Cybersecurity is crucial at present because cyber threats (e.g., phishing) have become a very common occurrence in everyday life. A literature review showed that there are no studies based on cybersecurity awareness which involved a large number of Thai users. Thus, this research focused on the cybersecurity awareness of approximately 20,000 nationwide employees in a large financial institution in Thailand. The study consisted of three phases, a first phishing attack, knowledge transfer through a mixed-approach and a second phishing attack with different content. After data validation and analysis of the results, it was found that the level of cybersecurity awareness of employees improved significantly. The number of employees who opened the phishing email decreased by 71.5%. Therefore, this approach could be applied to cybersecurity enhancement in other organizations and other sectors/industries. Also, it was found that gender played a significant role in cybersecurity awareness within the Thai cybersecurity ecosystem since Thai female employees were found to have a higher level of cybersecurity awareness than male employees. Furthermore, it was found that the different generations of Thai employees (Generations Y and X and Baby Boomers) did not affect cybersecurity awareness.

Phishing is a cybercrime in which the attackers usually impersonate a trusted source. The attackers usually send an email that contains a link that allows them to steal the receiver\'s personal information. In the United States, phishing is the number one cybercrime by victim count according to the Federal Bureau of Investigation\'s 2019 internet crime report. Several studies investigated ways to increase awareness and improve employees\' resistance to phishing attacks. However, in 2019, successful phishing attacks continued to rise at a high rate.
The objective of this study was to investigate the influence of personality-based antecedents on phishing susceptibility in a health care context.
Survey data were collected from participants through Amazon Mechanical Turk to test a proposed conceptual model using structural equation modeling.
A total of 200 participants took part. Health concerns, disposition to trust, and risk-taking propensity yielded higher phishing susceptibility. This highlights the important of personality-based factors in phishing attacks. In addition, females had a higher phishing susceptibility than male participants.
While previous studies used health concerns as a motivator for contexts such as sharing personal health records with providers, this study shed light on the danger of higher health concerns in enabling the number one cybercrime.

Success of phishing attacks depend on effective exploitation of human weaknesses. This research explores a largely ignored, but crucial aspect of phishing: the adversarial behavior. We aim at understanding human behaviors and strategies that adversaries use, and how these may determine the end-user response to phishing emails. We accomplish this through a novel experiment paradigm involving two phases. In the adversarial phase, 105 participants played the role of a phishing adversary who were incentivized to produce multiple phishing emails that would evade detection and persuade end-users to respond. In the end-user phase, 340 participants performed an email management task, where they examined and classified phishing emails generated by participants in phase-one along with benign emails. Participants in the adversary role, self-reported the strategies they employed in each email they created, and responded to a test of individual creativity. Data from both phases of the study was combined and analyzed, to measure the effect of adversarial behaviors on end-user response to phishing emails. We found that participants who persistently used specific attack strategies (e.g., sending notifications, use of authoritative tone, or expressing shared interest) in all their attempts were overall more successful, compared to others who explored different strategies in each attempt. We also found that strategies largely determined whether an end-user was more likely to respond to an email immediately, or delete it. Individual creativity was not a reliable predictor of adversarial performance, but it was a predictor of an adversary\'s ability to evade detection. In summary, the phishing example provided initially, the strategies used, and the participants\' persistence with some of the strategies led to higher performance in persuading end-users to respond to phishing emails. These insights may be used to inform tools and training procedures to detect phishing strategies in emails.