Vulnerability of students to phishing sttacks
DOI:
https://doi.org/10.61454/88z0zw71Keywords:
cybersecurity, data security, cyberattack, phishing, social engineering, electronic mailAbstract
The use of digital media by university students has increased their susceptibility to the exposure of their personal and academic information. This study aimed to determine the vulnerability of students at the Central University of Nicaragua during 2025 to phishing attacks via email and text messages. It also analyzed the potential association of these attacks with sociodemographic variables such as age, sex, academic year, and major using a quantitative correlational approach. The hypothesis was that a significant proportion of students would be vulnerable to phishing attacks (p=0.5), with associations to the aforementioned variables. The population consisted of 700 students from various majors. Using simple random sampling, with a 95% confidence level and a 5% margin of error, a sample of 249 students with email addresses registered in the institutional database was selected. Data were analyzed using frequencies, percentages, and confidence intervals. The chi-square test of independence was applied to determine associations; when the assumptions were not met, the Monte Carlo method and Fisher's exact test were used. 36.9% of students were found to be vulnerable, with a slightly higher proportion among women, and no significant associations with sociodemographic variables. Younger students and first-year students showed a higher number of cases of vulnerability. This highlights the need to implement cybersecurity awareness and training strategies, as well as to explore new variables that allow for a better understanding of the factors that influence susceptibility to phishing attacks.
Downloads
References
Abroshan, H., Devos, J., Poels, G., y Laermans, E. (2021). Phishing Happens Beyond Technology: The Effects of H investigan los comportamientos de las personas en líneas de riesgo y sugieren la urgente necesidad de educación, capacitación y conciencia en ciberseguridad en instituciones universitarias.uman Behaviors and Demographics on Each Step of a Phishing Process. IEEE Access, 9, 44928 - 44949. https://doi.org/10.1109/ACCESS.2021.3066383 DOI: https://doi.org/10.1109/ACCESS.2021.3066383
Aguilar-Ojeda, C. E., Hernández-Omaña, T. H., y Soto-Ortíz, S. I. (2024). Buenas prácticas de ciberseguridad en educación superior. South Florida Journal of Development, 5(12), e4879. https://doi.org/10.46932/sfjdv5n12-080 DOI: https://doi.org/10.46932/sfjdv5n12-080
Ahmead, M., Sharif, N. E., y Abuiram, I. (2024). Risky online behaviors and cybercrime awareness among undergraduate students at Al Quds University: a cross sectional study. Crime Science, 13(29). https://doi.org/10.1186/s40163-024-00230-w DOI: https://doi.org/10.1186/s40163-024-00230-w
Alqahtani, S., Nanda, P., y Mohanty, M. (2025). Strengthening Cybersecurity: The Influence of Student Behavior, Perceived Factors, and Mitigating Strategies on Phishing Attack Perception. Web Information Systems Engineering– WISE 2024 PhD Symposium, Demos and Workshops. WISE 2024. Springer: Singapore. https://doi.org/10.1007/978-981-96-1483-7_27 DOI: https://doi.org/10.1007/978-981-96-1483-7_27
Alsharif, M., Mishra, S., y AlShehri, M. (2022). Impact of Human Vulnerabilities on Cybersecurity. Computer Systems Science and Engineering, 40(3), 1153-1166. https://doi.org/10.32604/csse.2022.019938 DOI: https://doi.org/10.32604/csse.2022.019938
Armas, R., y Taherdoost, H. (2025). Building a Cybersecurity Culture in Higher Education: Proposing a Cybersecurity Awareness Paradigm. Information, 16(5), 336. https://doi.org/10.3390/info16050336 DOI: https://doi.org/10.3390/info16050336
Asiri, S., y Alzahrani, Y. X. (2024). Towards Improving Phishing Detection System Using Human in the Loop Deep Learning Model. ACMSE '24: Proceedings of the 2024 ACM Southeast Conference (pp. 77-85). New York: NY,USA. https://doi.org/10.1145/3603287.3651193 DOI: https://doi.org/10.1145/3603287.3651193
Blažič, A. J., y Blažič, B. J. (2024). Teaching and learning cybersecurity for European youth by applying interactive technology and smart education. Education and Information Technologies, 30, 9093-9120. https://doi.org/10.1007/s10639-024-13155-3 DOI: https://doi.org/10.1007/s10639-024-13155-3
Diaz, A., Sherman, A. T., y Joshi, A. (2020). Phishing in an academic community: A study of user susceptibility and behavior. Cryptologia, 44(1), 53-67. https://doi.org/10.1080/01611194.2019.1623343 DOI: https://doi.org/10.1080/01611194.2019.1623343
Du, J., Kalafut, A., y Schymik, G. (2024). The health belief model and phishing: determinants of preventative security behaviors. Journal of Cybersecurity, 10(Issue 1), tyae012. https://doi.org/10.1093/cybsec/tyae012 DOI: https://doi.org/10.1093/cybsec/tyae012
Dubovecka, K. (2024). Vulnerability of Students of Masaryk University to Two Different Types of Phishing. Applied Cybersecurity & Internet Governance (ACIG), 3(2), 268-285. https://doi.org/10.60097/ACIG/190268 DOI: https://doi.org/10.60097/ACIG/190268
Jiménez-Sánchez, V. G., Tipanluisa-Masabanda, R. I., y León-Espinoza, C. J. (2025). Ciberseguridad en la educación superior: evaluación y estrategias de formación. Technology Rain Journal, 4(2). https://doi.org/10.55204/trj.v4i1.e94 DOI: https://doi.org/10.55204/trj.v4i1.e94
Kavvadias, A., y Kotsilieris, T. (2025). Understanding the Role of Demographic and Psychological Factors in Users’ Susceptibility to Phishing Emails: A Review. Applied Sciences, 14(4), 2236. https://doi.org/10.3390/app15042236 DOI: https://doi.org/10.3390/app15042236
Kenneth, A., Hayashi, B. B., Lionardi, J., y Richie, S. (9 Agosto 2023). Phishing Attack Awareness Among College Students. 3rd International Conference on Electronic and Electrical Engineering and Intelligent System (ICE3IS). https://www.researchgate.net/publication/376442564_Phishing_Attack_Awareness_Among_College_Students DOI: https://doi.org/10.1109/ICE3IS59323.2023.10335412
Khadka, K., Ullah, A. B., y Marroquin, E. M. (2025). Unmasking persuasion in phishing: a content analysis of principles of persuasion in emails and subject lines. Information and Computer Security. https://doi.org/10.1108/ICS-12-2024-0321 DOI: https://doi.org/10.1108/ICS-12-2024-0321
Molina-Granja, F., Cabezas-Heredia, E., Castelo, L. E., y Guambo-Vallejo, D. C. (2025). Ciberataques y rendimiento académico en educación superior: efectos psicoeducativos y estrategias de mitigación en contextos digitales latinoamericanos. Tesla Revista Científica, 5(1), e497. https://doi.org/10.55204/trc.v5i1.e497 DOI: https://doi.org/10.55204/trc.v5i1.e497
Morrow, E. (2024). Scamming higher ed: An analysis of phishing content and trends. Computers in Human Behavior, 158, 108274. https://doi.org/10.1016/j.chb.2024.108274 DOI: https://doi.org/10.1016/j.chb.2024.108274
Okokpujie, K., Kennedy, C. G., Nnodu, K., y Noma-Osaghae, E. (2023). Cybersecurity Awareness: Investigating Students’ Susceptibility to Phishing Attacks for Sustainable Safe Email Usage in Academic Environment (A Case Study of a Nigerian Leading University). International Journal of Sustainable Development and Planning, 18(1), 255-263. https://doi.org/10.18280/ijsdp.180127 DOI: https://doi.org/10.18280/ijsdp.180127
Rama, P., Marx, B., y Smith, R. (2025). Cybersecurity awareness among accounting students at a South African public university. South African Journal of Information Management, 27(1), a1948. https://doi.org/10.4102/sajim.v27i1.1948 DOI: https://doi.org/10.4102/sajim.v27i1.1948
Yoro, R. E., Aghware, F. O., Akazue, M. I., Ibor, A. E., y Ojugo, A. A. (2023). Evidence of personality traits on phishing attack menace among selected university undergraduates in Nigerian. International Journal of Electrical and Computer Engi, 13(2), 1943-1953. https://doi.org/10.11591/ijece.v13i2.pp1943-1953 DOI: https://doi.org/10.11591/ijece.v13i2.pp1943-1953
Downloads
Published
Issue
Section
License
Copyright (c) 2026 Espectro Investigativo Latinoamericano
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
