Reducing Phishing Susceptibility among University Students: A Pre–Post Cybersecurity Awareness Intervention
DOI:
https://doi.org/10.32628/CSEIT26121325Keywords:
Phishing, Cybersecurity Awareness, Social Engineering, University Students, Behavioral Security, Pre-Post ExperimentAbstract
Phishing attacks remain one of the most persistent cybersecurity threats in higher education institutions, where students heavily rely on digital communication systems such as email and online academic platforms. Due to limited cybersecurity awareness and high trust in institutional messages, university students are particularly vulnerable to social engineering attacks. This study evaluates the effectiveness of a short-duration phishing- awareness intervention in reducing phishing susceptibility among undergraduate students. A quantitative pre-test and post-test experimental design was conducted involving 60 students from the Informatics Engineering Study Program at Nusa Putra University. Participants were exposed to a simulated phishing email prior to a structured 30-minute awareness training session and re-evaluated one week later using a comparable phishing simulation. The findings indicate a measurable reduction in phishing click behavior and an improvement in phishing detection confidence after the intervention. The results demonstrate that brief, structured cybersecurity awareness training can significantly enhance human-centered cybersecurity defenses within university environments.
Downloads
References
M. Alsharnouby, F. Alaca, and S. Chiasson, “Why phishing still works: User strategies for combating phishing attacks,” Int. J. Hum. Comput. Stud., vol. 82, pp.69–82, Oct. 2015, doi: 10.1016/j.ijhcs.2015.05.005. DOI: https://doi.org/10.1016/j.ijhcs.2015.05.005
M. Bada, M. A. Sasse, and J. R. C. Nurse, “Cyber security awareness campaigns: Why do they fail to change behaviour?,” 2019.
D. D. Caputo, S. L. Pfleeger, J. D. Freeman, and M. E. Johnson, “Going Spear Phishing: Exploring Embedded Training and Awareness,” IEEE Secur. Priv., vol. 12, no. 1, pp. 28–38, Jan. 2014, doi:10.1109/MSP.2013.106. DOI: https://doi.org/10.1109/MSP.2013.106
Cybersecurity and Infrastructure Security Agency (CISA), “Phishing guidance: Stopping the attack cycle at phase one,” U.S. Department of Homeland Security.
Kusuma, Kranthi Kiran. (2025). Cross-Carrier Certification Challenges and Solutions for Multi-National Device Deployments. International Journal of Research and Analytical Reviews. 12. 10.56975/ijrar.v12i3.319333. DOI: https://doi.org/10.56975/ijrar.v12i3.319333
Cybersecurity and Infrastructure Security Agency (CISA), “Recognize and report phishing,” U.S. Department of Homeland Security.
N. Elmrabit, F. Zhou, F. Li, and H. Zhou, “Evaluation of Machine Learning Algorithms for Anomaly Detection,” in 2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security), IEEE, Jun. 2020, pp. 1–8. doi:10.1109/CyberSecurity49315.2020.9138871. DOI: https://doi.org/10.1109/CyberSecurity49315.2020.9138871
S. Dawkins and J. Jacobs, “NIST Phish Scale user guide,” Nov. 2023. doi: 10.6028/NIST.TN.2276. DOI: https://doi.org/10.6028/NIST.TN.2276
E. D. Frauenstein and S. Flowerday, “Susceptibility to phishing on social network sites: A personality information processing model,” Comput. Secur., vol. 94, p. 101862, Jul. 2020, doi:10.1016/j.cose.2020.101862. DOI: https://doi.org/10.1016/j.cose.2020.101862
A. Allen, A. Mylonas, S. Vidalis, and D. Gritzalis, “Smart homes under siege: Assessing the robustness of physical security against wireless network attacks,” Comput. Secur., vol. 139, p. 103687, Apr. 2024, doi: 10.1016/j.cose.2023.103687. DOI: https://doi.org/10.1016/j.cose.2023.103687
P. Kumaraguru, S. Sheng, A. Acquisti, L. F. Cranor, and J. Hong, “Teaching Johnny not to fall for phish,” ACM Trans. Internet Technol., vol. 10, no. 2, pp.1–31, May 2010, doi: 10.1145/1754393.1754396. DOI: https://doi.org/10.1145/1754393.1754396
S. Sheng, M. Holbrook, P. Kumaraguru, L. F. Cranor, and J. Downs, “Who falls for phish?,” in Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, New York, NY, USA: ACM, Apr. 2010, pp. 373–382. doi:10.1145/1753326.1753383. DOI: https://doi.org/10.1145/1753326.1753383
Z. A. Wen, Z. Lin, R. Chen, and E. Andersen, “What.Hack,” in Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems, New York, NY, USA: ACM, May 2019, pp. 1–12. doi:10.1145/3290605.3300338. DOI: https://doi.org/10.1145/3290605.3300338
C. Chau, R. S. W. Chan, J. Liang, and K.-T. Poon, “The relationship of sexual objectification with internet addiction and its implications for mental health,” Comput. Human Behav., vol. 155, p. 108179, Jun. 2024, doi: 10.1016/j.chb.2024.108179. DOI: https://doi.org/10.1016/j.chb.2024.108179
Kusuma, Kranthi Kiran. (2025). Impact Analysis of VoLTE and NB-IoT Implementation on Carrier Network Performance. 5. 104-110. 10.56472/25832646/JETA-V5I2P112.
Mishra, Chandan. (2025). Utilizing PeopleSoft Test Framework (PTF) for Efficient System Testing. International Journal of Research and Analytical Reviews. 12. 10.56975/ijrar.v12i3.319332. DOI: https://doi.org/10.56975/ijrar.v12i3.319332
Downloads
Published
Issue
Section
License
Copyright (c) 2026 International Journal of Scientific Research in Computer Science, Engineering and Information Technology
This work is licensed under a Creative Commons Attribution 4.0 International License.
