Ever since the inception of the internet, the two most frequently encountered misconducts have been cyberbullying and phishing.
Cyberbullying is the intentional infliction of harm through a computer, smartphone, or similar devices. In 2016, 34% of high school students in the US reported experiencing cyberbullying victimization at some point in their lives. This percentage increased to 89% in 2007. Worldwide, the prevalence of cyberbullying perpetration and victimization among college students and adolescents ranges from 5 to 30% and 10 to 40%, respectively.
Compared to offline bullying, this new type of deviance in cyberspace is greatly enhanced by the meteoric rise of social media, which made communication among billions of people possible literally with a touch of a button. Besides cyberbullying, phishing is one of the most disruptive and well-known cyber threats, leading to many compromised credentials and the majority of data breaches worldwide. Phishing scams are becoming increasingly more deceptive with sophisticated attacks that can deceive end-users through, for example, spoofed websites, individualized emails, and even fake phone calls.
Image Credit: Leremy/Shutterstock.com
Is Cyberbullying Difficult to Define?
In a study by Huang and Chou, a survey of Taiwan junior high school students was conducted and found that some students thought cyber-bullying was nothing to worry about and intervention was unnecessary and even unwelcomed. In multiple studies, the people involved expressed uncertainty about defining messages or comments as cyberbullying. These people acknowledged that the recipient might wrongly perceive the intended message of the alleged bully. They mentioned that one might presume the message was meant as humorous, while others saw it as aggressive.
As a general rule, it was observed that the guardians were eager to intervene only if they interpreted the incidence as severe cyberbullying. This was also observed in a study comprised of Czech pupils; the stronger the emotional reaction of school-aged children to cyberbullying, the higher the likelihood of supporting the victim. The more distressful the incident for the victim, the more likely it was for guardians to take action. Lastly, an interesting phenomenon observed in multiple studies was that young guardians have fairly consistently expressed a greater willingness to help victims of cyberbullying or actually helped the victims when they possess higher levels of self-efficacy.
For example, in a study of seventh and ninth-grade Australian students, self-efficacy was positively correlated with cyber-bullying intervention. In other studies, guardians expressed greater willingness to seek help from administrators or the police when bullies were more popular than victims. This trend may demonstrate that guardians consider popularity as a factor for potential intervention.
Tackling Cyber-bullying
Anti-bullying software is a great place to start, but it cannot be the only measure. Information about what exactly makes a piece of text cyberbullying should be made available to the public. Internet platforms might consider not simply hiding flagged content but instead providing explanations on why this particular content was removed from their site to explicitly demonstrate what behavior is and is not acceptable on their platform.
Platforms might also consider mentioning their successful efforts in stopping cyberbullying, thereby encouraging a sense of collective efficacy. This tactic could demonstrate their effectiveness to guardians, encouraging them, in turn, to act when and if needed.
Image Credit: smx12/Shutterstock.com
Phishing in Detail
The basic and most common form of phishing-related scams is Identity Deception. Here, the deceiver may target a victim and individualize the attack by gathering enough information about the victim to consolidate the attack and increase the likelihood of the user falling victim to it. Another manipulation technique is by providing the intended victim with generalized information, but the criminals present themselves as a trusted, well-known organization and provide instructions to the victims that they are inclined to follow.
The John Podesta Case shows that, despite a user's technical expertise and background, anyone can fall victim to these attacks, even a white house chief of staff, and the consequences can be dire. The term "Phishing" was originally used in 1996 when hackers stole online data from American accounts. Nowadays, there are a number of different phishing attacks, such as Malware Based Phishing, Screen-loggers, Web Trojans, Spear Phishing, Search Engine Phishing, Content Injection Phishing, and Vishing.
Understanding and Battling Phishing
S. Das et al., in their systematic literature review of user studies in published ACM papers on phishing, found that there are several discernible data trends. The breadth of the studied research concentrates primarily on the technical characteristics of phishing attacks, such as the content and appearance of spoofed website URLs or phishing emails and ads. The individual aspects of end-users and risk communication or mental models were very rarely the point of focus.
The majority of research concluded that developing security indicators or warning tools would be beneficial for users. In the aforementioned studies, however, important details about the participants were not presented when they could have been explored in depth. Demographic and personal factors such as technical expertise may play a significant role in individual responses to security threats. Thus, these details are important for any conclusive user-focused studies. Yet even the researchers who developed training tools or games which focused on risk communication seldom discussed the details of their users and any behavioral variations that might be related to these specific circumstances.
While it is extremely important to provide technical solutions, understanding the human factors that allow a phisher to successfully exploit the user is crucial for detection, prevention, and mitigation plans. Risk communication is an emerging field in phishing that aims to employ more efficient training methods for the previously mentioned reasons. Therefore, in the future, it would be beneficial for researchers to report accurate demographic and other study-relevant information on their participants. Second, assuming that the current lack of reporting reflects a lack of intentional, strategic recruitment strategy, future researchers should concentrate on recruiting more diverse and representative sample pools.
By doing so, simulating the intended audience to benefit from the phishing research goal would be easier. This may include a commitment to a participant group with, at a minimum, an equal gender balance, a wide range of ages and educational attainment, varying racial, ethnic, and cultural backgrounds, and multiple levels of technical literacy. Only then can researchers begin to pay careful attention to any systematic variation between these attributes and participants' reported behaviors, goals, and mindsets. This approach will ultimately help them to draw valid conclusions about the matter.
Sources:
- S. Das et al. (2019) All About Phishing Exploring User Research through a Systematic Literature Review, https://arxiv.org/abs/1908.05897
- Ireland et al. (2020)Preconditions for guardianship interventions in cyberbullying: Incident interpretation, collective and automated efficacy, and relative popularity of bullies Computers in Human Behavior Volume 113 https://doi.org/10.1016/j.chb.2020.106506
- Cho et al. (2020)Examining the impacts of low self-control and online lifestyles on cyberbullying perpetration among Korean adolescents: Using parallel process latent growth curve modeling Children and Youth Services Review Volume 117,105288 https://doi.org/10.1016/j.childyouth.2020.105288
Further Reading