Professional Documents
Culture Documents
Team #2
Abstract
Phishing attacks are often used to steal personal and private information from
unsuspecting users. This study took a look at Florida State University (FSU) undergraduate
students and assessed their awareness of phishing, their time spent online in a recreational
setting, and the methods of prevention they use. A Qualtrics survey was sent out to FSU
social media pages and directly to current undergraduates. After using the snowball method
to distribute the survey, a total of 113 responses were collected, but only 89 were
considered valid and complete. From these results, it was found that a majority of FSU
undergraduate students are aware of phishing, but do not do much in the way of prevention
and protection. Despite the fact that over 96% of respondents use the internet
recreationally at least once a day, a good portion does not use an adblocker, antivirus, or
monitor their spam. From the results collected, the conclusion was made that FSU
undergraduates should invest in more protection software, while the institution of FSU
should work more towards educating its students on the dangers of phishing.
Problem Statement
The problem that the researchers identified is the ongoing threat of phishing scams.
While phishing scams can affect anyone who uses technology, the focus of this study will be
Florida State University (FSU) undergraduate students. As current students, there is easy
access to other students for the purposes of surveys. Phishing scams are used to try and
trick you into giving up valuable personal information. The Federal Trade Commission warns
that “phishing emails and text messages may look like they’re from a company you know or
trust”, (Federal Trade Commission, 2019, para. 3). If an FSU community member were to fall
prey to a phishing scam, they could jeopardize not only themselves but the rest of the
community, depending on what information gets out. The purpose of this research was to
gauge the level of phishing awareness at Florida State University and find out how to best
help protect members of this community. If we can slow or stop the leaking of data, it could
Significance of Study
Phishing scams are a well-known method used to gain access to personal, business,
or company information. Especially for an institution as big and important as FSU, bringing
awareness and preventive measures to the students should be a top priority to keep
everyone’s private and crucial information safe and secure. Many FSU students use their
emails and their FSU accounts to store their private and secure information and work. If just
one of these students were to be scammed by a phishing email and have private
ultimately having heavy repercussions for the university and those associated with it. While
FSU’s Information Technology Services department does clarify that “FSU will never ask you
for your FSUID username and password in an email or phone call” (Florida State University
Information Technology Services, n.d. 1), there are many other ways for students to be
hacked or taken advantage of online. This includes the unintentional sharing of sensitive
like a download file. However, the belief is that everyone in these stakeholder groups and
the general public can benefit from greater knowledge and understanding of how to
Research Questions
RQ2: How often are FSU undergraduate students online outside of school,
RQ3: What steps are FSU undergraduate students taking to protect themselves from
phishing scams?
Environmental Scan
Introduction
The world of computers today would have gotten nowhere near how it is without
the internet. It’s how we can stay connected to one another and the world to share many
things. However, the internet is not the safest place a person can be. While it can’t harm
you physically, there is always the threat of someone, or something, trying to get your
private and personal information. The most common and most used attempt at this is called
Proactively Preventing Potential Phishing at FSU 5
‘Phishing’. This study will focus on phishing due to it being very common and prevalent
around the world these days and yet so many people do not know what it is or could be
susceptible to fall right into its trap and have a lot of or even all of their important
information leaked out to a single person or multiple people around the world. While the
simple answer and solution to something like phishing could just be to not click on any links
or open attachments from emails claiming to be from your bank or another trusted
organization, this study would like to pinpoint all of the ways to protect yourself and make
sure other people are knowledgeable about this serious threat (Australian Competition and
Consumer Commission, 2018). The goal with this environmental scan will be to understand
what phishing is, how people are affected by phishing, how to mitigate phishing, and
What is Phishing
Phishing scams and attacks are a very common dilemma in people’s lives with more
than a decade of research spent on phishing, people are still at such a serious risk to be
tricked and have all of their information stolen. (S. Das et al., 2020) Phishing scams are
usually common via email, also known as ‘spear phishing’. The people who send out these
emails are trying to get the recipient to click a link or download an attached file that will,
most likely, lead to their usernames, passwords, and other information being leaked out to a
select people or even out to the public (A. Das et al., 2020). Phishing can be seen as a type
of social engineering, as while some attempts are a mass email spam across multiple users
that try to brute force their way in the vague hope that one or two out of the three-
Proactively Preventing Potential Phishing at FSU 6
thousand click on the link, others can create heavily edited and spoofed emails with perfect
grammar and punctuation that may look like it came from Microsoft or Google and seem
legitimate (Fatima, et al., 2019). The attacker may send multiple emails to fool you into
attempting to win your trust. The belief is that the main reason for why phishing is still such
an issue in our world is that people are not being educated and taught the dangers and
preventative measures of phishing. Every year, new people are getting onto the internet
from their phones or on their computers without the proper knowledge on how dangerous
it could be for them. Phishing attempts and methods to fight against it need to be common
knowledge these days to stand a chance at making sure people can keep their information
safe and secure from outside forces. Researchers around the world agree that phishing
needs to be addressed and heard about or else the attacks could get worse and worse
With such a real threat like phishing, there are most likely some serious effects that can
take place. For one, phishing scams at FSU can cause annoyance for both staff and students.
As discussed above, the main goal of phishing scams is to get personal information from a
user and use it maliciously. Phishing scams are becoming increasingly more deceptive with
sophisticated attacks that are able to manipulate end-users through, for instance, spoofed
websites, targeted emails, and fake phone calls (Das S. et al., 2020). These scams can be
obvious to spot and other times very tricky to the normal eye. Some email and social media
Proactively Preventing Potential Phishing at FSU 7
companies have precautions for known phishing scams which get added to a blacklist. By
having this blacklist, phishing attacks can be prevented from even reaching users. For
example, filtering phishing emails, blocking fake websites, and forcibly taking down phishing
websites essentially make phishing non-existent to the user by removing any potential
threats before they appear to the user (Nguyen, 2018). Since phishing scams can come in
many types, the people designing these scams are continuously trying to update and make
them seem more real. When users click on links, they are redirected to a website that
imitates the appearance of the entity being falsely portrayed. For example, if a phisher is
attempting to steal bank account information, the layout of the phishing website may look
very similar, if not identical, to the actual banking website to convince users of its
legitimacy. (Nguyen, 2018) FSU students will most likely be targeted by spoof emails,
disguised as other FSU students or even staff. While some students may not fall for these
emails, another student who is not familiar with these types of scams could easily be a
victim and have their personal information taken without even realizing it. Which makes it
important to spread knowledge on how to fight back against or at least mitigate phishing.
If phishing is such a common issue people can run into now-a-days, there would
logically be a method to counteract it. Ideally, a blend of increasing human awareness and
upping the quality of technological filters would be used to combat phishing scams from
multiple fronts, but for this study it will hone in on the human component. The first step to
take should be gauging public awareness of what phishing is in the first place, and from
there seeing how well they can detect phishing attempts. To start off, a trio of researchers
Proactively Preventing Potential Phishing at FSU 8
conducted an exercise at a Kenyan university with the goal of finding out how susceptible
people are to phishing attacks (Musuva et al., 2019). They ran fake phishing campaigns that
targeted students and staff for forty days, only stopping due to backlash on social media.
After going through the data, they found that “31.12% of the insiders are susceptible to
phishing and 88% of them disclose passwords that grant access to attackers.” (p. 157). From
their research, they concluded that social engineering phishing attacks are still very
effective, even when some parties are aware of the fact that they exist.
Now that we have seen what happens when the majority of participants are
unaware of what is occurring, we will move on to an example where training took place. A
an experiment in which they trained students and staff to better detect attempts (Jensen et
al., 2017). One group was trained based on a rule-based table while another group was
trained using mindfulness techniques. While neither training group got their failings down
to zero, the mindfulness sector ended the experiment with a .092 chance of responding to
phishing emails whereas the rule-based sector ended up with a .231 chance. From this data,
the researchers concluded that this type of training could be a valuable opportunity for
people to build interventions that will reduce individuals’ susceptibility to phishing attacks.
With this in mind, both parties that received training performed better than the group in the
previous study. At the end of the day, the best course of action, as shown by the two studies
examined, would be to train students and staff at FSU to avoid phishing scams through
Proactively Preventing Potential Phishing at FSU 9
mindfulness techniques. While it may not be a perfect solution to stop phishing totally, it
Mitigating Phishing
One thing to always consider to boost the awareness and skill of preventing these
phishing scams at FSU is to look at other college campuses related studies. On March 13,
2020, FSU closed its doors for Spring Break. Most students would not return to campus due
to the suspension of all in-person classes for the rest of the Spring 2020 semester, thanks to
the outbreak of SARS-COV-2 across the United States. Overnight, COVID-19 forced Florida
State into becoming an institution that went about its business primarily online instead of
inside the classroom. The shift to all online classes has been cumbersome and difficult for
both student and teacher alike. A portion of both parties are now being exposed to the
internet on a scale that is larger than they have ever had to deal with. This naivete opens up
a new demographic for cybercriminals to compromise and exploit online. Cyberattacks, such
With so much of academia now completely online, phishing is poised to run rampant on
students and faculty that are both unaware and uneducated on how to handle such threats.
As such, universities have launched anti-phishing campaigns across the country with schools
such as the University of Minnesota launching a phishing hotline for students and faculty to
report attempted scams (University of Minnesota Information Technology, 2020). Users that
have phishing scares in the recent past typically are more averse to phishing attempts
(Chen, et. al, 2020). The means to mitigate phishing on college campuses also requires
extensive education by organizations (in our case universities) to ensure users are aware of
Proactively Preventing Potential Phishing at FSU 10
what a threat looks like, and awareness by the users to be aware when they are being
Conclusion
In this new age of complex, ever-expanding digital crimes, it can be hard to keep up
with the times. Information theft crimes like phishing scams can come in the form of emails
from trusted sources, and they are capable of even fooling tech-savvy users. That is why the
researchers decided to break it down from the beginning, starting with the definition of
phishing scams themselves, followed by the effects these scams have on people, leading
into mitigation techniques, and finally finishing off on a more topical note, studies that
relate to our target population, college students. From the studies and literature discussed
here, it appears that while college students are more aware of phishing scams than average,
they might not necessarily recognize or be able to prevent falling for them as consistently as
one would hope. While there have been a respectable number of studies on phishing in
regard to college students, none have focused specifically on FSU undergraduate students,
and the intent was to use this study to satisfy that niche. The importance of this study only
grows with these unprecedented COVID-19 conditions, especially when Florida State
Methods
The data collection method used for this project was a survey via Qualtrics. The
decision to do a survey was basically to get lots of data from a large number of people. The
Proactively Preventing Potential Phishing at FSU 11
answers to the research questions did not need full-on interviews to get the results needed
as the more answers we got the better our sample size was related to our population.
The population for this project was undergraduate students currently attending FSU.
The sample taken was the 89 valid respondents who both confirmed that they are currently
In order to guarantee that the responses were valid, FSU specific online resources
were used to recruit. These resources included FSU Class Facebook Pages, the FSU Reddit
community, and FSU club chat-rooms in places such as Discord and GroupMe. In addition to
these, the researchers personally contacted friends via social media and text and asked
them to take the survey. The researchers used these methods to both contact large
numbers of people, and to have a higher chance of them being FSU undergraduates.
Analysis
Based on our data analysis, 51 of our survey respondents were female and 38 were
male. Almost everyone who responded was between 17-25. Only two people were between
26-30. Every one of the 89 accepted survey responses are undergraduate students. Most of
the respondents were upperclassmen, with only 2 freshmen and 14 sophomores responding
as opposed to the 23 juniors and 50 seniors.
The first data collection question from the qualtrics survey does point to a majority
of the FSU Undergraduates knowing what a phishing scam is with the shown results below:
Proactively Preventing Potential Phishing at FSU 12
While this data alone can judge whether or not the FSU undergraduates know what
a phishing scam is, the surveyees were also questioned with the open question of how they
would define a phishing scam. While many respondents’ answers ranged differently the
most commonly brought up topic in answers to the open-ended question was “personal
information being stolen”. This falls in line with the first question’s responses in where
surveyees mostly had a general knowledge of what a phishing scam was. The surveyees
were also asked “Where have you learned about phishing scams before taking this survey”
to further flesh out a majority of the yeses from the first question. The results were pretty
majority self-learned but the other categories were also not too low themselves:
Proactively Preventing Potential Phishing at FSU 13
The last related survey question to the first research question asks the surveyees:
“What information do you believe is stolen when someone falls for a phishing scam?”. With
this being another open-ended question the results are varied but many of them mention
personal info again with the mention of credit cards, passwords, and SSNs being in the
majority..
RQ 2: How often are FSU undergraduate students online outside of school, potentially
The first few survey questions related to this research question are on the topics of
which personal email they used, which internet browser they used, and how often they
checked their personal email. A majority of the respondents answered how often they check
their email was 1-3 times a day and the least was 1-3 a month. The majority for which
internet browser was used was Google Chrome with the least used being Microsoft Edge or
any other non-listed browser. Lastly, the majority of which non-school email provider they
Proactively Preventing Potential Phishing at FSU 14
used was Gmail with the least popular being AOL or other non-listed options. With these
answers in mind, it is good to know if the respondents are using the most up to date
browser and email providers over other less secure ones. With the amount of time spent
checking their email, it signifies how often they may be exposing themselves to possible
phishing scams and emails. The last question related to this research question was how
often the undergrads used the internet outside of school activities. The data showed that a
high majority of the respondents used the internet over 5 times a day:
With this now in mind, this shows that many of the undergrads are online a majority
of their outside of school time that could greatly increase their exposure to potential
RQ 3: What steps are FSU undergraduate students taking to protect themselves from
phishing scams?
The first survey questions related to the research question deal with asking the
surveyees if they check their email spam folder, if they have an ad-blocker for their browser,
Proactively Preventing Potential Phishing at FSU 15
and if they have an anti-virus. The large majority of the respondents did not check their
email spam folder, the large majority did have an ad-block extension for their browser, and
the amount of people who owned an antivirus was actually very close with the ‘yes’
The next related question asked the surveyees what they should do if they were to
click on a phishing scam link. Being an open-ended question, the results varied, but a lot of
the respondents did not know what they would do if they were to have fallen for one. A
majority of the respondents also said to “close out” of the link with a few of the
respondents mentioning to scan the computer with an antivirus or to report the email. Two
additional related survey questions had to do with a scale rating from 0 to 10 on how the
surveyees thought an antivirus did protect against phishing scams and how much global
effort was being put into expanding and spreading the knowledge of phishing scams. For
both questions, a high majority of the respondents had answered between 0-4 showing a
high lack of safety from an antivirus against phishing scams and the global effort being put
forward to spread awareness. Lastly, the surveyees were asked how many times they had
Proactively Preventing Potential Phishing at FSU 16
fallen for a phishing scam before. A high majority of the respondents had answered “never”
but there were still a good number of them that had fallen for some. A few over three
times:
Discussion
As observed in the analysis on this research question asking if people knew what a
phishing scam was, most of the people who chose to participate in this survey were found
to have at least a basic knowledge on what they are. Multiple points can be drawn from this
statement alone. Firstly, it shows, according to the sample, most young people possess at
least a minimal knowledge on internet security and basic cybersecurity as a whole. The
significance of this finding shows that most people have a solid concept on technology use
and can reliably know how to safely interact with it when it comes to online interactions.
Elaborating on this previous question, the survey respondents were asked to flesh
out and define what a phishing scam is in their own words. As stated in the analysis, most
responses relate to the loss of personal information. This shows that not only do a majority
Proactively Preventing Potential Phishing at FSU 17
of the FSU undergraduates know what a phishing scam is but also that they mainly
understand just what is at stake with phishing scams and attacks. The spread of information
on what the consequences may look like for such an attack have shown to be considered
The next survey question aligning with this research question asks about where they
learned about phishing scams. Most people showed that they were self-taught, but some
had also learned from other sources such as their job or the school or from elsewhere as
indicated by the “Other” option in the respective bar graph as found in the analysis. This
means that if most people do not learn about phishing from a young age, there are still
opportunities for people afterwards to be educated on this serious matter. The significance
of this stems a couple of ways. Firstly, it shows that previous efforts with the goal of
teaching and informing people about internet safety have proven to show some success. It
shows these programs should continue to operate while also making sure to reach and
influence those who might otherwise be overlooked as indicated by those who were not
aware of what a phishing scam was. Significance can also be found in how FSU is shown to
be making efforts to teach its students the importance of phishing and cybersecurity as a
whole when other institutions may not. As the study’s surveyees were FSU undergraduates,
it shows FSU provides opportunities for students to learn about these topics when they may
The last survey question in relation to this research question asks what people think
are stolen as a result of a phishing scam. Paralleling the second question in this discussion,
most people identified the loss of personal information such as credit card information or a
social security number. Again, it shows most people are wary of what consequences they
could face if they are the victim of one of these scams. The significance of this is seen in how
Proactively Preventing Potential Phishing at FSU 18
people are aware of bad outcomes in their involvement of something. This translates into
other realms of life, be it an adventurous yet dangerous activity or a seedy activity they
RQ 2: How often are FSU undergraduate students online outside of school, potentially
With most of our respondents checking their email at least once a day, usually
multiple times, we can healthily assume that there is some regular risk involved. When a
respondent checks their email, there is a chance that they will come across a phishing link.
With that being said, people who check their emails more often than not are probably more
tech-savvy, reducing the chance that they may fall for a phishing scam. The vast majority of
our respondents use Google’s Gmail service as their choice of email provider. Like most
modern email services, Gmail has a powerful spam filter that should catch most fraudulent
emails. Similarly, a very large amount of respondents use Google Chrome as their preferred
browser choice, with Apple’s Safari trailing behind as a faraway second option. This is a
positive trend, as research done by the University of Gujrat shows that “Google Chrome
provides best security against phishing than other web browsers.” (Ashraf et al., 2013).
While the tools Chrome provides are not flawless, they are better than having no tools at all.
Finally, with well over half of the respondents using the internet recreationally over 5 times
a day, it seems like FSU’s undergraduate students are putting themselves in potentially risky
situations often. While their use of the internet is not in itself harmful, it is easier to
encounter an attack if you are in that environment more often than not. This information is
significant to the study because it shows that FSU undergraduate students are online very
frequently outside of school, which as stated before, can lead to increased exposure.
Proactively Preventing Potential Phishing at FSU 19
RQ 3: What steps are FSU undergraduate students taking to protect themselves from
phishing scams?
The first three survey questions relating to this research question, questions ten,
twelve, and fifteen, were bundled together in the analysis and asked respectively if the
respondent checked the spam filter on their email, used an ad-blocker, and used an anti-
virus. As found, most people did not check their spam filter, most used an ad-blocker, and a
nearly even split was found for the use of an anti-virus, with slightly more people opting not
to use one. There are some interesting interpretations that come out of this. These results
show that most people will take at least minimal protection against potential scams by
utilizing an ad-blocker and eliminating engagement with potential scam-mail that end up in
their spam filter. However, the interaction with the spam filter has a caveat in that people
that do not check their spam filter run the risk of allowing scam email addresses from going
undetected and unreported, thus letting its respective scammer continue their dirty work.
Also, the findings show that some people believe they are safe as they are and do not need
the additional protection of an anti-virus. The significance of this reflects the attitude of
some people who believe that their actions and doings are justified and fine until they
themselves are affected in which it may then be too late to resolve anything. This attitude
can be paralleled to the current global epidemic so prevalent this past year, with some not
taking the proper attitude and precautions because they only feel safe and do not actually
The next survey question asked what one were to do if they hypothetically fell for a
phishing scam by clicking a link. The responses for this question varied and demonstrated
the broad spectrum of the respondents. Aside from those who said they had no idea, some
Proactively Preventing Potential Phishing at FSU 20
said they would merely close the link, while others took it a step further and said they would
scan their computer with an anti-virus or even report the email the link came from. This
signifies a few things. Firstly, it shows there are some who do what to do assuming the
worst happens. These respondents acknowledge that they are not perfect and that they
must rely on what they can to best resolve the issue. In addition, there are those who either
did not know what they would do or thought it could be resolved with a simple and easy
answer. The significance here is that some respondents could potentially be deceiving
themselves about what they do and do not know about cybersecurity. Also, it reflects the
nature seen in some to want to distance themselves from technology when faced with
brought on how such issues are not as intimidating as they seem and that it is not the end of
The next two survey questions related to this research question were combined in
the analysis, asking respectively to rate from 0-10, with 0 being low and 10 being high, how
much they trusted an anti-virus and on the same scale how well they thought awareness
and information of phishing scams was being spread. Most respondents rated both of these
questions anywhere from 0 to 4. This shows people both do not have high trust for anti-
viruses and they do not think the information about these scams is being spread enough.
Comparing the latter survey to a previous survey question about where they heard about
phishing scams, the results seem to positively correlate with each other, with most people
having been self-taught about this matter. One significant note to pull from these results is
found in the respondents’ general distrust of an anti-virus. This could stem either from some
respondents’ knowledge that an anti-virus cannot protect one from all the malicious scams
that are out there, or for some, it could be an overall lack of knowledge about an anti-virus,
Proactively Preventing Potential Phishing at FSU 21
thereby making those people distrust it. Another significant factor is how generally
pessimistic people are about the spread of information on phishing. With some efforts going
about to help people become aware of such issues, it seems they did not reach as far as
such campaigns were hoping according to these respondents. Therefore, it shows that more
effort and resources should be pumped in to make more people aware of this pressing
issue.
The last survey question relating to this research question asked if the respondents
have ever knowingly fallen for a phishing scam. Thankfully, most people say they never
have. However, there were some saying they had once before, or even for some a few
times. Overall, this shows phishing scams have not been super impactful on FSU
undergraduates nor have they been as prevalent among them. The significance of this is
seen in how these people acknowledge the high risk involved in dealing with these scams,
yet they mostly feel safe in that they have so far not been affected.
Limitations/Future Study
The main limitations encountered in this project were a lack of respondents, a lack of
variety in respondents, and a lack of effort on the respondents part. While the initial
assumption was that we had 113 responses, the researchers quickly realized that that
undergraduates, and others only completed a few of the survey questions. Another issue is
that we received large numbers of respondents from only a few sources, such as the
students in LIS3201. This made our results less general, and maybe a less accurate picture of
the average FSU undergrad. If a future study were to occur, a much larger sample size and a
more diverse sample pool would be ideal. In addition, it would help if more complete
Proactively Preventing Potential Phishing at FSU 22
answers and higher levels of effort overall were put into the short answer questions than
what we received.
Conclusion
Based on the data collected, most FSU undergraduate students are aware of
phishing to varying degrees, but can still fall for phishing scams at a decent rate. With the
fact that almost every valid respondent uses the internet for recreational purposes at least
once a day, a good portion of the respondents have not taken full preventative measures
such as installing an adblocker, using antivirus software, and monitoring spam emails.
Another notable statistic is that less than 20% of respondents learned about phishing
through official university channels. After analyzing and discussing the collected data, the
researchers would make a final recommendation of increased action from both FSU
undergraduate students and the institution itself. FSU undergraduate students would
benefit greatly from utilizing preventative resources to steer them away from potential
phishing attacks, such as FSU’s Spam and Virus Email Filtering service. FSU itself might
consider expanding phishing education initiatives and “staging real-world phishing attacks”
like many companies have done (Musuva et al., 2019). Through making changes such as
these, and by continuing to responsibly utilize technology during a time in which online
learning is more prevalent than ever before, both students and the institution can feel safer,
more secure, and keep themselves away from cyberattacks. Ultimately, while both the
university and its undergraduate students have work to do, a promising start has been made
Reflections
Proactively Preventing Potential Phishing at FSU 23
Christopher Link: Throughout the duration of the semester, I have learned how the research
process builds upon itself to create a cohesive final project. Each week had us increase the
scale of our work, going from picking the team name to creating this humongous document.
I’d say the biggest challenge that I faced was that the work was entirely online. Not being
able to meet up with the group in person was difficult for my workflow; because I function
best when I have a group of people all bouncing ideas off each other and keep each other in
focus. Combine the online with my growing academic burnout, and you have a pretty sizable
motivation problem to overcome. Luckily, the group all participated, got along, and
communicated well. The biggest blessing was that everyone would come together and work
harder when a group member had an off week. Another challenge that I faced was that it
felt like we had an endless deluge of work. Even as I write this, I’m staring at nine pages
above me that need to be completed in less than five days. I have no research experience
outside of this class, so I’m not sure whether the workload accurately reflects the real-world
research experience, but if it does, I’m so sorry. Learning about just how much work is
involved in even a relatively small research progress like ours was very enlightening, and it
gave me much more respect for career researchers. Ultimately, this semester of research
gave me a new perspective on how the research process works, and how important it is to
Jacob Carleton: This class was my first time dealing with a research project of this level. I got
to improve on many skills throughout the semester due to working on assignments step by
step, then at the end putting them all together to finish our research project. I definitely
noticed an improvement in the way I think about different questions, for example between
open ended questions and closed ended questions. I know myself and the majority of my
Proactively Preventing Potential Phishing at FSU 24
classmates will agree that the biggest challenge this semester has to be covid-19. This was
my first semester off at college and living on my own, so it was a big step up from my
previous 2 years at my local state college. Since we had to do all of our group work online
this created a few challenges by itself. Thankfully my group was very organized, and we used
our class time very well and always completed assignments early! I also did not have a single
teammate slack off or rely on someone else. I think at certain times during the semester the
workload for this class got overwhelming with multiple assignments due during the week on
top of my other 4 classes, other than that I think I learned a lot from this course and have a
better understanding on how to conduct research on topics of my interest. All in all, I think
people underestimate how covid-19 affects our mental health, since we are living in an
endless cycle of zoom classes and staying inside 24/7. At the end of the day I think this class
Jacob Barksdale: From this semester I have learned that data collection is a very thorough
process if done correctly. One of the largest achievements that myself and my group mates
have gone over, is that we were able to conduct a full research project together, over the
internet. Many people this semester have experienced a similar scenario but that is huge
because of the fact that we didn't even have to be there in person. The main challenge from
this course that i faced was understanding the data that was coming through. From class
meetings I was able to figure it out. Our group always came together and finished
assignments early without any slack. I have learned that anything can be done over Zoom or
Blackboard. This course will benefit everyone in the future since we all have an
It was really interesting to see how our research unveiled and built up throughout the
semester. This project really helped visualize what it takes for an assignment like this. One
issue we had for a little was the amount of recipients for the survey we received. Over time
that was corrected. This class did have many assignments however that took a lot of effort
from the entire team. Although there were many projects, we made it to the end and I am
happy to be writing on the final report. This team was the best group. This class will benefit
quickly get used to working as a team. Collaboration is a must in this field, since “going it
alone” is usually inefficient and difficult. The novelty in this class was collaboration across
Zoom and Discord for a class. That, and the piles of work that came with LIS 3201. Truth be
told, I’ve never taken a class quite like this one. In brief, I now have a newfound
appreciation for all those surveys you see plastered around campus. This stuff is hard. The
groundwork that goes into a research project has to be very thorough, as I learned in the
ample time between choosing our topic and even working on questions for the survey. I did
appreciate how most of the class was “on rails;” meaning that there were regular
checkpoints on our work to ensure we were keeping pace. At this point I’d like to
particularly acknowledge the work of both Chris Link and Grayson Martin. All members of
this project were involved, but these two guys were our field generals. They were the tip of
the spear, ensuring that things were up to the standard that was expected for the class.
With those two at the helm, we were able to weather the storm of discussions,
environmental scans, and RQ revisions. For most of us, myself included, this is our first
attempt at a research project of this scale, and it was quite the undertaking. I am grateful
Proactively Preventing Potential Phishing at FSU 26
that I had the opportunity to work on a project of this scale, and for the effort our team put
into it.
Grayson Martin: With this being my first real research class, it taught me quite a bit about
the fundamentals and necessities needed when doing extensive research on a specific topic.
It quickly got me back up to speed on how to work with APA referencing, how to use the
software Zotero, and even allowed me to get some experience and exposure on Qualtrics.
All of these gained and improved skills and knowledge will definitely help me down the line
with a potential job or career opportunity. The main challenges I faced during this class was
attempting to make sure every assignment was turned in on time. With the added pressure
of the group work almost every week, the solo assignments, mixed with other classwork,
was a lot of time management and making sure everything and everyone was satisfied for
the week. Thankfully, I was assigned to a great team and we were able to easily get a lot of
the assignments done before the weekend and we each did our part for it either speaking it
out to the group or typing it down on the pages. I did have quite a bit of trouble getting back
into APA referencing especially with the release of the 7th edition making me have to
readjust to how it used to be formatted. Thankfully though, I was able to get a better grasp
on it as the semester progressed and was able to use some outside resources to better
Joshua Petree: This is the first class that I have taken within the Information Technology
major that has involved heavy research and has impacted the way that I will now approach
projects. Although this is not the first class within my major that I have taken that has
involved a good amount of teamwork and coordination, this class has helped to emphasize
Proactively Preventing Potential Phishing at FSU 27
it and has taught me the values of such things and what they could look like in a workplace
environment. Interestingly enough, I believe this class more than any other has taught me
how important it is to have the format of a report down and how to properly deal with
citations within said reports. In turn, those factors were the cause of some of the challenges
that I would have to personally face in this class. For one, it is no easy task to be able to
create citations that are perfect and to a tee, yet that was an expectation in this class. Being
an undoubtedly useful skill, it took time and effort to try to perfect these citations to the
would be learning how to utilize new things for this class. A prime example of this would be
the implementation of the citation-software Zotero, which neither me nor anyone else in
my group seemed to have prior experience in. However, with dedication and effort, we
came around and figured it out. Overall, this class has taught me how to overcome
seemingly hard obstacles, and it is a breath of fresh air to be able to come out on the other
1 paragraph stating what you learned, what challenges and issues you faced, how you
handled and managed them, etc. Minimum of 250 words per person.
Proactively Preventing Potential Phishing at FSU 28
References
https://www.scamwatch.gov.au/types-of-scams/attempts-to-gain-your-personal-
information/phishing
Ashraf, I., Mazher, N., & Altaf, A. (2013, December 14). Which web browser work best
Conference. https://doi.org/10.1109/ICICT.2013.6732784
Chen, R., Gaia, J., & Rao, H. R. (2020). An examination of the effect of recent phishing
https://doi.org/10.1016/j.dss.2020.113287
Das, A., Baki, S., El Aassal, A., Verma, R., & Dunbar, A. (2020). SoK: A comprehensive
org/10.1109/COMST.2019.2957750
Das, S., Kim, A., Tingle, Z., & Nippert-Eng, C. (2020). All about phishing exploring user
10. https://arxiv.org/abs/1908.05897
Fatima, R., Yasin, A., Liu, L., & Wang, J. (2019). How persuasive is a phishing email? A
phishing game for phishing awareness. Journal of Computer Security, 27(6), 581–
612. https://doi-org/10.3233/JCS-181253
Proactively Preventing Potential Phishing at FSU 29
Federal Trade Commission (May 2019). How to recognize and avoid phishing
scams. https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-
scams
https://its.fsu.edu/ispo/training/phishing
Jensen, M. L., Dinger, M., Wright, R. T., & Thatcher, J. B. (2017). Training to mitigate
https://doi.org/10.1080/07421222.2017.1334499
https://digitalcommons.kennesaw.edu/ajis/vol11/iss3/2/
Nguyen, C. (2018). Learning not to take the bait: an examination of training methods
Consent Form
In the table below, list what contributions each of the team members made to this
assignment.
Name Contribution
Criteria Rating
Abstract, Problem Statement, Significance, RQs: 11 points
Appropriate abstract, problem statement, significance, and RQs (4 pts), in-
text citations for all arguments (4 pts); revisions from research project report
(3 pts)
Environmental Scan: 10 points
Appropriate intro, subsections, and conclusion (3 pts), in-text citations for all
arguments (4 pts), revisions from research project report (3 pts)
Methods: 9 points
Finalized data collection method(s) (2pts), sampling technique(s) (2pts), and
recruitment process (2 pts), revisions from research project report (3 pts)
Analysis: 19 points
Sample description (2 pts); complete QUAL and QUAN findings for each
research question (8 pts); include data/stats/quotes, analysis, and relate
findings to RQ answers (6 pts), visualizations (3 pts)
Discussion: 18 points
Summarize findings for all RQs (3 pts), provide interpretations/discussions
for all RQs (12 pts), comparison/contrast with previous studies and citation
needed (3 pts)
Limitations/Future Studies: 6 points
Limitations (include generalizability issues discussion) (3 pts), future studies
(3 pts)
Conclusion: 5 points
Restate and highlight core findings (5 pts)
Reflection: 10 points (Individual)
Reflection by team members (10 pts each)
File Name, APA Style, Consent Form: 12 points
File name (1 pt), proper citations and references (8 pts), match between
reference list and citations, (2 pts), consent form (1 pt)