Phishing attack awareness amongst users at a university of technology in the Western Cape

Abstract

Phishing attacks have emerged as a significant cybersecurity threat, particularly for university students who heavily rely on institutional networks for their academic and personal activities. These attacks often deceive users into revealing sensitive information, such as login credentials, leading to potential data breaches and financial losses. Numerous studies have highlighted the growing prevalence of phishing in academic environments, emphasising the need for enhanced awareness and preventive measures. This study aims to develop a phishing attack awareness framework for users at a University of Technology in the Western Cape. Through a qualitative case study approach, data was collected via surveys from students, academics, and IT staff within the university’s Department of Information Technology. The data was analysed using thematic analysis, revealing key insights into the frequency, strategies, and user awareness of phishing attacks. The findings show that phishing attacks are common within the university, with many users unaware of the sophisticated tactics used by attackers. The research also identified critical gaps in the current awareness programs, including inconsistencies in phishing reminders and low participation in awareness training. Based on these findings, this study recommends a more structured and frequent phishing awareness program, incorporating real-time phishing simulations and regular training to strengthen user defences against phishing attacks. The proposed framework addresses the urgent need for heightened cybersecurity education among university users. It aims to reduce end-users' vulnerability to phishing attacks and enhance overall institutional cybersecurity resilience.