Background: Phishing is a deceptive tactic in which an attacker impersonates a trusted entity to steal sensitive information from Internet users. This creates significant risks for university end-users who depend on computer networks, underscoring the critical need for enhanced phishing awareness.

Objectives: This study aims to develop a phishing awareness framework among the University of Technology users and, in so doing, help reduce the number of phishing attacks.

Method: A qualitative method based on a case study was adopted. Data were collected from students, academics and technical staff in the information technology (IT) department with ethical considerations in mind. Data were analysed using thematic analysis with the Technology Threats Avoidance Theory as the theoretical lens for the study.

Results: The findings showed many phishing attacks and victims at the university. Furthermore, phishers use different techniques in phishing attacks, and IT users need constant reminders about the danger of phishing attacks. Lastly, it is important to educate users about phishing attacks.

Conclusion: The study recommended a framework for educating users about phishing attacks within the university. The framework included four elements: the frequencies of phishing attacks, strategies of phishing attacks, awareness of phishing attacks, and the nature of a phishing attack programme.

Contribution: This study has the potential to help protect university data and could reduce downtime on the university’s computer network by reducing the number of cyber-attacks. The outcome can also address the online behaviour of end-users to reduce the number of phishing attack victims on the Internet.

Subscribe to our newsletter

Get specific, domain-collection newsletters detailing the latest CPD courses, scholarly research and call-for-papers in your field.

South African Journal of Information Management    |    ISSN: 2078-1865 (PRINT)    |    ISSN: 1560-683X (ONLINE)