{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,30]],"date-time":"2025-12-30T17:44:04Z","timestamp":1767116644138,"version":"3.41.2"},"reference-count":11,"publisher":"Emerald","issue":"4","license":[{"start":{"date-parts":[[2015,10,12]],"date-time":"2015-10-12T00:00:00Z","timestamp":1444608000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015,10,12]]},"abstract":"<jats:sec>\n               <jats:title content-type=\"abstract-heading\">Purpose<\/jats:title>\n               <jats:p> \u2013 The purpose of this paper is to propose a framework to address the problem that email users are not well-informed or assisted by their email clients in identifying possible phishing attacks, thereby putting their personal information at risk. This paper therefore addresses the human weakness (i.e. the user\u2019s lack of knowledge of phishing attacks which causes them to fall victim to such attacks) as well as the software related issue of email clients not visually assisting and guiding the users through the user interface. <\/jats:p>\n            <\/jats:sec>\n            <jats:sec>\n               <jats:title content-type=\"abstract-heading\">Design\/methodology\/approach<\/jats:title>\n               <jats:p> \u2013 A literature study was conducted in the main field of information security with a specific focus on understanding phishing attacks and a modelling technique was used to represent the proposed framework. This paper argues that the framework can be suitably implemented for email clients to raise awareness about phishing attacks. To validate the framework as a plausible mechanism, it was reviewed by a focus group within the School of Information and Communication Technology (ICT) at the Nelson Mandela Metropolitan University (NMMU). The focus group consisted of academics and research students in the field of information security. <\/jats:p>\n            <\/jats:sec>\n            <jats:sec>\n               <jats:title content-type=\"abstract-heading\">Findings<\/jats:title>\n               <jats:p> \u2013 This paper argues that email clients should make use of feedback mechanisms to present security related aspects to their users, so as to make them aware of the characteristics pertaining to phishing attacks. To support this argument, it presents a framework to assist email users in the identification of phishing attacks. <\/jats:p>\n            <\/jats:sec>\n            <jats:sec>\n               <jats:title content-type=\"abstract-heading\">Research limitations\/implications<\/jats:title>\n               <jats:p> \u2013 Future research would yield interesting results if the proposed framework were implemented into an existing email client to determine the effect of the framework on the user\u2019s level of awareness of phishing attacks. Furthermore, the list of characteristics could be expanded to include all phishing types (such as clone phishing, smishing, vishing and pharming). This would make the framework more dynamic in that it could then address all forms of phishing attacks. <\/jats:p>\n            <\/jats:sec>\n            <jats:sec>\n               <jats:title content-type=\"abstract-heading\">Practical implications<\/jats:title>\n               <jats:p> \u2013 The proposed framework could enable email clients to provide assistance through the user interface. Visibly relaying the security level to the users of the email client, and providing short descriptions as to why a certain email is considered suspicious, could result in raising the awareness of the average email user with regard to phishing attacks. <\/jats:p>\n            <\/jats:sec>\n            <jats:sec>\n               <jats:title content-type=\"abstract-heading\">Originality\/value<\/jats:title>\n               <jats:p> \u2013 This research presents a framework that email clients can use to identify common forms of normal and spear phishing attacks. The proposed framework addresses the problem that the average Internet user lacks a baseline level of online security awareness. It argues that the email client is the ideal place to raise the awareness of users regarding phishing attacks.<\/jats:p>\n            <\/jats:sec>","DOI":"10.1108\/ics-10-2014-0070","type":"journal-article","created":{"date-parts":[[2015,10,12]],"date-time":"2015-10-12T19:42:32Z","timestamp":1444678952000},"page":"370-381","source":"Crossref","is-referenced-by-count":8,"title":["A framework to assist email users in the identification of phishing attacks"],"prefix":"10.1108","volume":"23","author":[{"given":"Andr\u00e9","family":"L\u00f6tter","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lynn","family":"Futcher","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"140","reference":[{"key":"key2020122004564313400_b1","unstructured":"Ayodele, T.\n               , \n                  Shoniregun, C.A.\n                and \n                  Akmayeva, G.\n                (2012), \u201cAnti-phishing prevention measure for email systems\u201d, \n                  Internet Security (WorldCIS\n               ), Guelph, Guelph, ON."},{"key":"key2020122004564313400_b2","doi-asserted-by":"crossref","unstructured":"Chen, J.\n                and \n                  Guo, C.\n                (2006), \u201cOnline detection and prevention of phishing attacks\u201d, ChinaCom \u201806 First International Conference Communications and Networking in China, Beijing.","DOI":"10.1109\/CHINACOM.2006.344718"},{"key":"key2020122004564313400_b3","doi-asserted-by":"crossref","unstructured":"Furnell, S.\n                (2005), \u201cWhy users cannot use security\u201d, \n                  Computers & Security\n               , Vol. 24 No. 4, pp. 274-279.","DOI":"10.1016\/j.cose.2005.04.003"},{"key":"key2020122004564313400_b4","unstructured":"Jagatic, T.\n               , \n                  Johnson, N.\n               , \n                  Jakobsson, M.\n                and \n                  Menczer, F.\n                (2005), \n                  Social Phishing\n               , Indiana University, ACM, Bloomington, IL."},{"key":"key2020122004564313400_b5","unstructured":"Janssen, C.\n               , (2013), \u201cSpear phishing\u201d, available at: www.techopedia.com\/definition\/4121\/spear-phishing (accessed 29 April 2013)."},{"key":"key2020122004564313400_b6","unstructured":"Ledford, J.\n                (2013), \u201cSpear phishing: identity theft\u2019s new black\u201d, available at: http:\/\/idtheft.about.com\/od\/theftmethods\/a\/Spear_Phishing.htm (accessed 1 May 2013)."},{"key":"key2020122004564313400_b7","unstructured":"L\u00f6tter, A.\n                and \n                  Futcher, L.\n                (2013), \u201cA framework to assist e-mail clients in the identification of phishing scams\u201d, 15th Annual Conference on WWW Applications, Cape Town."},{"key":"key2020122004564313400_b8","unstructured":"Miniwatts Marketing Group\n                (2012), \u201cInternet usage statistics\u201d, available at: www.internetworldstats.com\/stats.htm (accessed 30 March 2013)."},{"key":"key2020122004564313400_b9","unstructured":"Orloff, J.\n                (2012), \u201cPhishing: a look inside the statistics\u201d, available at: www.allspammedup.com\/2012\/09\/phishing-a-look-inside-the-statistics\/ (accessed 30 March 2013)."},{"key":"key2020122004564313400_b10","unstructured":"Spamhaus\n                (2010), \u201cWhitepapers: effective spam filtering\u201d, available at: www.spamhaus.org\/whitepapers\/effective_filtering\/ (accessed 16 July 2013)."},{"key":"key2020122004564313400_b11","doi-asserted-by":"crossref","unstructured":"Wang, J.\n               , \n                  Herath, T.\n               , \n                  Rui, C.\n               , \n                  Vishwanath, A.\n                and \n                  Rao, H.R.\n                (2012), \u201cPhishing susceptibility: an investigation into the processing of a targeted spear phishing email\u201d, \n                  Professional Communication, IEEE Transactions\n               , Vol. 55 No. 4, pp. 345-362.","DOI":"10.1109\/TPC.2012.2208392"}],"container-title":["Information &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/ICS-10-2014-0070","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-10-2014-0070\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-10-2014-0070\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:23:14Z","timestamp":1753406594000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/23\/4\/370-381\/113602"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,10,12]]},"references-count":11,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2015,10,12]]}},"alternative-id":["10.1108\/ICS-10-2014-0070"],"URL":"https:\/\/doi.org\/10.1108\/ics-10-2014-0070","relation":{},"ISSN":["2056-4961"],"issn-type":[{"type":"print","value":"2056-4961"}],"subject":[],"published":{"date-parts":[[2015,10,12]]}}}