Introduction: Phishing poses significant risks to individuals and organisations, particularly university students who frequently use online platforms and handle sensitive information. Despite the availability of education and training programs, there is a limited understanding of how knowledge, awareness, and preventive measures interact to reduce phishing risks. Objective: To explore the relationships between knowledge of phishing, preventive measures, cybersecurity awareness, phishing awareness, and victimisation among university students. Methods: This quantitative study employed a survey-based approach involving 202 university students. Data were collected using self-administered questionnaires, and 10 hypotheses were tested to analyse relationships among key factors related to phishing awareness, behaviour, and victimisation. Results: Positive correlations were identified between preventive measures and cybersecurity and phishing awareness, emphasising the importance of proactive behaviours. However, knowledge of phishing showed no significant relationship with awareness or preventive behaviours, indicating that knowledge alone does not lead to effective action. Despite preventive efforts, 27.2% of students reported experiencing phishing attacks, highlighting the need for more robust and practical strategies. Conclusion: The findings suggest that targeted phishing education, training, and awareness programmes are essential for improving defensive behaviours against phishing. This study offers actionable insights for educators, policymakers, and cybersecurity professionals to develop more effective training initiatives that reduce phishing risks, particularly among high-risk groups such as university students.
Ruzaili et al. (Sat,) studied this question.