Level of Awareness and Susceptibility to Phishing Attacks Among Students of Quezon City University: A Stratified Survey Study
Article Sidebar
Main Article Content
Phishing attacks continue to pose serious cybersecurity risks in educational institutions as students increasingly rely on digital platforms for academic and personal activities. This study aimed to determine the level of phishing awareness and phishing susceptibility among students of Quezon City University, particularly comparing IT and non-IT students. Using a descriptive-comparative quantitative research design, data were collected from 397 students through a stratified survey conducted using online and printed questionnaires. Statistical tools such as frequency and percentage, weighted mean, independent samples t-test, and Pearson Product-Moment Correlation Coefficient were used to analyze the data. The findings revealed that students generally demonstrated a high level of phishing awareness but showed a moderate level of phishing susceptibility. Results also indicated a significant difference in phishing awareness between IT and non-IT students, with IT students exhibiting higher awareness levels. However, no significant difference was found in phishing susceptibility between the two groups. Furthermore, a significant moderate negative relationship was identified between phishing awareness and phishing susceptibility, indicating that higher awareness is associated with lower vulnerability to phishing attacks. The study concludes that although students possess adequate knowledge regarding phishing threats, awareness alone does not completely prevent risky online behavior. The findings may contribute to the development of targeted cybersecurity awareness programs and safer digital practices among university students.
Downloads
References
, Merjina A. Amin, Lina I. Ahaja, Armilyna A. Ahog, Raina T. Ladjahasan, Rima K. Jul, Nerhana J. Radjail, Benczar J. Sayadi, Aljimar J. Sarabi, & Dr. Shernahar K. Tahil. (2024). Understanding the Impact of Phishing Attacks on Organizational Security and Trust. International Journal For Multidisciplinary Research, 6(6). https://doi.org/10.36948/ijfmr.2024.v06i06.34230
Abufardeh, S., & Falah, B. (2023). The State of Phishing Attacks and Countermeasures. Sameer Abufardeh & Bouchaib Falah International Journal of Computer Science & Security (IJCSS), (17), 54. https://www.cscjournals.org/manuscript//Journals/IJCSS/Volume17/Issue4/IJCSS-1702.pdf
Adeshola, I., & Oluwajana, D. I. (2025). Assessing cybersecurity awareness among university students: implications for educational interventions. Journal of Computers in Education, 12(4), 1283–1305. https://doi.org/10.1007/s40692-024-00346-7
Al Zaidy, A. (2025). Measuring Cybersecurity Awareness of Students: a Study of State College Students. Journal of Information Technology, Cybersecurity, and Artificial Intelligence, 2(3), 17–40. https://doi.org/10.70715/jitcai.2025.v2.i3.030
Alabab, B., Cubol, J., Pascual, M. A., Ubaldo, E., Sario, D. R., & Velasco, M. (2024). Cybersecurity Awareness of College Students in a Private Higher Education Institution. CGCI International Journal of Administration, Management, Education and Technology, 1(1), 51–57. https://doi.org/10.70059/1zw7x826
Aliyu, M., Bagarawa, M. U., Mu’azu, A. N., & Umar, M. T. (2023). Understanding phishing awareness among students in tertiary institutions and setting-up defensive mechanisms against the attackers. Caliphate Journal of Science and Technology, 5(1), 22–31. https://doi.org/10.4314/cajost.v5i1.4
Aljeaid, D., Alzhrani, A., Alrougi, M., & Almalki, O. (2020). Assessment of End-User Susceptibility to Cybersecurity Threats in Saudi Arabia by Simulating Phishing Attacks. Information, 11(12), 547. https://doi.org/10.3390/info11120547
Alkhalil, Z., Hewage, C., Nawaf, L., & Khan, I. (2021). Phishing Attacks: A Recent Comprehensive Study and a New Anatomy. Frontiers in Computer Science, 3. https://doi.org/10.3389/fcomp.2021.563060
Alqahtani, S., Nanda, P., & Mohanty, M. (2025). Strengthening Cybersecurity: The Influence of Student Behavior, Perceived Factors, and Mitigating Strategies on Phishing Attack Perception (pp. 313–329). https://doi.org/10.1007/978-981-96-1483-7_27
Auton, J. C., & Sturman, D. (2025). Persuasion under pressure: the influence of persuasion principles and time constraints on phishing email susceptibility. Information & Computer Security, 33(5), 845–859. https://doi.org/10.1108/ICS-07-2024-0163
Azzeh, M., Mousa Altamimi, A., Albashayreh, M., & AL-Oudat, M. A. (2022). Adopting the cybersecurity concepts into curriculum: the potential effects on students’ cybersecurity knowledge. Indonesian Journal of Electrical Engineering and Computer Science, 25(3), 1749. https://doi.org/10.11591/ijeecs.v25.i3.pp1749-1758
Bhavsar, V., Kadlak, A., & Sharma, S. (2018). Study on Phishing Attacks. International Journal of Computer Applications, 182(33), 975–8887. www.ijcaonline.org
Broadhurst, R., Skinner, K., Sifniotis, N., Matamoros-Macias, B., & Ipsen, Y. (2019). Phishing and Cybercrime Risks in a University Student Community. The International Journal of Cybersecurity Intelligence and Cybercrime, 2(1), 4–23. https://doi.org/10.52306/02010219RZEX445
Casagrande, M., Conti, M., Fedeli, M., & Losiouk, E. (2023). Alpha Phi-shing Fraternity: Phishing Assessment in a Higher Education Institution. Journal of Cybersecurity Education Research and Practice, 2022(2). https://doi.org/10.32727/8.2023.1
De Ramos, N. M., & Esponilla II, F. D. (2022). Cybersecurity program for Philippine higher education institutions: A multiple-case study. International Journal of Evaluation and Research in Education (IJERE), 11(3), 1198. https://doi.org/10.11591/ijere.v11i3.22863
Desolda, G., Ferro, L. S., Marrella, A., Catarci, T., & Costabile, M. F. (2022). Human Factors in Phishing Attacks: A Systematic Literature Review. ACM Computing Surveys, 54(8), 1–35. https://doi.org/10.1145/3469886
Diaz, A., Sherman, A. T., & Joshi, A. (2020). Phishing in an academic community: A study of user susceptibility and behavior. Cryptologia, 44(1), 53–67. https://doi.org/10.1080/01611194.2019.1623343
Gan, C. L., Lee, Y. Y., & Liew, T. W. (2024). Fishing for phishy messages: predicting phishing susceptibility through the lens of cyber-routine activities theory and heuristic-systematic model. Humanities and Social Sciences Communications, 11(1), 1552. https://doi.org/10.1057/s41599-024-04083-1
Gwenhure, A. K. (2025). University students’ security behavior against email phishing attacks: insights from the health belief model. Journal of Cybersecurity, 11(1). https://doi.org/10.1093/cybsec/tyaf034
Hakim, Z. M., Ebner, N. C., Oliveira, D. S., Getz, S. J., Levin, B. E., Lin, T., Lloyd, K., Lai, V. T., Grilli, M. D., & Wilson, R. C. (2021). The Phishing Email Suspicion Test (PEST) a lab-based task for evaluating the cognitive mechanisms of phishing detection. Behavior Research Methods, 53(3), 1342–1352. https://doi.org/10.3758/s13428-020-01495-0
Han, M., Zhao, H., Ma, X., & Shi, R. (2025). Influencing factors of information security behavior among college students based on protection motivation theory: evidence from China. Frontiers in Public Health, 13. https://doi.org/10.3389/fpubh.2025.1677024
Ismail, N. N. S., Fammy Rikzan, F. I., Katuk, N., Hashim, N. L., & Mohd Zulkefli, N. A. (2023). ENHANCING INFORMATION SECURITY AWARENESS ON PHISHING AMONG IT STUDENTS: A PILOT TEST CASE STUDY AT POLITEKNIK TUANKU SYED SIRAJUDDIN. Journal of Digital System Development, 1, 12–23. https://doi.org/10.32890/jdsd2023.1.2
Jampen, D., Gür, G., Sutter, T., & Tellenbach, B. (2020). Don’t click: towards an effective anti-phishing training. A comparative literature review. Human-Centric Computing and Information Sciences, 10(1), 33. https://doi.org/10.1186/s13673-020-00237-7
Kuraku, S., Kalla, D., Smith, N., & Samaah, F. (2023). Exploring How User Behavior Shapes Cybersecurity Awareness in the Face of Phishing Attacks. International Journal of Computer Trends and Technology, 71, 74–79. https://doi.org/10.14445/22312803/IJCTT-V71I11P111
Lee, Y. Y., Gan, C. L., & Liew, T. W. (2023). Susceptibility to instant messaging phishing attacks: does systematic information processing differ between genders? Crime Prevention and Community Safety, 25(2), 179–203. https://doi.org/10.1057/s41300-023-00176-2
Le-Nye, E. N. M., Yaacoub, C., & Possik, J. (2024). Evaluating Phishing Awareness Strategies: A Comparative Study of Education-based approaches and Game-based learning. Procedia Computer Science, 251, 666–671. https://doi.org/10.1016/j.procs.2024.11.166
Lin, T., Capecci, D. E., Ellis, D. M., Rocha, H. A., Dommaraju, S., Oliveira, D. S., & Ebner, N. C. (2019). Susceptibility to Spear-Phishing Emails. ACM Transactions on Computer-Human Interaction, 26(5), 1–28. https://doi.org/10.1145/3336141
Mouncey, E., & Ciobotaru, S. (2025). Phishing scams on social media: An evaluation of cyber awareness education on impact and effectiveness. Journal of Economic Criminology, 7, 100125. https://doi.org/10.1016/j.jeconc.2025.100125
Nasser, G., Morrison, B. W., Bayl-Smith, P., Taib, R., Gayed, M., & Wiggins, M. W. (2020). The Role of Cue Utilization and Cognitive Load in the Recognition of Phishing Emails. Frontiers in Big Data, 3. https://doi.org/10.3389/fdata.2020.546860
Okokpujie, K., Ariyo, M. A., Moninuola, F. S., Akanle, M. B., & Okokpujie, I. P. (2025). Evaluating Students’ Vulnerability and Awareness to Phishing Attacks in Educational Institutions. International Journal of Safety and Security Engineering, 15(3), 621–630. https://doi.org/10.18280/ijsse.150320
Omorog, C. D., & Medina, R. P. (2020). Internet Security Awareness of Filipinos: A Survey Paper. https://doi.org/10.25147/ijcsr.2017.001.1.18
Romel, M., Florendo, B. B., Jacob, M., Ranit, B., Jnel, M. E., Filamor, M., Marinella, M., & Armeza, J. I. (2025). Examining Cybersecurity Awareness Among College Students Across Various Year Levels in the Province of Laguna. www.ijfmr.com
Ruzaili, H., Katuk, N., Zaini, K., & Abdullah, W. (2026). PHISHING AWARENESS AND PREVENTIVE MEASURES AMONG UNIVERSITY STUDENTS: KNOWLEDGE, BEHAVIORS, AND VICTIMISATION PERSPECTIVES. Millenium: Journal of Education, Technologies, and Health, 2026(29). https://doi.org/10.29352/mill0229.43489
Siedlecki, S. L. (2020). Understanding Descriptive Research Designs and Methods. Clinical Nurse Specialist, 34(1), 8–12. https://doi.org/10.1097/NUR.0000000000000493
Slater, P., & Hasson, F. (2025). Quantitative Research Designs, Hierarchy of Evidence and Validity. Journal of Psychiatric and Mental Health Nursing, 32(3), 656–660. https://doi.org/10.1111/jpm.13135
Sturman, D., Bell, E. A., Auton, J. C., Breakey, G. R., & Wiggins, M. W. (2024). The roles of phishing knowledge, cue utilization, and decision styles in phishing email detection. Applied Ergonomics, 119, 104309. https://doi.org/10.1016/j.apergo.2024.104309
Tanti, R. (2024). Study of Phishing Attack and their Prevention Techniques. INTERANTIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT, 08(10), 1–8. https://doi.org/10.55041/IJSREM38042
Vivien A. Agustin, Joseph Darwin C. Co, Raymund M. Dioses, Criselle J. Centeno, Angeli Joy M. Farol, & Patricia Jenel P. Marcelo. (2024). Unveiling shadows: A gamified approach to raise awareness and combat phishing tactics. World Journal of Advanced Research and Reviews, 24(2), 2077–2084. https://doi.org/10.30574/wjarr.2024.24.2.3453
William Vortia. (2025). Modelling cybersecurity awareness, perceived threats and secure online behavioral intentions among Ghanaian university students: A PLS-SEM Approach. Magna Scientia Advanced Research and Reviews, 14(2), 096–111. https://doi.org/10.30574/msarr.2025.14.2.0094
Yin, D., Mullarkey, M., de Vreede, G.-J., & Limayem, M. (2025). Learning by Phishing via Post-Simulation Feedback: From Embedded to Non-Embedded Training. MIS Quarterly, 1–17. https://doi.org/10.25300/MISQ/2025/19354
This work is licensed under a Creative Commons Attribution 4.0 International License.
All articles published in our journal are licensed under CC-BY 4.0, which permits authors to retain copyright of their work. This license allows for unrestricted use, sharing, and reproduction of the articles, provided that proper credit is given to the original authors and the source.