Academic Trust Betrayed: Unravelling the Factors Behind Lecturers’ Vulnerability to Social Engineering Attacks
DOI:
https://doi.org/10.54536/ajet.v4i3.4773Keywords:
Cybersecurity, Phishing, Pretexting, Susceptibility, Social Engineering AttacksAbstract
Social engineering (SE) attacks are the most treacherous cyber-attacks, which are not rooted in the manipulation of code or exploitation of system vulnerabilities but target the human factor, which has historically been the weakest link in the security chain. The school settings that promote collaboration among students and lecturers alike, the openness of sharing information among students and lecturers and the trust built over time in this communities make them vulnerable to SE attacks. This study then seeks to investigate how effective cybersecurity education and training intervention has in reducing the susceptibility of SE attacks among the staff of higher education. 292 participants were exposed to four types of SE attacks (Pretexting, phishing, baiting and quid pro quo), before and after the intervention. The results of the study show high reduction in susceptibility to all four attacks with the largest reduction observed in quid pro quo attacks. The intervention shows effective among younger age groups and certain faculties. Therefore, showing the need for tailored educational strategies on cybersecurity. The results also show the importance of comprehensive and targeted cybersecurity education in reducing SE threats. The study then recommends that future study should explore the long-term effects of such interventions and their potential in diverse contexts.
Downloads
References
Must-Know Phishing Statistics for 2023 | IT Governance. (n.d.). Retrieved April 21, 2025, from https://www.itgovernance.co.uk/blog/51-must-know-phishing-statistics-for-2023
Adu-Gyimah, S., Asante, G., & Boansi, O. K. (2022). Social engineering attacks: a clearer perspective. International Journal of Computer Applications, 975, 8887.
Al-Hamar, Y., Kolivand, H., Tajdini, M., … T. S.-C. & E., & 2021, undefined. (n.d.). Enterprise Credential Spear-phishing attack detection. Elsevier. Retrieved April 21, 2025, from https://www.sciencedirect.com/science/article/pii/S0045790621003335
Alawida, M., Omolara, A., & … O. A.-J. of K. S. (2022). A deeper look into cybersecurity issues in the wake of Covid-19: A survey. Elsevier. https://www.sciencedirect.com/science/article/pii/S1319157822002762
Almutairi, B., Security, A. A.-J. of I., & 2022, undefined. (2022). The Role of Social Engineering in Cybersecurity and Its Impact. Scirp.Org, 13, 363–379. https://doi.org/10.4236/jis.2022.134020
Alseadoon, I., Othman, M. F. I., & Chan, T. (2015). What is the influence of users’ characteristics on their ability to detect phishing emails? Lecture Notes in Electrical Engineering, 315, 949–962. https://doi.org/10.1007/978-3-319-07674-4_89
Arachchilage, N., & Behavior, S. L.-C. (2014). Security awareness of computer users: A phishing threat avoidance perspective. ElsevierNAG Arachchilage, S LoveComputers in Human Behavior, 2014. Elsevier. https://www.sciencedirect.com/science/article/pii/S0747563214003331
Aslan, Ö., Aktuğ, S. S., Ozkan-Okay, M., Yilmaz, A. A., & Akin, E. (2023). A comprehensive review of cyber security vulnerabilities, threats, attacks, and solutions. Electronics, 12(6), 1333. https://doi.org/10.3390/electronics12061333
Birthriya, S. K., Ahlawat, P., & Jain, A. K. (2025). A comprehensive survey of social engineering attacks: taxonomy of attacks, prevention, and mitigation strategies. Journal of Applied Security Research, 20(2), 244-292. https://doi.org/10.1080/19361610.2024.2372986
Burita, L., Matoulek, P., Halouzka, K., & Kozak, P. (2021). Analysis of phishing emails. AIMS Electronics and Electrical Engineering, 5(1), 93–116. https://doi.org/10.3934/ELECTRENG.2021006
Burns, A., Johnson, M., Organizational, D. C.-J. of, & 2019, undefined. (2019). Spear phishing in a barrel: Insights from a targeted phishing campaign. Taylor & Francis, 29(1), 24–39. https://doi.org/10.1080/10919392.2019.1552745
Campbell, C. C. (2019). Solutions for counteracting human deception in social engineering attacks. Information Technology & People, 32(5), 1130-1152.
Cochran, K. A. (2024). Social Engineering: Manipulating the Human Element. Cybersecurity Essentials, 365–384. https://doi.org/10.1007/979-8-8688-0432-8_13
Creese, S., Dutton, W. H., Esteve-González, P., & Shillair, R. (2021). Cybersecurity capacity-building: cross-national benefits and international divides. Journal of Cyber Policy, 6(2), 214–235. https://doi.org/10.1080/23738871.2021.1979617
EDUCAUSE Center for Analysis and Research (2021). The Increasing Threat of Ransomware in Higher Education. Why IT Matters to Higher Education. https://er.educause.edu/articles/2021/6/the-increasing-threat-of-ransomware-in-higher-education
Femi-Oyewole, F., Osamor, V., & Okunbor, D. (2024, April). A systematic review of social engineering attacks & techniques: The past, present, and future. In 2024 International Conference on Science, Engineering and Business for Driving Sustainable Development Goals (SEB4SDG) (pp. 1-12). IEEE. https://doi.org/10.1109/SEB4SDG60871.2024.10629836
Gururaj, H., Janhavi, V., & Ambika, V. (2024). Social Engineering in Cybersecurity: Threats and Defenses.
Hadan, H., Wang, D. M., Nacke, L. E., & Zhang-Kennedy, L. (2024, May). Privacy in immersive extended reality: Exploring user perceptions, concerns, and coping strategies. In Proceedings of the 2024 CHI Conference on Human Factors in Computing Systems (pp. 1-24).https://doi.org/10.1145/3613904.3642104
Hadlington, L. (2017). Human factors in cybersecurity; examining the link between Internet addiction, impulsivity, attitudes towards cybersecurity, and risky cybersecurity behaviours. Heliyon, 3(7), https://doi.org/10.1016/j.heliyon.2017.e00346
Hussain, H., & Abbas, R. (2025). The role of social engineering and human factors in cybersecurity defense. https://www.theseus.fi/handle/10024/878762
Jeong, J., Mihelcic, J., Oliver, G., & Rudolph, C. (2019, December). Towards an improved understanding of human factors in cybersecurity. In 2019 IEEE 5th international conference on collaboration and internet computing (CIC) (pp. 338-345). IEEE. https://ieeexplore.ieee.org/abstract/document/8998491/
Jones, K. S., Armstrong, M. E., Tornblad, M. K., & Siami Namin, A. (2020). How social engineers use persuasion principles during vishing attacks. Information and Computer Security, 29(2), 314–331. https://doi.org/10.1108/ICS-07-2020-0113/FULL/HTML
Karthikeyan, S. (n.d.). Cybersecurity in Education: Safeguarding Digital Learning Environments. Researchgate.Net. Retrieved April 22, 2025
Kendall, C. (2022). Kendall, C. L. (2022). The Openness of Higher Education and Implications on Cybersecurity (Master’s thesis, Utica University).
Kirda, E., Computer, C. K.-29th A. I., & 2005, undefined. (n.d.). Protecting users against phishing attacks with antiphish. Ieeexplore.Ieee.Org. Retrieved April 21, 2025
Kruger, H. A., & Kearney, W. D. (2006). A prototype for assessing information security awareness. Computers & security, 25(4), 289-296.
Kumaraguru, P., Rhee, Y., Acquisti, A., Cranor, L. F., Hong, J., & Nunge, E. (2007, April). Protecting people from phishing: the design and evaluation of an embedded training email system. In Proceedings of the SIGCHI conference on Human factors in computing systems (pp. 905-914).
Lallie, H. S., Thompson, A., Titis, E., & Stephens, P. (2025). Analysing cyber attacks and cyber security vulnerabilities in the university sector. Computers, 14(2), 49.
Langlois, P. (2020). 2020 data breach investigations report. https://www.cisecurity.org/-/jssmedia/Project/cisecurity/cisecurity/data/media/files/uploads/2020/07/The-2020-Verizon-Data-Breach-Investigations-Report-DBIR.pdf
Marble, J. L., Lawless, W. F., Mittu, R., Coyne, J., Abramson, M., & Sibley, C. (2015). The human factor in cybersecurity: Robust & intelligent defense. Advances in Information Security, 56, 173–206. https://doi.org/10.1007/978-3-319-14039-1_9
Mouton, F., Leenen, L., & Security, H. V.-C. &. (2016). Social engineering attack examples, templates and scenarios. Elsevier. https://www.sciencedirect.com/science/article/pii/S0167404816300268
Mouton, F., Leenen, L., & Venter, H. S. (2016). Social engineering attack examples, templates and scenarios. Computers & Security, 59, 186–209. https://doi.org/10.1016/J.COSE.2016.03.004
Mudi, S. (2024). Social Engineering Techniques and Their Impact on National Values in Higher Education.
Pfleeger, S. L., & Caputo, D. D. (2012). Leveraging behavioral science to mitigate cyber security risk. Computers & security, 31(4), 597-611.
Puhakainen, P., & Siponen, M. (2010). Improving employees’ compliance through information systems security training: An action research study. MIS Quarterly: Management Information Systems, 34(4), 757–778. https://doi.org/10.2307/25750704
Riahi, E., & Islam, M. S. (2025). Employees’ information security awareness (ISA) in public organisations: insights from cross-cultural studies in Sweden, France, and Tunisia. Behaviour & Information Technology, 44(1), 79-101. https://doi.org/10.1080/0144929X.2024.2311734
Schmitt, M., & Flechais, I. (2024). Digital deception: generative artificial intelligence in social engineering and phishing. Artificial Intelligence Review, 57(12), 324. https://doi.org/10.1007/S10462-024-10973-2
Shillair, R., Author, F., Esteve-González, P., Dutton, W. H., Creese, S., Nagyfejeo, E., & Von Solms, B. (n.d.). Cybersecurity education, awareness raising, and training initiatives: National level evidence-based results, challenges, and promise. Elsevier. Retrieved April 21, 2025, from https://www.sciencedirect.com/science/article/pii/S0167404822001511
Singh, T. (2025). Social Engineering: Exploiting Human Psychology. In Cybersecurity, Psychology and People Hacking (pp. 95-100). Cham: Springer Nature Switzerland. https://doi.org/10.1007/978-3-031-85994-6_7
Ustundag Soykan, E., & Bagriyanik, M. (2020). The effect of SMiShing attack on security of demand response programs. Energies, 13(17), 4542.
Vishwanath, A. (2015). Examining the distinct antecedents of e-mail habits and its influence on the outcomes of a phishing attack. Journal of Computer-Mediated Communication, 20(5), 570-584. https://doi.org/10.1111/jcc4.12126
Weimann, G. (2015). Terrorism in cyberspace: The next generation.
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Samuel Adu-Gyimah, Oliver Kufour Boansi, George Asante, Prince Clement Addo
This work is licensed under a Creative Commons Attribution 4.0 International License.
