Select Page

Research Library

The world’s first globally accessible archive of research into the human aspect of cyber security and behavioural science as applied to cyber security awareness and online behavioural change.

To see the latest studies from pioneering academics, scroll down.

Teaching Johnny not to fall for phish

Research focusing on educating users about phishing and identifying phishing emails, as opposed to using technology for prevention and detection. The research identified multiple problems, namely: that people were not motivated to learn about security; that security...

On the failure to eliminate hypotheses in a conceptual task

This study examines the extent to which individuals seek confirming – or disconfirming – evidence, instead of actually testing a hypothesis. Results indicated that, often, individuals are unwilling (or unable) to test their hypotheses.    

Understanding scam victims: Seven principles for systems security

The success of many attacks on computer systems can be traced back to the security engineers not understanding the psychology of the system users they meant to protect. We examine a variety of scams and “short cons” that were investigated, documented and recreated for...

The effectiveness of deceptive tactics in phishing

Phishing, or the attempt of criminals to obtain sensitive information through a variety of techniques, is still a serious problem for IT managers and Internet consumers. With over 57 million Americans exposed to phishing in 2005, a reported 5% of recipients were...