A Pilot Study to Assess the Success Rate of Email Scams by Phishing: Case in Lebanon

Abstract

Nowadays, almost everyone with internet access has an email address. That has made it easier for individuals and companies to properly store data, buy and sell products, communicate with others, entertainment, and many more. Phishing is one of the highest cybersecurity risks; it is a process where an attacker poses as a legitimate individual or institution and contacts an individual or a group of individuals by phone calls, messages, or emails to lure them into performing specific actions such as sending their sensitive information; credit card information or log in details, by clicking on malicious links or attachments. This research aims to assess the success rate of email scams by phishing. The study uses targeted email phishing by applying the phishing tool Zphisher, creating fake phishing emails, and sending them to 15 Lebanese participants. Findings demonstrated that the likelihood of Lebanese users clicking on suspicious links found in emails is about 53%, and surprisingly 13.3% of the participants fell for the entire attack. This shows that Lebanese people are constantly aware of the harmful techniques that hackers are using to reach for and steal personal information. The findings benefit policymakers and practitioners in organizations to keep track of and mitigate cyber risks by phishing. Higher education institutions (HEIs) and other Lebanese institutions must offer specialized training to students and employees alike to raise cybersecurity knowledge that could affect business-sensitive information.