Cybersecurity Awareness and Community Response to Phishing Threats: An Indonesian Social Behavior Analysis

Authors

  • Fadhil Rozi Hendrawan Telkom University
  • Arif Rahman Hakim Telkom University
  • Dewi Marini Umi Atmaja Telkom University
  • Zaidan Mufaddhal Huazhong Universityof Science and Technology

DOI:

https://doi.org/10.32664/smatika.v16i02.2332

Keywords:

Indonesia, Online Behavior, Phishing Cybercrime, Risk Management, Socio-Cultural Perspective

Abstract

This research discusses the increased levels of connectivity and digital engagement experienced by the people of Indonesia due to the development of digital technology as well as the risks associated with the growing prevalence of phishing cyber crimes in the country despite having the third-highest population of internet users globally. Although the level of digital literacy varies across different regions in the country, younger users in Indonesia appear to be the most vulnerable to phishing attacks. In view of the above, this paper seeks to identify and explore the behavioral dimensions that determine vulnerability to phishing amongst young internet users in Indonesia through a qualitative exploration of behavioral exposure towards such cyber crime. The research employs a quantitative cross-sectional survey method using structured questionnaires provided to 53 participants in their teens who were frequently involved in using digital platforms for purposes such as engaging on social media, making purchases from e-commerce sites, and executing payments via digital platforms, all chosen using a purposive sample method. Validity and reliability were measured using the Principal Component Analysis, the Kaiser-Meyer-Olkin validity test, Bartlett's Test of Sphericity and Cronbach's Alpha test respectively. Validity tests produced a KMO measure of 0.587 with a statistically significant Bartlett test result (χ²=71.940, df=10, p<0.001). Using PCA, two factors contributing 70.997% cumulative variance were identified with Eigenvalue values of 2.299(45.98%) and 1.251(25.02%). The first factor measures active reception of links via digital platforms and the second measures exposure to bypassing attempts via OTP channels. The four-item scale had a Cronbach Alpha of 0.743 implying acceptable internal consistency.

References

[1] A. A. Vărzaru and C. G. Bocean, “Digital Transformation and Innovation: The Influence of Digital Technologies on Turnover from Innovation Activities and Types of Innovation,” Systems, vol. 12, no. 9, p. 359, 2024, doi: 10.3390/systems12090359.

[2] E. Wijaya, D. P. Wulan, and T. D. Nursanti, “Exploring Millennial Security Awareness of Data Protection, Cybercrime, and Privacy Management in Indonesia,” in 2025 International Conference on Computer Science, Engineering and Technology Innovation (ICoCSETI), 2025, pp. 858–863. doi: 10.1109/ICOCSETI63724.2025.11019204.

[3] T. Bui, E. Clemons, and K. Streff, “Information Security and Privacy,” in Proceedings of the Annual Hawaii International Conference on System Sciences, 2018, p. 4702. doi: 10.1201/b18827-22.

[4] H. Omotunde and M. Ahmed, “A Comprehensive Review of Security Measures in Database Systems: Assessing Authentication, Access Control, and Beyond,” Mesopotamian J. Cyber Secur., pp. 115–133, 2023, doi: 10.58496/MJCSC/2023/016.

[5] H. Sama and S. E. Prasetyo, “The Cyber Threat Landscape in Indonesia: Attacks and Security System Analysis,” SMATIKA, vol. 16, no. 1, pp. 148–156, 2026, doi: 10.32664/smatika.v16i01.2200.

[6] M. W. M. Al-Quran, “Traditional Media versus Social Media: Challenges and Opportunities,” Tech. Rom. J. Appl. Sci. Technol., vol. 4, no. 10, pp. 145–160, 2022, doi: 10.47577/technium.v4i10.8012.

[7] S. Creese, W. H. Dutton, and P. Esteve-González, “The Social and Cultural Shaping of Cybersecurity Capacity Building: A Comparative Study of Nations and Regions,” Pers. Ubiquitous Comput., vol. 25, no. 5, pp. 941–955, 2021, doi: 10.1007/s00779-021-01569-6.

[8] W. Febriyani, T. F. Kusumasari, and M. Lubis, “An Narrative Review on Achieving Data Governance in Indonesia Amidst Data Security Challenges,” vol. 6, no. 158, pp. 785–792, 2023.

[9] S. B. MacKenzie, P. M. Podsakoff, and C. B. Jarvis, “The Problem of Measurement Model Misspecification in Behavioral and Organizational Research and Some Recommended Solutions,” J. Appl. Psychol., vol. 90, no. 4, pp. 710–730, 2005, doi: 10.1037/0021-9010.90.4.710.

[10] F. R. Hendrawan, T. F. Kusumasari, and D. Praditya, “A Comprehensive Framework of Role Data Governance in Ensuring Data Quality: Literature Review,” in 2023 Eighth International Conference on Informatics and Computing (ICIC), 2023. doi: 10.1109/ICIC60109.2023.10381991.

[11] T. Oketunji and O. Omodara, “Design of Data Warehouse and Business Intelligence System,” Master Thesis, 2011.

[12] M. Yunus and M. Yunus, “Klasifikasi Sentimen Terhadap Badan Penyelenggara Jaminan Sosial (BPJS) Pada Media Sosial Twitter Menggunakan Naive Bayes,” SMATIKA, vol. 11, pp. 81–91, 2021, doi: 10.32664/smatika.v11i02.577.

[13] M. S. Ummah, “DRM, A Design Research Methodology,” 2019.

[14] J. F. Hair, W. C. Black, B. J. Babin, and R. E. Anderson, Multivariate Data Analysis: A Global Perspective. Upper Saddle River, NJ: Pearson, 2010.

[15] A. R. Hevner, S. T. March, J. Park, and S. Ram, “Design Science in Information Systems Research,” MIS Q., vol. 28, no. 1, pp. 75–105, 2004, doi: 10.2307/25148625.

[16] N. H. A. Hardani et al., Buku Metode Penelitian Kualitatif. 2020.

[17] A. P. Nugraha, A. Kurnia, P. I. P. Putra, A. Rahman, and D. Dikrurahman, “The Impact of Social Media on Social Interaction and Self-Identity in Indonesian Society,” J. Soc. Res., vol. 3, no. 9, pp. 1–8, 2024, doi: 10.55324/josr.v3i9.2254.

[18] R. Tanti, “Phishing Attack: A Case Study and Their Prevention Techniques,” 2024, doi: 10.55041/IJSREM38042.

[19] T. Moore, “The NIST Cybersecurity,” 2024.

[20] ISO/IEC 27001 International Standard, “Information Security, Cybersecurity and Privacy Protection -- Information Security Management Systems -- Requirements,” 2013.

[21] M. Yasin, A. A. Arman, I. J. M. Edward, and W. Shalannanda, “Designing Information Security Governance Recommendations and Roadmap Using COBIT 2019 Framework and ISO 27001:2013 (Case Study Ditreskrimsus Polda XYZ),” in Proceedings of the 14th International Conference on Telecommunication Systems, Services, and Applications (TSSA), 2020, pp. 3–7. doi: 10.1109/TSSA51342.2020.9310875.

[22] R. Fauzi, “Implementasi Awal Sistem Manajemen Keamanan Informasi pada UKM Menggunakan Kontrol ISO/IEC 27002,” JTERA (Jurnal Teknol. Rekayasa), vol. 3, no. 2, pp. 145–156, 2018, doi: 10.31544/jtera.v3.i2.2018.145-156.

[23] DAMA International Technics, DAMA-DMBOK: Data Management Body of Knowledge: 2nd Edition. 2017.

[24] S. Wadho, A. Meghji, A. Yichiet, R. Kumar, and F. Shaikh, “Encryption Techniques and Algorithms to Combat Cybersecurity Attacks: A Review,” VAWKUM Trans. Comput. Sci., vol. 11, pp. 295–305, 2023, doi: 10.21015/vtcs.v11i1.1521.

[25] F. R. Hendrawan, S. A. Aafiyah, and Z. Mufaddhal, “Adapting DAMA DMBOK Principles for Strengthening Data Security Governance: Digital Transformation in MSMEs,” 2025, doi: 10.52661/jict.v7i2.476.

[26] V. K. Septiyana, S. Sutikno, and K. Surendro, “Design of e-Government Security Governance System Using COBIT 2019,” in International Conference on Information Systems Security (ICISS), 2020, pp. 1–6. doi: 10.1109/ICISS48059.2019.8969808.

[27] M. A. Lanure, F. Maulana, and M. Lubis, “Assessment of IT Maturity Level and Roadmap Preparation for Improving Governance Based on COBIT 5 (Case Study: XYZ Company),” in 1st International Conference on Information Systems and Information Technology (ICISIT), 2022, pp. 31–36. doi: 10.1109/ICISIT54091.2022.9872860.

[28] S. De Haes and W. Van Grembergen, “COBIT as a Framework for Enterprise Governance of IT,” in Enterprise Governance of Information Technology, 2015. doi: 10.1007/978-3-319-14547-1_5.

[29] M. Lubis and F. A. Maulana, “Information and Electronic Transaction Law Effectiveness (UU-ITE) in Indonesia,” in Proceedings of the 3rd International Conference on Information and Communication Technology for the Moslem World (ICT4M), 2010, pp. C–13--C–19. doi: 10.1109/ICT4M.2010.5971892.

[30] M. Lubis, R. Fauzi, A. R. Lubis, and R. Fauzi, “Analysis of Project Integration on Smart Parking System in Telkom University,” in 2018 6th International Conference on Cyber and IT Service Management (CITSM), 2019. doi: 10.1109/CITSM.2018.8674270.

[31] J. H. Pengabdian and P. Masyarakat, “https://journal.unm.ac.id/index.php/JHP2M,” vol. 2, pp. 1–8, 2023.

[32] F. Primarius, N. Koten, A. Jufriansah, and H. Hikmatiar, “Analisis Penggunaan Aplikasi WhatsApp sebagai Media Informasi dalam Pembelajaran: Literature Review,” pp. 72–84, 2022, doi: 10.37640/jip.v14i1.1409.

[33] M. B. Yel and M. K. M. Nasution, “Keamanan Informasi Data Pribadi pada Media Sosial,” J. Ilmu Komput., vol. 6, no. 1, pp. 92–101, 2022, doi: 10.59697/jik.v6i1.144.

[34] K. Parsons, A. Mccormac, M. Butavicius, M. Pattinson, and C. Jerram, “ScienceDirect Determining employee awareness using the Human Aspects of Information Security Questionnaire ( HAIS-Q ),” Comput. Secur., vol. 42, pp. 165–176, 2014, doi: 10.1016/j.cose.2013.12.003.

[35] K. Parsons, D. Calic, M. Pattinson, M. Butavicius, A. McCormac, and T. Zwaans, “The Human Aspects of Information Security Questionnaire (HAIS-Q): Two Further Validation Studies,” Comput. & Secur., vol. 66, pp. 40–51, 2017, doi: 10.1016/j.cose.2017.01.004.

[36] M. Zwilling, G. Klien, D. Lesjak, Ł. Wiechetek, and F. Cetin, “Cyber Security Awareness, Knowledge and Behavior: A Comparative Study,” J. Comput. Inf. Syst., pp. 1–16, 2020, doi: 10.1080/08874417.2020.1712269.

[37] T. Wangchuk and T. A. D. Gonsalves, “Multimodal Phishing Detection on Social Networking Sites: A Systematic Review,”IEEE Access, vol. 13, pp. 103405–103416, 2025, doi: 10.1109/ACCESS.2025.3579584.

[38] L. Bognár and L. Bottyán, “Evaluating Online Security Behavior: Development and Validation of a Personal Cybersecurity Awareness Scale for University Students,” Educ. Sci., vol. 14, no. 6, p. 588, 2024, doi: 10.3390/educsci14060588.

[39] S. K. Al-Romaihi and R. A. Ikuesan, “Cyberbullying Indicator as a Precursor to a Cyber Construct Development,” in Proceedings of the International Conference on Cyber Warfare and Security, 2022.

Downloads

Published

2026-06-29