Innovating Cybersecurity in Tanzanian Academia: A Mobile Tool for Combatting Social Engineering Threats
Abstract
Social engineering attacks, including phishing, smishing, and vishing, pose significant threats to higher learning institutions, especially in regions with limited cybersecurity awareness and weak incident reporting mechanisms. This study introduces a novel mobile tool that combines real-time threat detection, streamlined reporting, and personalized training to address these vulnerabilities. Using a mixed-methods approach, we gathered survey data from 395 participants, conducted interviews with 10 IT professionals, and ran a pilot test with 20 users. The proposed tool provides instant scanning of emails/SMS for social engineering content and instant incident reporting alongside interactive, bilingual (English/Swahili) training modules. Results show a substantial improvement in user awareness, 85% of users reported a better understanding of social engineering threats after using the app, and high user satisfaction, with 90% expressing approval of the intuitive interface. The integration of real-time threat analysis and immediate reporting with tailored education distinguishes our tool from existing solutions. We discuss how bilingual support broadened engagement and how personalized learning paths reinforced retention of security best practices. Our findings demonstrate that a mobile-based, user-centric approach can significantly bolster cybersecurity awareness and incident response in academic environments. Future work will integrate machine learning for enhanced threat detection and voice-guided features for accessibility, aiming to continuously adapt to evolving attack strategies. This research provides insights for policymakers on incorporating such tools into broader institutional cybersecurity strategies.
Downloads
References
N. Y. Conteh dan P. J. Schmick, "Cybersecurity: Risks, vulnerabilities and countermeasures to prevent social engineering attacks," Int. J. Adv. Comput. Res., vol. 6, no. 23, pp. 11–19, 2016.
F. Salahdine dan N. Kaabouch, "Social engineering attacks: A survey," Future Internet, vol. 11, no. 4, Art. 89, 2019.
G. Montanez et al., "Cognitive workload and social engineering susceptibility: A human-centered approach," Hum.-Comput. Interact., vol. 35, no. 2, pp. 135–149, 2020.
S. M. Albladi dan G. R. S. Weir, "User susceptibility to phishing attacks: The role of user behavior," J. Inf. Secur. Appl., vol. 48, Art. 102352, 2019.
E. Titis dan P. Stephens, "Analyzing cyber attacks and cyber security vulnerabilities in the university sector," Computers, vol. 14, no. 2, Art. 49, 2025.
E. D. Kundy dan B. J. Lyimo, "Cyber security threats in higher learning institutions in Tanzania: A case of University of Arusha and Tumaini University Makumira," Olva Acad.–Sch. Res., vol. 2, no. 3, pp. 1–38, 2019.
M. E. Eltahir dan O. S. Ahmed, "Cybersecurity awareness in African higher education institutions: A case study of Sudan," Inf. Sci. Lett., vol. 12, no. 1, pp. 1–9, 2023.
S. Al-Janabi dan I. Al-Shourbaji, "A study of cyber security awareness in educational environment in the Middle East," J. Inf. Knowl. Manag., vol. 15, no. 1, Art. 1650007, 2016.
M. E. Whitman, H. J. Mattord, dan A. Green, "Reducing cyber crime in Africa through education," Proc. IEEE Int. Conf. Cyber Secur. Resilience (CSR), Rhodes, Greece, 2022, pp. 1–6, doi: 10.1109/CSR54599.2022.9996274.
A. A. Semlambo, D. M. Mfoi, dan Y. Sangula, "Information systems security threats and vulnerabilities: A case of the Institute of Accountancy Arusha (IAA)," J. Comput. Commun., vol. 10, no. 11, pp. 1–17, 2022.
M. Grobler, R. Gaire, dan S. Nepal, "User, usage and usability: Redefining human-centric cyber security," Front. Big Data, vol. 4, Art. 583723, 2021.
H. Aldawood dan G. Skinner, "Social engineering: The science of human hacking in higher education," Future Internet, vol. 11, no. 4, p. 89, 2019.
N. S. Safa, R. Von Solms, dan S. Furnell, "Information security policy compliance: Investigating the role of security awareness and psychological factors," Comput. Secur., vol. 56, pp. 70–82, 2016.
M. Bada, M. A. Sasse, dan J. R. C. Nurse, "Cyber security awareness campaigns: Why do they fail to change behavior?," Proc. Int. Conf. Cyber Secur., 2015.
S. Allam, S. V. Flowerday, dan E. Flowerday, "Smartphone information security awareness: A victim of operational pressures," Comput. Secur., vol. 42, pp. 56–65, 2014.
K. Matyokurehwa, N. Rudhumbu, C. Gombiro, dan C. Chipfumbu-Kangara, "Enhanced social engineering framework mitigating against social engineering attacks in higher education," Secur. Privacy, vol. 5, no. 5, e237, 2022.
J. Hobbs, "Cybersecurity awareness in higher education: A comparative analysis of faculty and staff," Issues Inf. Syst., vol. 24, no. 1, pp. 159–169, 2023, doi: 10.48009/1_iis_2023_114.
A. M. H. Al-Hakimi dan M. Hassan, "Anti-social engineering: The importance of social engineering awareness training web platform," Proc. 2024 IEEE 15th Control Syst. Grad. Res. Colloq. (ICSGRC), pp. 35–40, 2024.
H. Havenstein, "Gamified corporate training and its role in enhancing cybersecurity awareness," J. Cybersecurity Train., vol. 18, no. 3, pp. 221–230, 2020.
E. C. Cheng dan T. Wang, "Institutional strategies for cybersecurity in higher education institutions," Information, vol. 13, no. 4, p. 192, 2022.
T. S. Yin, I. F. Kasmin, Z. M. Z. Abidin, dan H. Vasudavan, "Mobile application for cybersecurity education and awareness since COVID-19 pandemic," Int. J. Data Sci. Adv. Anal., vol. 4, pp. 263–269, 2023.
A. Alroobaea dan P. J. Mayhew, "How many participants are really enough for usability studies?," Proc. Sci. Inf. Conf. (SAI), London, UK, 2014, pp. 48–56, doi: 10.1109/SAI.2014.6918171.
F. T. Ngo, R. Deryol, B. Turnbull, dan J. Drobisz, "The need for a cybersecurity education program for internet users with limited English proficiency: Results from a pilot study," Int. J. Cybersecurity Intell. Cybercrime, vol. 7, no. 1, p. 2, 2024.
Z. Wang, H. Zhu, dan L. Sun, "Social engineering in cybersecurity: Effect mechanisms, human vulnerabilities and attack methods," IEEE Access, vol. 9, pp. 11895–11910, 2021.
A. A. Albishri dan M. M. Dessouky, "A comparative analysis of machine learning techniques for URL phishing detection," Eng. Technol. Appl. Sci. Res., vol. 14, no. 6, pp. 18495–18501, 2024.
Abstract views: 168 times
Download PDF: 111 times
Copyright (c) 2025 Journal of Information Systems and Informatics
This work is licensed under a Creative Commons Attribution 4.0 International License.
- I certify that I have read, understand and agreed to the Journal of Information Systems and Informatics (Journal-ISI) submission guidelines, policies and submission declaration. Submission already using the provided template.
- I certify that all authors have approved the publication of this and there is no conflict of interest.
- I confirm that the manuscript is the authors' original work and the manuscript has not received prior publication and is not under consideration for publication elsewhere and has not been previously published.
- I confirm that all authors listed on the title page have contributed significantly to the work, have read the manuscript, attest to the validity and legitimacy of the data and its interpretation, and agree to its submission.
- I confirm that the paper now submitted is not copied or plagiarized version of some other published work.
- I declare that I shall not submit the paper for publication in any other Journal or Magazine till the decision is made by journal editors.
- If the paper is finally accepted by the journal for publication, I confirm that I will either publish the paper immediately or withdraw it according to withdrawal policies
- I Agree that the paper published by this journal, I transfer copyright or assign exclusive rights to the publisher (including commercial rights)
_1.png){kind=logo}
