Next Article in Journal
Convolutional Support Vector Models: Prediction of Coronavirus Disease Using Chest X-rays
Next Article in Special Issue
Correction: Díaz Ferreyra, N.E., et al. Preventative Nudges: Introducing Risk Cues for Supporting Online Self-Disclosure Decisions. Information 2020, 11, 399
Previous Article in Journal
An Attempt to Identify Meaningful Descriptors of Handgrip Strength Using a Novel Prototype: Preliminary Study
Previous Article in Special Issue
Preventative Nudges: Introducing Risk Cues for Supporting Online Self-Disclosure Decisions
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Information
Volume 11
Issue 12
10.3390/info11120547
Review Report
information-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

Assessment of End-User Susceptibility to Cybersecurity Threats in Saudi Arabia by Simulating Phishing Attacks

Information 2020, 11(12), 547; https://doi.org/10.3390/info11120547
by Dania Aljeaid *, Amal Alzhrani, Mona Alrougi and Oroob Almalki
Reviewer 1: Anonymous
Reviewer 2: Anonymous
Reviewer 3: Anonymous
Information 2020, 11(12), 547; https://doi.org/10.3390/info11120547
Submission received: 8 October 2020 / Revised: 20 November 2020 / Accepted: 23 November 2020 / Published: 25 November 2020
(This article belongs to the Special Issue Privacy Protection on Social Network Data)

Round 1

Reviewer 1 Report

This study focuses on evaluating the level of cybersecurity knowledge and cyber awareness in Saudi Arabia. It is aimed at assessing end-user susceptibility through three phishing attack simulations. Furthermore, they elaborate on some of the concepts related to phishing attacks and review the steps required to launch such attacks. However, they do not consider any machine learning-based analysis, although many works have been done in these areas. For your references, you can consider the machine learning based techniques.

Cybersecurity Data Science: An Overview from Machine Learning Perspective, Journal of Big Data, UK, Springer.
A new hybrid ensemble feature selection framework for machine learning-based phishing detection system, Information Sciences, Elsevier.
Machine learning based phishing detection from URLs, Expert Systems with Applications, Elsevier

So on ....

Although, they mentioned to design and develop a machine-learning-based algorithm in the future, however, an analysis with machine learning can improve the paper.

A Discussion Section with summarizing their findings might be helpful.

 

 

 

Author Response

 

Dear Reviewer,

Thank you for the thoughtful and rigorous reviews. We have highlighted the improvements according to each reviewer comment in the attached file, and we believe the changes have improved the clarity of the manuscript. We hope our work address all of the points raised, and look forward to your response to our revision.

Kind regards,

 

Author Response File: Author Response.docx

Reviewer 2 Report

The methodology and the structure of paper is very good. The case presented is studied in deep and could be an interesting read for technicians and researcher.

 

Author Response

Dear Reviewer,

Thank you for the thoughtful and rigorous reviews. We have highlighted the improvements according to each reviewer comment in the attached file, and we believe the changes have improved the clarity of the manuscript. We hope our work address all of the points raised, and look forward to your response to our revision.

Kind regards,

 

Author Response File: Author Response.docx

Reviewer 3 Report

The authors of this paper focused on phishing and study the people’s behavior using three different phishing attacks, cloning a popular website, using email phishing, and spreading a phishing message through social networks. They performed their experiments in Saudi Arabia and as expected, due to the low awareness of the people their attacks started with a lot of success which was decaying over time.

This is an interesting work that demonstrates a use case. However, there are some issues that I would like to raise with the authors.

The paper needs extensive proofreading. The last contribution is obviously broken due to last-minute editing.

Figures 1 and 2 are not readable and not needed. The text explanation is enough. 

The related work is nonexistent. The authors should provide information about the related literature as there is already a study about phishing emails in Saudi Arabia (Alseadoon, I., Chan, T., Foo, E., & Gonzalez Nieto, J. (2012). Who is more susceptible to phishing emails?: a Saudi Arabian study.)

Additionally, at the end of the literature review, the authors should compare and contrast their work with the literature through a table, highlighting their novelties.

When the authors formed a phishing domain they used combosquatting (Kintis, P., Miramirkhani, N., Lever, C., Chen, Y., Romero-Gómez, R., Pitropakis, N., ... & Antonakakis, M. (2017, October). Hiding in plain sight: A longitudinal study of combosquatting abuse. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (pp. 569-586).)

Figures 3 and 4 should be placed next to each other

As their technique aims at increasing the awareness of people, the attacks should be launched twice to the same people, to show the results of this process and how they react to similar threats.

The security evaluation section does not offer any real evaluation. It should be renamed to the discussion of results.

The future work that mentions the game which is aiming for increasing the cyber awareness already exists in the literature.

 

Author Response

Dear Reviewer,

Thank you for the thoughtful and rigorous reviews. We have highlighted the improvements according to each reviewer comment in the attached file, and we believe the changes have improved the clarity of the manuscript. We hope our work address all of the points raised, and look forward to your response to our revision.

Kind regards,

 

Author Response File: Author Response.docx

Round 2

Reviewer 1 Report

The authors need to answer for each specific comment mentioning how they address in their paper. However, found no answer to the previous comments. 

Author Response

Dear Reviewer,

Please find attached the responses to your comments.

Kind regards,

Author Response File: Author Response.pdf

Reviewer 3 Report

The authors seem to have addressed every comment.

Author Response

Dear Reviewer,

Thank you for your prompt feedback. As for the language editing, we just want to point out that we did use Elsevier lanuage Editing service before (the invoice is attached). Apprarently, the service provided was not satisfactory. Instead, we will use the author services provided by MDPI once all the editing approved. 

Kind regards,

Author Response File: Author Response.pdf

Round 3

Reviewer 1 Report

Although the authors respond "That is why we added in the future works because we are planning to take courses and learn more how to use machine
learning in cybersecurity. The article you mentioned above could help us as starting point to navigate our way to AI and machine learning.", however, this is not convincing. AI/ML is the latest technology to handle cybersecurity threats (ref paper is below). Need to highlight some of this according to this. The authors can highlight in the Discussion section/or others as well.

Cybersecurity Data Science: An Overview from Machine Learning Perspective, Journal of Big Data, UK, Springer

Machine learning-based phishing detection from URLs, Expert Systems with Applications, Elsevier

Author Response

Dear Reviewer,

Kindly find attached the file addressing your comments.

Kind regards,

 

Author Response File: Author Response.pdf

Back to TopTop