data-breach-investigations-report.pdf
- Wombat Security. State of the Phish 2018. 2018. https://info.wombatsecurity.com/hubfs/2018.StateofthePhish/Wombat-StateofPhish2018.pdf
- Symantec. Internet security threat report. 2019 [accessed 2019 Nov 13]. https://www.symantec.com/content/dam/symantec/docs/reports/istr-24-2019-en.pdf
- Cisco. Email and spam data || Cisco Talos Intelligence Group - Comprehensive threat intelligence. 2019 [accessed 2019 Nov 13]. https://talosintelligence.com/reputation_center/email_rep
- APWG. APWG | phishing activity trends reports. 2019 [accessed 2019 Nov 13]. https://apwg.org/trendsreports/
- Goncharov M Russian underground 101. 2012. http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-russian-underground-101.pdf
- FireEye. Spear-phishing attacks. Why they are successful and hot to stop them. Milpitas (CA); 2016. https://www2.fireeye.com/rs/fireye/images/fireeye-how-stop-spearphishing.pdf
- Krebs B Tech firm ubiquiti suffers $46M cyberheist — krebs on security. Krebs on Security. 2015 [accessed 2019 Nov 18]. https://krebsonsecurity.com/2015/08/tech-firm-ubiquiti-suffers-46m-cyberheist/
- Krebs B FBI: businesses lost $215M to email scams — krebs on security. Krebs on Security. 2015 [accessed 2019 Nov 18]. https://krebsonsecurity.com/2015/01/fbi-businesses-lost-215m-to-email-scams/
- McGrath DK, Gupta M Behind phishing: an examination of phisher modi operandi. In: Usenix Workshop on Large-Scale Exploits and Emergent Threats (LEET). San Francisco, CA; 2008. p. 4.
- Dunham K. MetaFisher: next–generation bots and phishing. Inf Syst Secur. 2006;15(5):2–6. doi:https://doi.org/10.1201/1086.1065898X/46353.15.4.20060901/95425.1.
- Bose I, Leung ACM. Unveiling the mask of phishing: threats, preventive measures, and responsibilities. Commun Assoc Inf Syst. 2007;19(1):544–66. doi:https://doi.org/10.17705/1CAIS.01924.
- Jagatic TN, Johnson NA, Jakobsson M, Menczer F. Social phishing. Commun ACM. 2007;50(10):94–100. doi:https://doi.org/10.1145/1290958.1290968.
- Jakobsson M, Myers S. Phishing attacks: information flow and chokepoints. In: Phishing and Countermeasures. John Wiley & Sons, Inc.; 2006. 31–63. doi:https://doi.org/10.1002/9780470086100.ch2.
- Leukfeldt ER. Phishing for suitable targets in the Netherlands: routine activity theory and phishing victimization. Cyberpsychol Behav Soc Netw. 2014;17(8):551–55. doi:https://doi.org/10.1089/cyber.2014.0008.
- Wright RT, Marett K. The influence of experiential and dispositional factors in phishing: an empirical investigation of the deceived. J Manag Inf Syst. 2010;27(1):273–303. doi:https://doi.org/10.2753/MIS0742-1222270111.
- Aleroud A, Abu-Shanab E, Al-Aiad A, Alshboul Y. An examination of susceptibility to spear phishing cyber attacks in non-English speaking communities. J Inf Secur Appl. 2020;55(September):102614. doi:https://doi.org/10.1016/j.jisa.2020.102614.
- Moody G, Galletta D, Walker J, Dunn B Which phish get caught? An exploratory study of individual susceptibility to phishing. In: 32nd International Conference on Information Systems. Shanghai; 2011. p. Paper 5. http://aisel.aisnet.org/icis2011/proceedings/ISsecurity/5
- Rocha Flores W, Holm H, Nolberg M, Ekstedt M. Investigating personal determinants of phishing and the effect of national culture. Inf Comp Secur. 2015;23(2):178–99. doi:https://doi.org/10.1108/ICS-05-2014-0029.
- Lin T, Capecci DE, Ellis DM, Rocha HA, Dommaraju S, Oliveira DS, Ebner NC. Susceptibility to spear-phishing emails: effects of internet user demographics and email content. ACM Trans Comput Hum Interact. 2019;26(5):1–28. doi:https://doi.org/10.1145/3336141.
- Dhamija R, Tygar JD, Hearst M Why phishing works. In: Proceedings of the SIGCHI conference on Human Factors in computing systems. New York, NY, USA: ACM; 2006. p. 581–90. (CHI ’06). doi:https://doi.org/10.1145/1124772.1124861
- Luo X, Zhang W, Burd S, Seazzu A. Investigating phishing victimization with the Heuristic-Systematic model: A theoretical framework and an exploration. Comp Secur. 2013;38:28–38. doi:https://doi.org/10.1016/j.cose.2012.12.003.
- Vishwanath A, Herath T, Chen R, Wang J, Rao HR. Why do people get phished? Testing individual differences in phishing vulnerability within an integrated, information processing model. Decis Support Syst. 2011;51(3):576–86. doi:https://doi.org/10.1016/j.dss.2011.03.002.
- Vishwanath A. Getting phished on social media. Decis Support Syst. 2017;103:70–81. doi:https://doi.org/10.1016/j.dss.2017.09.004.
- Vishwanath A, Harrison B, Ng YJ. Suspicion, cognition, and automaticity model of phishing susceptibility. Communic Res. 2018;45(8):1146–66. doi:https://doi.org/10.1177/0093650215627483.
- Lynch J. Identity theft in cyberspace: crime control methods and their effectiveness in combating phishing attacks. Berkeley Technol Law J. 2005;20(1):259–300. doi:https://doi.org/10.15779/Z38M67D.
- Jansson K, von Solms R. Phishing for phishing awareness. Behav Inf Technol. 2013;32(6):584–93. doi:https://doi.org/10.1080/0144929X.2011.632650.
- Sheng S, Holbrook M, Kumaraguru P, Cranor LF, Downs J Who falls for phish? A demographic analysis of phishing susceptibility and effectiveness of interventions. In: Proceedings of the 28th international conference on Human factors in computing systems - CHI ’10. Atlanta, GA; 2010. p. 373–82. doi:https://doi.org/10.1145/1753326.1753383
- Steves MP, Greene KK, Theofanos MF A phish scale: rating human phishing message detection difficulty. In: Workshop on Usable Security (USEC). San Diego, CA; 2019. doi:https://doi.org/10.14722/usec.2019.23028
- Thomas JE. Individual cyber security: empowering employees to resist spear phishing to prevent identity theft and ransomware attacks. Int J Bus Manage. 2018;13(6):1–24. doi:https://doi.org/10.5539/ijbm.v13n6p1.
- Bzdok D, Altman N, Krzywinski M. Points of significance: statistics versus machine learning. Nat Methods. 2018;15(4):233–34. doi:https://doi.org/10.1038/nmeth.4642.
- Dhar V. Data science and prediction. Commun ACM. 2012;56(12):64–73. doi:https://doi.org/10.2139/ssrn.2086734.
- Gurbaxani V, Mendelson H. An integrative model of information systems spending growth. Inf Syst Res. 1990;1(1):23–46. doi:https://doi.org/10.1287/isre.1.1.23.
- Van Maanen J, Sørensen JB, Mitchell TR. The interplay between theory and method. Acad Manage Rev. 2007;32(4):1145–54. doi:https://doi.org/10.5465/amr.2007.26586080.
- Shmueli G. To explain or to predict? Stat Sci. 2010;25(3):289–310. doi:https://doi.org/10.2139/ssrn.1351252.
- Caruana R, Niculescu-Mizil A An empirical comparison of supervised learning algorithms. In: Proceedings of The 23rd International Conference on Machine Learning. Pittsburgh, PA. Vol. C. 2006. p. 161–68. doi:https://doi.org/10.1145/1143844.1143865
- Dupret G, Koda M. Bootstrap re-sampling for unbalanced data in supervised learning. Eur J Oper Res. 2001;134(1):141–56. doi:https://doi.org/10.1016/S0377-2217(00)00244-7.
- Chawla NV, Bowyer KW, Hall LO, Kegelmeyer WP. SMOTE: synthetic minority over-sampling technique. J Artif Intell Res. 2002;16:321–57. doi:https://doi.org/10.1613/jair.953.
- Hanus B, Windsor JC, Wu Y. Definition and multidimensionality of security awareness: close encounters of the second order. SIGMIS Database. 2018;49(SI):103–33. doi:https://doi.org/10.1145/3210530.3210538.
- DiMaggio PJ, Powell WW. The iron cage revisited: institutional isomorphism and collective rationality in organizational fields. Am Sociol Rev. 1983;48(2):147–60.
- Riedy MK, Hanus B. Your personal data is at risk: get over it! SMU Sci Tech L Rev. 2016;19:3–79.
- Department of Labor. Defining and delimiting the exemptions for executive, administrative, professional, outside sales and computer employees. Federal Register. 2019 [accessed 2019 Nov 11]. https://www.federalregister.gov/documents/2019/09/27/2019-20353/defining-and-delimiting-the-exemptions-for-executive-administrative-professional-outside-sales-and