Phishing awareness and preventive measures among university students: knowledge, behaviors, and victimisation perspectives
DOI:
https://doi.org/10.29352/mill0229.43489Keywords:
phishing awareness; cybersecurity; preventive measures; behaviourAbstract
Introduction: Phishing poses significant risks to individuals and organisations, particularly university students who frequently use online platforms and handle sensitive information. Despite the availability of education and training programs, there is a limited understanding of how knowledge, awareness, and preventive measures interact to reduce phishing risks.
Objective: To explore the relationships between knowledge of phishing, preventive measures, cybersecurity awareness, phishing awareness, and victimisation among university students.
Methods: This quantitative study employed a survey-based approach involving 202 university students. Data were collected using self-administered questionnaires, and 10 hypotheses were tested to analyse relationships among key factors related to phishing awareness, behaviour, and victimisation.
Results: Positive correlations were identified between preventive measures and cybersecurity and phishing awareness, emphasising the importance of proactive behaviours. However, knowledge of phishing showed no significant relationship with awareness or preventive behaviours, indicating that knowledge alone does not lead to effective action. Despite preventive efforts, 27.2% of students reported experiencing phishing attacks, highlighting the need for more robust and practical strategies.
Conclusion: The findings suggest that targeted phishing education, training, and awareness programmes are essential for improving defensive behaviours against phishing. This study offers actionable insights for educators, policymakers, and cybersecurity professionals to develop more effective training initiatives that reduce phishing risks, particularly among high-risk groups such as university students.
Downloads
References
Ajzen, I. (2011). The theory of planned behaviour: Reactions and reflections. Psychology & Health, 26(9), 1113-1127. https://doi.org/10.1080/08870446.2011.613995
Akter, S., Uddin, M. R., Sajib, S., Lee, W. J. T., Michael, K., & Hossain, M. A. (2022). Reconceptualising cybersecurity awareness capability in the data-driven digital economy. Annals of Operations Research. https://doi.org/10.1007/s10479-022-04844-8
Al-Hawamleh, A. M. (2024a). Cyber resilience framework: Strengthening defenses and enhancing continuity in business security. International Journal of Computing and Digital Systems, 15(1), 1315-1331. https://doi.org/10.12785/ijcds/150193
Al-Hawamleh, A. M. (2024b). Securing the future: Framework fundamentals for cyber resilience in advancing organisations. Journal of System and Management Sciences, 14(10), 130-150. https://doi.org/10.33168/JSMS.2024.1008
Alam, R. G. G., Ibrahim, H., & Karas, I. R. (2024). Key issues in cybersecurity implementation in government agencies: A case study in Jakartasmart city. Communications in Computer and Information Science, 2001, 3-16. https://doi.org/10.1007/978-981-99-9589-9_1
An, Q., Hong, W. C. H., Xu, X., Zhang, Y., & Kolletar-Zhu, K. (2023). How education level influences internet security knowledge, behaviour, and attitude: A comparison among undergraduates, postgraduates and working graduates. International Journal of Information Security, 22(2), 305-317. https://doi.org/10.1007/s10207-022-00637-z
Ayhan, B., Kose, S., Saban Guler, M., & Bilici, S. (2025). Can social media be a threat or an opportunity to public health via the impacts on diet quality?. Frontiers in Public Health, 13, 1679178. https://doi.org/10.3389/fpubh.2025.1679178
Aziz, M.A.A., Riskhan, B., Zakaria, N.H., & Jambli, M.N. (2024). An exploratory study of automated anti-phishing system. In N. H. Zakaria, N. S. Mansor, H. Husni, & F. Mohammed (Eds.), Computing and Informatics. ICOCI 2023. Communications in Computer and Information Science (Vol. 2001, pp. 45-60). Springer. https://doi.org/10.1007/978-981-99-9589-9_5
Deci, E. L., & Ryan, R. M. (2012). Self-determination theory. In P. A. M. Van Lange, A. W. Kruglanski, & E. T. Higgins (Eds.), Handbook of theories of social psychology, 1(20), 416-436. https://doi.org/10.4135/9781446249215.n21
Edwards, J. (2024). Security policies and procedures. In Mastering Cybersecurity: Strategies, Technologies, and Best Practices, 413-434. https://doi.org/10.1007/979-8-8688-0297-3_12
Ezati Rad, R., Mohseni, S., Kamalzadeh Takhti, H., Hassani Azad, M., Shahabi, N., Aghamolaei, T., & Norozian, F. (2021). Application of the protection motivation theory for predicting COVID-19 preventive behaviors in Hormozgan, Iran: A cross-sectional study. BMC Public Health, 21(1), 466. https://doi.org/10.1186/s12889-021-10500-w
Frauenstein, E. D., Flowerday, S., Mishi, S., & Warkentin, M. (2023). Unraveling the behavioral influence of social media on phishing susceptibility: A Personality-Habit-Information Processing model. Information and Management, 60(7), 103858. https://doi.org/10.1016/j.im.2023.103858
Gagné, M., Parker, S. K., Griffin, M. A., Dunlop, P. D., Knight, C., Klonek, F. E., & Parent-Rocheleau, X. (2022). Understanding and shaping the future of work with self-determination theory. Nature Reviews Psychology, 1(7), 378-392. https://doi.org/10.1038/s44159-022-00056-w
Hong, W. C. H., Chi, C., Liu, J., Zhang, Y., Lei, V. N.-L., & Xu, X. (2023). The influence of social education level on cybersecurity awareness and behaviour: a comparative study of university students and working graduates. Education and Information Technologies, 28(1), 439-470. https://doi.org/10.1007/s10639-022-11121-5
Kadaviparambil, S. T. (2025). Generational cyber curiosity: A quantitative study of security situational awareness [Tesis doctoral, Universidad correspondiente]. ProQuest Dissertations & Theses Global.
Katuk, N., Ruhani, A. B., Malik, M., Mahamood, A. K., & Omar, M. S. A. (2024). Protecting higher learning institutions from phishing attacks: A staff awareness program. Intelligent Systems of Computing and Informatics, 114-132. https://doi.org/10.1201/9781003400387-8
Katuk, N., Zaimy, N. A., Krishnan, S., Kunhiraman, R. K., Lee, H. H., & Eleyan, D. (2024). Fostering cyber-resilience in higher education: A pilot evaluation of a malware awareness program for college students. Communications in Computer and Information Science, 2002, 154-167. https://doi.org/10.1007/978-981-99-9592-9_12
Kudus, N., Sidek, S., Izharrudin, Z., Kamalrudin, M., Abu Hassan, M., & Mohamed, S. (2017). Internet usage pattern and types of Internet users among Malaysian university students. Journal of Engineering and Applied Sciences, 12(6), 1433-1439. https://doi.org/10.3923/jeasci.2017.1433.1439
Maisto, S. A., Carey, K. B., & Bradizza, C. M. (1999). Social learning theory. In K.E. Leonard & H.T. Blane (Eds.), Psychological theories of drinking and alcoholism (2ª ed., pp. 106-163). Guilford Press.
Marikyan, D., & Papagiannidis, S. (2023). Protection motivation theory: A review. TheoryHub Book, 78-93. Newcastle University. https://open.ncl.ac.uk/theory-library/TheoryHubBook.pdf
Rehman, M., Akbar, R., Omar, M., & Gilal, A. R. (2024). A systematic literature review of ransomware detection methods and tools for mitigating potential attacks. Communications in Computer and Information Science, 2001, 80-95. https://doi.org/10.1007/978-981-99-9589-9_7
Sarker, O., Jayatilaka, A., Haggag, S., Liu, C., & Babar, M. A. (2024). A multi-vocal literature review on challenges and critical success factors of phishing education, training and awareness. Journal of Systems and Software, 208, 111899. https://doi.org/10.1016/j.jss.2023.111899
Sulaiman, N. S., Fauzi, M. A., Hussain, S., & Wider, W. (2022). Cybersecurity behavior among government employees: The role of protection motivation theory and responsibility in mitigating cyberattacks. Information, 13(9), 413. https://doi.org/10.3390/info13090413
Švábenský, V., Weiss, R., Cook, J., Vykopal, J., Celeda, P., MacHe, J., Chudovský, R., & Chattopadhyay, A. (2022). Evaluating two approaches to assessing student progress in cybersecurity exercises. SIGCSE 2022 - Proceedings of the 53rd ACM Technical Symposium on Computer Science Education, 1, 787-793. https://doi.org/10.1145/3478431.3499414
Wong, L.-W., Lee, V.-H., Tan, G. W.-H., Ooi, K.-B., & Sohal, A. (2022). The role of cybersecurity and policy awareness in shifting employee compliance attitudes: Building supply chain capabilities. International Journal of Information Management, 66, 102520. https://doi.org/10.1016/j.ijinfomgt.2022.102520
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Millenium - Journal of Education, Technologies, and Health
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who submit proposals for this journal agree to the following terms:
a) Articles are published under the Licença Creative Commons (CC BY 4.0), in full open-access, without any cost or fees of any kind to the author or the reader;
b) The authors retain copyright and grant the journal right of first publication, allowing the free sharing of work, provided it is correctly attributed the authorship and initial publication in this journal;
c) The authors are permitted to take on additional contracts separately for non-exclusive distribution of the version of the work published in this journal (eg, post it to an institutional repository or as a book), with an acknowledgment of its initial publication in this journal;
d) Authors are permitted and encouraged to publish and distribute their work online (eg, in institutional repositories or on their website) as it can lead to productive exchanges, as well as increase the impact and citation of published work
Documents required for submission
Article template (Editable format)
