University Student Vulnerability to Phishing in Digital Banking across Social Platforms

Mutia Salsanu Fitrah; Sri Ramadhani; Ahmad Syakir

doi:10.56209/jommerce.v5i2.166

Authors

Mutia Salsanu Fitrah Universitas Islam Negeri Sumatera Utara, Medan, Indonesia
Sri Ramadhani Universitas Islam Negeri Sumatera Utara, Medan, Indonesia
Ahmad Syakir Universitas Islam Negeri Sumatera Utara, Medan, Indonesia

DOI:

https://doi.org/10.56209/jommerce.v5i2.166

Keywords:

Phishing Banking, University Students, Digital Banking Services

Abstract

Human fallibility to phishing is not the byproduct of ignorance anymore, but the one kept alive by the very structure of digital existence. The aesthetic of deception finds a fertile ground in the repetitiveness of trust, the aesthetic of familiarity, and fluid choreography of the communication process that occurs via a platform. The current paper investigates the effect that can be observed in students of Indonesian universities who, due to their exposure to mobile banking and messaging culture, do not regard phishing as a perversion but as something that may appear to be reality. The research, which is based on in-depth interviews, baffles the conclusion that deception is not triumphing with tricky technical challenges rather with social engineering that hopscotches through interpersonal pathways, uses institutional jargon, and play with emotional instinct. Subjects were not blind to the danger. They are weak, instead, because of the same set of circumstances that conditions them to act quickly, to accept as true signals that are visually consistent, and to place the value of the urgent ahead of checking. This evidence means that the issue is not the absence of awareness but the weakness of awareness in the face of pressure. Therefore, there is a need to change the way the digital vulnerability is thought of. Security should not be a personal issue that creates a vacuum out of a context. Rather, it needs to be regarded as a social/infrastructural question, one that is informed by design, by platform logic, by the relational predilections by which we characterize our everyday digital practice.

References

Abroshan, H., Devos, J., Poels, G., & Laermans, E. (2021). Phishing happens beyond technology: The effects of human behaviors and demographics on each step of a phishing process. IEEE Access, 9, 44928-44949. http://dx.doi.org/10.1109/ACCESS.2021.3066383

Agusthin, I. D., Nada, D. C., & Putri, N. A. (2024). Legal Protection of Customers from Phishing Crimes in Digital Banking Services in Indonesia. Deposition: Journal of Legal Science Publications, 2(4), 132-148. https://doi.org/10.59581/deposisi.v2i4.4214

Ahmed, S. (2004). Affective economies. Social text, 22(2), 117-139. http://dx.doi.org/10.1215/01642472-22-2_79-117

Akeiber, H. J. (2025). The Evolution of Social Engineering Attacks: A Cybersecurity Engineering Perspective. Al-Rafidain Journal of Engineering Sciences, 294-316. https://doi.org/10.61268/r9c49865

Alkhalil, Z., Hewage, C., Nawaf, L., & Khan, I. (2021). Phishing attacks: A recent comprehensive study and a new anatomy. Frontiers in Computer Science, 3, 563060. https://doi.org/10.3389/fcomp.2021.563060

Alwanain, M. I. (2020). Phishing awareness and elderly users in social media. International Journal of Computer Science and Network Security, 20(9), 114-119.

Anindyaa, T. D., Sasmitaa, G. M. A., & Pratama, I. P. A. E. (2024). Edukasi Bahaya Social Engineering Menggunakan Media Belajar Quizizz Untuk Meningkatkan Kesadaran Keamanan Informasi Nasabah Perbankan. Jitter: Jurnal Ilmiah Teknologi Dan Komputer, 4(3), 2056.

Arif, M. N. R. Al. (2010). Basics of Islamic Bank Marketing. Alfabeta.

Batubara, M. C. A., & Anggraini, T. (2022). Analisis pengaruh layanan digital terhadap minat generasi Z dalam menggunakan produk perbankan syariah. Jurnal Masharif Al-Syariah: Jurnal Ekonomi Dan Perbankan Syariah, 7(2), 706-725.

Bhaskaran, V. (2024). Designing for Trust: The Crucial Role in Digital User Experiences. Journal of User Experience, 19(2), 53-59.

Butavicius, M., Taib, R., & Han, S. J. (2022). Why people keep falling for phishing scams: The effects of time pressure and deception cues on the detection of phishing emails. Computers & Security, 123, 102937. http://dx.doi.org/10.1016/j.cose.2022.102937

Chemerinsky, A. (2021). Tears of Scrutiny. Tulsa L. Rev., 57, 341.

Chou, F. K. Y., Chen, A. P. S., & Lo, V. C. L. (2021). Mindless response or mindful interpretation: examining the effect of message influence on phishing susceptibility. Sustainability, 13(4), 1651. https://doi.org/10.3390/su13041651

CyberTalk. (2022). Phishing Prevention Ebook: What To Know About Upgrading Your Strategy. Cybertalk.Org.

Damon, W. (1984). Peer education: The untapped potential. Journal of applied developmental psychology, 5(4), 331-343. https://psycnet.apa.org/doi/10.1016/0193-3973(84)90006-6

Darics, E. (2012). Instant messaging in work-based virtual teams: the analysis of non-verbal communication used for the contextualisation of transactional and relational communicative goals (Doctoral dissertation, Loughborough University).

Delhomme, P., De Dobbeleer, W., Forward, S., & Simões, A. (2009). Manual for designing, implementing, and evaluating road safety communication campaigns: Part I. Brussels: Belgian Road Safety Institute.

Diederich, A., & Trueblood, J. S. (2018). A dynamic dual process model of risky decision making. Psychological review, 125(2), 270. https://psycnet.apa.org/doi/10.1037/rev0000087

Eyal, N. (2019). Indistractable: How to control your attention and choose your life. BenBella Books.

Financial Services Authority Regulation Number 12/POJK.03/2021 of 2021 concerning Commercial Banks, peraturan.bpk.go.id (2021).

Ganguly, S., Harreis, H., Margolis, B., & Rowshankish, K. (2017). Digital risk: Transforming risk management for the 2020 s. McKinsey & Company.

Gyaisey, A. P. (2023). The Effect of Mobile Payment Technology Fraud Perception on Customer Intention to Continously Use the Service: A Study Moderated by Generation X, Y, and Z from a Developing Economy (Doctoral dissertation, University of Ghana).

Hamm, A. O., Schupp, H. T., & Weike, A. I. (2003). Motivational organization of emotions: Autonomic changes, cortical responses, and reflex modulation. Handbook of affective sciences, 187-211.

Harvey, R. H., Leotta, M. J., & Sachdev, G. (2024). Why depository institutions, with or without affiliated securities firms, can and should manage employee use of personal devices for work-related communications. Journal of Financial Compliance, 8(2), 154-166.

Hollebeek, T., & Waltzman, R. (2004, September). The role of suspicion in model-based intrusion detection. In Proceedings of the 2004 workshop on New security paradigms (pp. 87-94). https://doi.org/10.1145/1065907.1066041

Huang, Y., & Wang, W. (2022). When a story contradicts: Correcting health misinformation on social media through different message formats and mechanisms. Information, Communication & Society, 25(8), 1192-1209. https://psycnet.apa.org/doi/10.1080/1369118X.2020.1851390

Hutchby, I. (2001). Technologies, texts and affordances. Sociology, 35(2), 441-456. http://dx.doi.org/10.1017/S0038038501000219

Ingram Bogusz, C., Teigland, R., & Vaast, E. (2019). Designed entrepreneurial legitimacy: the case of a Swedish crowdfunding platform. European Journal of Information Systems, 28(3), 318-335. https://doi.org/10.1080/0960085X.2018.1534039

Islind, A. S., Norström, L., Vallo Hult, H., & Olsson, S. R. (2020). Socio-technical interplay in a two-sided market: the case of learning platforms. In Digital Transformation and Human Behavior: Innovation for People and Organisations (pp. 33-53). Cham: Springer International Publishing. https://doi.org/10.1007/978-3-030-47539-0_4

Jeon, W. (2020). Resonance, a step towards a fluency for complexity: The science, language, and epistemology of Gregory Bateson (Master's thesis, The University of Western Ontario (Canada)).

Jia, Y., Liu, L., & Lowry, P. B. (2024). How do consumers make behavioural decisions on social commerce platforms? The interaction effect between behaviour visibility and social needs. Information Systems Journal, 34(5), 1703-1736. http://dx.doi.org/10.1111/isj.12508

Kass, R. (1991). Building a user model implicitly from a cooperative advisory dialog. User Modeling and User-Adapted Interaction, 1(3), 203-258. http://dx.doi.org/10.1023/A:1011145532042

Kavitha, P., Anand, A., Sreenivasan, S., Mohammed S, H., Borah, N., & Saikia, D. (2024). The development of early flood monitoring and a whatsapp-based alert system for timely disaster preparedness and response in vulnerable communities. Engineering Proceedings, 62(1), 18. https://doi.org/10.3390/engproc2024062018

Kavvadias, A., & Kotsilieris, T. (2025). Understanding the role of demographic and psychological factors in users’ susceptibility to phishing emails: A review. Applied Sciences, 15(4), 2236. https://doi.org/10.3390/app15042236

Kirlappos, I., Sasse, M. A., & Harvey, N. (2012, June). Why trust seals don’t work: A study of user perceptions and behavior. In International Conference on Trust and Trustworthy Computing (pp. 308-324). Berlin, Heidelberg: Springer Berlin Heidelberg. https://doi.org/10.1007%2F978-3-642-30921-2_18

Kuraku, S. (2022). Curiosity Clicks: The Need for Security Awareness. University of the Cumberlands.

Kurkovsky, S., & Syta, E. (2010, June). Digital natives and mobile phones: A survey of practices and attitudes about privacy and security. In 2010 IEEE International Symposium on Technology and Society (pp. 441-449). IEEE. http://dx.doi.org/10.1109/ISTAS.2010.5514610

La Torre, A., & Angelini, M. (2025). Cyri: A Conversational AI-based Assistant for Supporting the Human User in Detecting and Responding to Phishing Attacks. arXiv preprint arXiv:2502.05951. http://dx.doi.org/10.48550/arXiv.2502.05951

Lai, C., Ma, Y., Lu, R., Zhang, Y., & Zheng, D. (2022). A novel authentication scheme supporting multiple user access for 5G and beyond. IEEE Transactions on Dependable and Secure Computing, 20(4), 2970-2987. http://dx.doi.org/10.1109/TDSC.2022.3198723

Lejarraga, J., & Pindard-Lejarraga, M. (2020). Bounded rationality: Cognitive limitations or adaptation to the environment? The implications of ecological rationality for management learning. Academy of Management Learning & Education, 19(3), 289-306. https://psycnet.apa.org/doi/10.5465/amle.2019.0189

Lentenbrink, J. W. (2018). The Desexualization of Contemporary Psychoanalysis. Pacifica Graduate Institute.

Lim, K. H., Benbasat, I., & Todd, P. A. (1996). An experimental investigation of the interactive effects of interface style, instructions, and task familiarity on user performance. ACM Transactions on Computer-Human Interaction (TOCHI), 3(1), 1-37. http://dx.doi.org/10.1145/226159.226160

London Jr, J., Li, S., & Sun, H. (2022). Seems legit: An investigation of the assessing and sharing of unverifiable messages on online social networks. Information Systems Research, 33(3), 978-1001. http://dx.doi.org/10.1287/isre.2021.1095

Margie, L. A., Prihatni, R., & Gurendrawati, E. (2024). Determinants of Digital Banking Service Usage: A Systematic Literature Review. Innovation: Scientific Journal of Management Science, 11(2), 604-614. https://doi.org/10.32493/Inovasi.v11i2.p604-614.45249

Maseko, A. E. (2023). Remedies to reduce user susceptibility to phishing attacks (Doctoral dissertation, University of the Western Cape).

Miller, J. R. (2022). Financial inclusion through WhatsApp banking in Johannesburg (Master's thesis, University of the Witwatersrand, Johannesburg (South Africa)).

Mirilla, D. F. (2018). Slow incident response in cyber security: The impact of task disengagement in security operations centers. Pace University.

Msallati, A. (2021). Investigating the nexus between the types of advertising messages and customer engagement: Do customer involvement and generations matter?. Journal of Innovations in Digital Marketing, 2. http://dx.doi.org/10.51300/jidm-2020-31

Muda, N. R. S. (2024). Design and Build Plastic Waste Processing Robots in Indonesia to Support Sustainable Environmental Management. International Journal of IJNRSM, 4(7), 200-210.

Muftiadi, A., Agustina, T. P. M., & Evi, M. (2022). Studi kasus keamanan jaringan komputer: analisis ancaman phising terhadap layanan online banking. Hexatech: Jurnal Ilmiah Teknik, 1 (2), 60-65.

Nur, F. (2023). Penegakan hukum terhadap kejahatan digital perbankan. Innovative: Journal Of Social Science Research, 3(6), 3234-3249.

Okoli, J. (2021). Improving decision-making effectiveness in crisis situations: developing intuitive expertise at the workplace. Development and Learning in Organizations: An International Journal, 35(4), 18-20. http://dx.doi.org/10.1108/DLO-08-2020-0169

Parker, C. (2006). The “compliance” trap: The moral message in responsive regulatory enforcement. Law & Society Review, 40(3), 591-622. http://dx.doi.org/10.1111/j.1540-5893.2006.00274.x

Price, M. C., & Norman, E. (2008). Intuitive decisions on the fringes of consciousness: Are they conscious and does it matter?. Judgment and Decision making, 3(1), 28-41. http://dx.doi.org/10.1017/S1930297500000140

Saarni, C. (2001). Cognition, context, and goals: Significant components in social-emotional effectiveness. Social Development, 10(1). https://psycnet.apa.org/doi/10.1111/1467-9507.00152

Saberi Pirouz, A. (2013). Securing email through online social networks (Doctoral dissertation, Concordia University).

Scissors, L. E., Gill, A. J., & Gergle, D. (2008, November). Linguistic mimicry and trust in text-based CMC. In Proceedings of the 2008 ACM conference on Computer supported cooperative work (pp. 277-280). http://dx.doi.org/10.1145/1460563.1460608

Sephton, K. A. (2013). Decision-making under information overload: Visual representation and ‘fast and frugal’heuristics as strategies for dealing with information overload (Doctoral dissertation, Stellenbosch: Stellenbosch University).

Shalaby, A. (2024). Classification for the digital and cognitive AI hazards: urgent call to establish automated safe standard for protecting young human minds. Digital Economy and Sustainable Development, 2(1), 17. http://dx.doi.org/10.1007/s44265-024-00042-5

Shiv, B., Loewenstein, G., Bechara, A., Damasio, H., & Damasio, A. R. (2005). Investment behavior and the negative side of emotion. Psychological science, 16(6), 435-439. https://doi.org/10.1111/j.0956-7976.2005.01553.x

Simatupang, S., Sinaga, O. S., Manurung, S., Ambarita, M. H., & Mokodongan, E. N. (2024). Digital Bank and Consumer Trust. Satyagraha Scientific Journal, 7(2), 156-164. https://doi.org/10.47532/jis.v7i2.1090

Sokol -Hessner, P., & Rutledge, R. B. (2019). The psychological and neural basis of loss aversion. Current Directions in Psychological Science, 28(1), 20-27. https://psycnet.apa.org/doi/10.1177/0963721418806510

Stewart, D. W., & Martin, I. M. (1994). Intended and unintended consequences of warning messages: A review and synthesis of empirical research. Journal of Public Policy & Marketing, 13(1), 1-19. http://dx.doi.org/10.1177/074391569401300101

Stockinger, T. (2011). Implicit authentication on mobile devices. In The Media Informatics Advanced Seminar on Ubiquitous Computing (Vol. 8).

Tasri, E. S., Karimi, K., & Muslim, I. (2021). Community Economic Vulnerability and Resilience to Environmental Damage. Sukabina Press.

Teng, S., Khong, K. W., Chong, A. Y. L., & Lin, B. (2017). Persuasive electronic word-of-mouth messages in social media. Journal of Computer Information Systems, 57(1), 76-88. http://dx.doi.org/10.1080/08874417.2016.1181501

Thomas, J. S., Chen, C., & Iacobucci, D. (2022). Email marketing as a tool for strategic persuasion. Journal of Interactive Marketing, 57(3), 377-392. http://dx.doi.org/10.1177/10949968221095552

Unger, N., Dechand, S., Bonneau, J., Fahl, S., Perl, H., Goldberg, I., & Smith, M. (2015, May). SoK: secure messaging. In 2015 IEEE Symposium on Security and Privacy (pp. 232-249). IEEE. https://doi.org/10.1109/SP.2015.22

Valiansyah, R., Matulessy, A., & Pratitis, N. (2023). Impulse Buying in College Students: What is the Role of Intepersonal Influence Vulnerability? INNER: Journal of Psychological Research, 2(4), 539-549.

Van Prooijen, J. W. (2017). The moral punishment instinct. Oxford University Press.

Wang, J., Chen, R., Herath, T., & Rao, H. R. (2009). Visual e-mail authentication and identification services: An investigation of the effects on e-mail use. Decision Support Systems, 48(1), 92-102. http://dx.doi.org/10.1016/j.dss.2009.06.012

Wepener, C., Johnson, E., & Bornman, J. (2021). Text messaging “Helps Me to Chat”: exploring the interactional aspects of text messaging using mobile phones for youth with complex communication needs. Augmentative and Alternative Communication, 37(2), 75-86. http://dx.doi.org/10.1080/07434618.2021.1928284

Wolburg, J. M. (2006). College students’ responses to antismoking messages: Denial, defiance, and other boomerang effects. Journal of Consumer Affairs, 40(2), 294-323. https://psycnet.apa.org/doi/10.1111/j.1745-6606.2006.00059.x

Yano, N., Ishii, T., & Irie, R. (1975). Modification of the Disk Assay Method for Detection of Antibiotics by Direct Seeding of Spores of Bacillus stearothermophilus. Food Hygiene and Safety Science (Shokuhin Eiseigaku Zasshi), 16(2), 105-109_1. https://doi.org/10.3358/shokueishi.16.105

Yousafzai, S. Y., Pallister, J. G., & Foxall, G. R. (2003). A proposed model of e-trust for electronic banking. Technovation, 23(11), 847-860. http://dx.doi.org/10.5267/j.msl.2015.8.008

Zuboff, S. (2019, January). Surveillance capitalism and the challenge of collective action. In New labor forum (Vol. 28, No. 1, pp. 10-29). Sage CA: Los Angeles, CA: Sage Publications.