The Internet’s increasing connectivity through devices and systems, particularly with the Internet of Things (IoT), has expanded the threat landscape, making cybersecurity a constantly evolving field. Phishing is a common and emerging cyber-attack that attempts to deceive individuals and persuade them to disclose sensitive information, such as passwords, financial information, or personal data. Researchers have studied phishing extensively in recent years to understand its mechanisms, strategies, and potential solutions. This research examines essential factors that affect how online users behave regarding security in cyberspace, focusing on phishing attacks through the Health Belief Model (HBM). Understanding what influences users' security behaviors is crucial for building strong defenses. A survey was sent to students via WhatsApp and email, with 252 participants. The results were analyzed using quantitative methods. Principal Component Analysis (PCA) revealed that perceived barriers, self-efficacy, and privacy concerns were the main determinants of students' security behaviors. Students were particularly concerned about the misuse of their personal information. Despite varying levels of formal cybersecurity education, most students demonstrated confidence in configuring web browser security settings. The findings underscore the importance of tailored educational interventions and user-friendly security tools. Future research could explore additional security issues such as spyware, adware, and spam attacks. Additionally, leveraging machine learning and deep learning algorithms offers promising avenues for enhancing phishing detection and mitigation strategies. Furthermore, this study contributes to understanding cybersecurity behaviors, providing valuable insights for policymakers, educators, and developers to foster a safer online environment.

Students; Higher Education Institution; Security Behaviours; Principal Component Analysis, Health Belief Model

Kathrine, G. J. W., Praise, P. M., Rose, A. A., & Kalaivani, E. C. (2019, April). Variants of phishing attacks and their detection techniques. In 2019 3rd International Conference on Trends in Electronics and Informatics (ICOEI) (pp. 255-259). IEEE.

AAG-IT. (2023). The Latest 2023 Phishing Statistics (updated July 2023), https://aag-it.com/the-latest-phishing-statistics/.

Aleesa, A. M., Alabdulqader, E., & Kakkattil, R. (2019). Anti-Phishing Tools and Techniques: A Review. International Journal of Computer Science and Information Security, 17(7), 106-115.

Cai, Q., Li, H., & Wang, Q. (2021). Machine Learning-Based Phishing Email Detection: A Review. IEEE Access, 9, 26233-26247.

Wang, H., Jiang, J., & Zhang, Z. (2021). Emerging Trends in Phishing Attacks: Mobile Phishing and Social Media-Based Phishing. Future Internet, 13(2), 26.

Smith, J. (2019). Phishing attacks: Methods and targets. Journal of Cybersecurity, 5(2), 123-137.

Sahu, M. K., & Shrivastava, R. (2022). An analysis of phishing attacks and preventive measures in educational institutions. Computers & Security, 120, 102803. https://doi.org/10.1016/j.cose.2022.102803.

Makridis, C., & Weber, M. (2021). Behavioral responses to cybersecurity attacks. Cybersecurity Policy Review, 4(3), 198–215.

Alshammari, F., et al. (2023). Phishing Awareness Campaigns: Do They Work? IEEE Transactions on Human-Machine Systems, 53(2), 159–172.

Bada, M., & Nurse, J. R. (2020). The social and psychological impact of cyberattacks. In Emerging cyber threats and cognitive vulnerabilities (pp. 73-92). Academic Press.

Dodel, M., & Mesch, G. (2017). Cyber-victimization preventive behaviour: A health belief model approach. Computers in Human Behaviour, 68, 359–367. https://doi.org/10.1016/j.chb.2016.11.044

Dawson, J., Thomson, R.: The future cybersecurity workforce: going beyond technical skills for successful cyber performance. Front. Psychol. 9, 744 (2018)

Boskey, E. (2022, October 13). The health belief model. Verywellmind. https://www.verywellmind.com/health-belief-model-3132721

Kovacevic, A., Putnik, N., & Toskovic, O. (2020). Factors Related to Cyber Security Behaviour. IEEE Access, 8, 125140–125148. https://doi.org/10.1109/access.2020.3007867

Hinduja, S., & Patchin, J. W. (2019). Connecting adolescent suicide to the severity of bullying and cyberbullying. Journal of school violence, 18(3), 333-346.

Gupta, S. S., Thakral, A., & Choudhury, T. (2018, June). Social media security analysis of threats and security measures. In 2018 International Conference on Advances in Computing and Communication Engineering (ICACCE) (pp. 115-120). IEEE.

Tawalbeh, L., et al. (2022). Cybersecurity in cloud environments: A review of advanced threat detection techniques. Future Generation Computer Systems, 133, 60–80.

Alotaibi, N. M., Alajmi, H. A., & Alawwad, A. (2021). The Role of Organizational Support in Cybersecurity Compliance Behaviour among University Students: An Empirical Investigation. Journal of Information Privacy and Security.

Raman, S., & Singh, R. (2023). Human-centric cybersecurity: Understanding susceptibility in higher education students. Journal of Information Privacy and Security, 19(4), 202–217.

E.J.Williams, J.Hinds, & A,N.Joinson, “Exploring susceptibility to phishing in the workplace,”International Journal of Human Computer Studies, 120, pp.1–13,2018. https://doi.org/10.1016/j.ijhcs.2018.06.004

K. Edwards, "Examining the Security Awareness, Information Privacy, and the Security Behaviors of Home Computer Users," CCE Theses and Dissertations, 2015. [Online]. Available: https://nsuworks.nova.edu/gscis_etd/947.

J. N. Al-Karaki, A. Gawanmeh, and C. Fachkha, "Blockchain for Email Security: A Perspective on Existing and Potential Solutions for Phishing Attacks," 2023 5th International Conference on Blockchain Computing and Applications (BCCA), pp. 404-411, 2023.

P. Sharma, B. Dash, and M. F. Ansari, "Anti-Phishing Techniques – A Review of Cyber Defense Mechanisms," IJARCCE, vol. 11, no. 7, pp. 106-115, 2022

M. F. Ansari, P. K. Sharma, and B. Dash, "Prevention of Phishing Attacks Using AI-Based Cybersecurity Awareness Training," International Journal of Smart Sensors and Ad Hoc Networks, vol. 3, no. 3, 2022.

M. Almseidin, A. Zuraig, M. Al-Kasassbeh, and N. Alnidami, "Phishing Detection Based on Machine Learning and Feature Selection Methods," International Journal of Interactive Mobile Technologies, vol. 14, no. 15, pp. 171-183, 2019.

I. Bose, and A. C. M. Leung, "Assessing anti-phishing preparedness: A study of online banks in Hong Kong," Decision Support Systems, vol. 45, no. 4, pp. 897-912, 2008.

Zhang, Y., & Zhou, L. (2023). Exploring machine learning approaches for detecting and preventing phishing scams. Computers & Security, 121, 102841.

E. Benavides, W. Fuertes, S. Sanchez, and D. Nuñez-Agurto, "Characterization of Phishing Attacks and Techniques to Mitigate These Attacks: A Systematic Review of The Literature," IEEE Access, vol. 8, pp. 125140-125148, 2020.

Z. Alkhalil, C. Hewage, L. Nawaf, and I. Khan, "Phishing Attacks: A Recent Comprehensive Study and a New Anatomy," Frontiers in Computer Science, vol. 3, p. 563060, 2021.

M. N. Willie, "The Role of Organizational Culture in Cybersecurity: Building a Security-First Culture," Journal of Research, Innovation and Technologies (JoRIT), vol. 2, no. 16, p. 180, 2023.

Benavides, E., et al. (2020). Advances in phishing detection using deep learning models. IEEE Access, 8, 125140–125148.

R. J. Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems, 3rd ed., Wiley, 2020.

Al-Fuqaha, A., et al. (2023). Cybersecurity in the IoT Era: Exploring security behaviors among higher education students. Journal of Cybersecurity and Privacy, 3(3), 1–22.

E. Williams, J. Hinds, and A. N. Joinson, "Exploring susceptibility to phishing in the workplace," International Journal of Human Computer Studies, vol. 120, pp. 1-13, 2018.