{"paper_id":"2e74f76c-6e7d-47bf-a2f4-c54aaafa9172","body_text":"Phishing resiliency across socio-cultural Spheres: Cyrillic Orthographic Zone versus The Five Eyes | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Article Phishing resiliency across socio-cultural Spheres: Cyrillic Orthographic Zone versus The Five Eyes William Smeal, L. Jean Camp, Yash Kumar, Vaibhav Vishwanath, Mihai Mihai Paunescu This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-6706255/v1 This work is licensed under a CC BY 4.0 License Status: Under Review Version 1 posted 9 You are reading this latest preprint version Abstract Models of economic and health behaviors have been applied to computer security decision-making. One argument against health models is that cybersecurity behavioral factors may vary widely across cultures, while human biology remains the same. In this work we explore the degree to which assumptions of cybersecurity decision-making is consistent across two cultural and linguistic spheres of influence. Specifically, we replicate a study of phishing resilience that was implemented across five English-speaking nations in four nations within the Cyrillic orthographic zone. We compare the overall resilience and factors weights between the two population groups. Our findings illustrate that there were few indicators of significant difference between the two human subjects studies. While the comparisons of the results opens questions that can only be answered with the large scale longitudinal studies, overall the implications support arguments for the application of health models to cybersecurity. Business and commerce/Information systems and information technology Social science/Science technology and society Phishing Resilience Cybersecurity Cross-National Familiarity Risk-Assessment Socio-Technical Cyrillic Orthographic Zone Figures Figure 1 Figure 2 Figure 3 Figure 4 Figure 5 Figure 6 Figure 7 Figure 8 Figure 9 Figure 10 I. Introduction Phishing is a common form of cybercrime characterized by deception in order to obtain victims’ personal private information such as a Social Security number or banking credentials. Most commonly, phishing attacks take on the form of an email written in such a fashion as to convince the recipient that the sender is trustworthy. Unsuspecting victims of email phishing attacks are typically deceived into performing an action that can provide the attacker with sensitive information, such as opening an embedded link. Phishing emails may also present victims with a deceptive message containing a link to a seemingly legitimate domain name, which, in reality, is controlled by a criminal. Phishing is so ubiquitous that there is a $5B global cyber security training market focused solely on teaching individuals how to identify potential phishing attempts. Despite this training and additional technical preventative measures, a large proportion of internet users across the world are still susceptible to phishing attacks (https://dl.acm.org/doi/abs/10.1145/3469886). Our study evaluates phishing resiliency across several countries within the Cyrillic Orthographic Zone (COZ): Belarus, Bulgaria, Russia, and Ukraine, and compares these results with a similar study conducted with participants from the Five Eyes, the Anglophone intelligence alliance consisting of Australia, Canada, New Zealand, the United Kingdom, and the United States. The countries we have chosen share a common linguistic and literary history, representing nations in which the use of Cyrillic script is not only most prominent in cyberspace, but also culturally significant. In our comparative cross-national phishing resilience study, we seek to address the following research questions. Together these research question address the applicability of a cyber health model to phishing. RQ1) Can the cyber model used for measuring phishing resilience in the Five Eyes provide insight into resilience in the COZ? RQ2) To what degree is phishing resilience similar or different between the COZ countries; and how do these countries’ results compare to those of the Five Eyes? RQ3) Does computer security expertise, particularly knowledge and skills related to measures designed to prevent phishing, influence phishing resiliency in COZ countries? Is this different from previous results from the Five Eyes countries? If so, what are the differences? RQ4) Does website familiarity in COZ countries affect participant ability to identify illegitimate sites? Is this the same as in the Five Eyes countries? RQ5) Does risk assessment behavior vary between COZ countries and to what degree to these behavioral trends compare with countries in the Five Eyes? For the purposes of this study, we define phishing resilience as having two components: correctly identifying legitimate websites and correctly distinguishing phishing websites from legitimate sites. As with many experiments, participants were asked to correctly identify an illegitimate site, where the domain name resembles the imitations cyber criminals typically employ when designing their attacks. Additionally, to measure resilience as opposed to vulnerability, we define phishing resilience as including the ability to correctly identify a legitimate site, where no deceptive changes have been made. Our work has two principle goals. Firstly, we identify not only the similarities and differences in resiliency but also the degree to which, if any, factors which have been shown to impinge resilience in previous research apply to participants from the COZ. Secondly, we identify commonalities and differences between the two populations in terms of socio-cultural traits. Our specific findings have expanded the scope of the existing body of literature regarding anti-phishing theory, phishing awareness, and phishing resilience. Beyond the specified research questions, our findings inform the following two open questions. Is a cyber health model appropriate for increasing resilience to phishing? If a cyber health model is appropriate, then arguably the same underlying factors useful in identifying high-risk populations for targeted interventions would apply across different orthographic zones. So our research also informs the question, “would global or region-specific approaches be more effective in reducing the risk of insecurity brought about by successful phishing attacks?”. To inform these questions we begin with a brief overview of previous research on phishing with a focus on populations within the COZ. Section III outlines the methodology utilized to carry out this cross-national study; referring back to related work to identify the theoretical basis for our choices of factors. Section IV and V detail the results of the statistical tests and offer a comparison to the results of a 2021 study (Camp 2021) (which addressed phishing resiliency in the Five Eyes). We then offer a general conclusion in Section VI. We close with a summary and the results, conclude with limited support for the cyber health model for phishing resilience. II. RELATED WORK Phishing is a cybercrime in which illegitimate websites are designed to fool internet users in order to collect users' credentials, personal information, and access to their machines or accounts. Phishing websites are typically designed to resemble legitimate, trustworthy sites. Successful phishing sites create the illusion of security through increasingly sophisticated practices. For example, some phishing attacks involve spoofing a user’s web browser to subvert security warnings and information in URL addresses (Desolda 2021). Cybersecurity attacks take on three principal natures: physical, syntactic, and semantic. While physical and syntactic attacks target physical computer network infrastructure and software respectively, semantic attacks are based on human interaction with the internet (Choo 2013 ). Phishing attacks are categorized as semantic cybersecurity incidents. Traditionally, cyber criminals have targeted internet users in the English-speaking world (Rajivan 2017). However, phishers have expanded the scope of their attacks to include individual users and companies around the globe, sometimes even carefully crafting their messages for specific linguistic audiences. For example, Ermakova finds that phishing attempts through spam sent to Francophone users are more carefully designed than similar scams sent to Anglophone users. The intricacies of the French verbal system are often employed by phishers in French language spam for semantic purposes to legitimize their offers with correspondences in accordance with standard business French registers (Ermakova 2010 ). One factor influencing ongoing phishing susceptibility is the increasingly elaborate nature of attacks, even as more preventative measures are regularly introduced. An additional factor is the increasingly ubiquitous nature of phishing, which has led to an increase in contact between cyber criminals and the progressively diverse demographics of internet users. As the internet has become commonplace throughout much of the world, phishers have access to users across the globe who possess increasing heterogeneity of technical expertise, cultural understandings, and attitudes towards cybersecurity. Ultimately, human beings are the last line of defense in tackling phishing attacks and a better understanding of human factors is therefore key to advancing studies of phishing susceptibility and resilience (e.g., Kelley 2016 , Sample, 2015 ). Understanding human factors in phishing requires also understanding cultural and collective resilience. Recent global events, particularly the COVID-19 pandemic, have illustrated that certain incidents are capable of affecting the global population as a whole. Incidents such as war and pandemics, though tied to the physical world, illicit international attention and global solutions. Shostack and Dykstra suggest that evaluating responses to globally-significant incidents in the physical world, namely the COVID-19 pandemic, can offer insights into tackling similar issues with global reach in the digital realm (Dykstra 2023, (Shostack, 2024 ). Just as a globally-recognized understanding of human biology and virology was instrumental in organizational responses to the COVID-19 pandemic throughout the world, an increased understanding of how human beings identify, interpret, and react to cyber risks is instrumental in the fight against cybercrime. In a cross-national study, Camp et. al. tested phishing resilience with the goal of identifying commonalities between comparable nationalities, more specifically English-speaking, western, industrialized democracies (Camp 2021). Phishing in the wealthiest Anglophone nations, where phishing emails first developed in an attempt to compromise America Online accounts, is particularly common. This may be driven by the comparatively high population of internet users in English-speaking democracies and the hegemonic status of the English language on the internet (Chaudhry 2016, Sample 2015 ). In part because of the dominance of English and the corresponding economic incentives, phishing and spam in the COZ originated as exports (Krebs 2014 ). In this study, we examine participants from a similarly connected group of nations: Belarus, Bulgaria, the Russian Federation, and Ukraine. Although these nations are not western nor Anglophone, phishing attacks are characterized by similar set of stylistic components as in English-language phishing messages: curiosity, fear, and or empathy (Chaudhry 2016). The focus of this work is on phishing attacks targeting Russian language speakers. Kuznetsov outlines the nature of phishing e-mails targeted at Russian-speaking people, particularly those in the Russian Federation. He begins with the first large scale Cyrillic phishing attack in 2004, where Citi Bank clients received an e-mail requesting their banking credentials and PIN codes be re-entered in order to recover accounts after a “system technical error” (Zhuo 2022). Starostenko discusses the spread of phishing emails containing links to falsely advertised products (Starostenko 2020 ). He documents the prevalence and increase in phishing in COZ. Closer to this work, Yangaeva discusses the human factors affecting attack phishing success rates (Yangaeva 2021 ). He reified that the general indicators of phishing outlined by Alkhozae et al. (evaluating phishing characteristics out of the World Wide Web Consortium (W3C) standards to evaluate the security of the websites) are consistent with indicators of phishing discussed in Russian-language literature (Alkhozae 2011 , Deryugin 2019 , Kuznetsov 2007 , Starostenko 2020 ). In summary, previous research has shown that the design of phishing attacks targeting our participant demographics do not largely deviate from those employed in the Five Eyes. In this work, we evaluate the similarities and differences in resilience and the factors underlying resilience. III. EXPERIMENT DESIGN This study aims to evaluate the relationship between phishing resilience and those factors identified as being significant in the cyber health model of phishing resilience: demographics, computer knowledge and skills, computer security knowledge, website familiarity, risk tolerance, and risk perception. The participants in this study are native speakers of one or more Slavic, Cyrillic languages from Belarus, Bulgaria, Russia, and Ukraine. We tested their level of phishing resilience in a simulated environment and analyzed the cyber health factors proportionate to their respective levels of resilience. A. Choice of Countries The countries involved in this experiment were selected because of their unique literary history and linguistic proximity. Within the countries comprising the Cyrillic Orthographic Zone Russia, Ukraine, and Belarus host the largest number of websites, respectively. Bulgaria was included in this study as this nation is the birthplace of Cyrillic script and linguistic trends in this country are therefore significant to the international Cyrillic orthographic community as a whole. We excluded Serbia and Montenegro from this experiment as, despite the officiality of Cyrillic script, a large proportion of digital communications continue to be written in Latin script. This practice represents an orthographic deviation from our specific target population. For the purposes of data analysis, we compiled participants into three groups: 1. Russian group, 2. Bulgarian group, 3. Bilingual group. The latter represents participants from Belarus and Ukraine, territories where the Russian language is prevalent in professional, educational, and recreational settings, but is also spoken alongside other official languages (Belarussian and Ukrainian, respectively) which may or may not be the primary spoken language of a given participant. B. Simulated Environment This experiment was conducted in a simulated environment as to avoid exposing our participants to any real cyber risks. Participants were presented with both legitimate and illegitimate versions of websites written in their native tongues. Our dataset was created with screenshots of legitimate sites, the same screenshots with only the URL modified to present a high-quality phishing website. The phishing URLS were characterized by homoglyphs and/or short hamming distances. To provide controls to the participants we bitmapped the login variants and back button to make these parts of the site clickable. We instructed participants to click the login feature in any of its possible forms (вход, войти, регистрация) if the site appeared to be legitimate. When participants were presented with a site they deemed to be illegitimate, we asked them to click the back button, which is universally represented. We detail the procedure in the following section. C. Experiment Procedure In order to take part in the study, participants needed to be at least 18 years of age and nationals of one of Belarus, Bulgaria, the Russian Federation, or Ukraine, and a native speaker of Russian or Bulgarian. Initially, participants were presented with a study information sheet (SIS) and, after agreeing to participate in the study, we requested basic demographic information including an email address so as to track their responses throughout the experiment, as well as to ensure participants could participate in the study only once. Upon the collection of demographic information, participants proceeded to a BART (Balloon Analog Risk Task) experiment (Lejuez 2002). The BART was used to measure participants’ risk-taking behavior prior to recording any results from the simulated environment, instructions to which were provided upon completion of the BART test. In order to test participants’ comprehension and ensure they understood the procedures of the experimental task, we included a series of confirmation questions addressing the experiment controls, single attempt policy, and time penalty. Upon completing these comprehension questions the experimental task began and participants were presented with a series of ten websites in their native languages. Upon completion of the experimental phishing task, participants proceeded to a final survey, which collected information pertaining to website familiarity, security knowledge, computer expertise, and website risk assessment behavior. These questions are available in the appendix in an English translation. D. Recruitment This initial experiment was designed to include a payment for participants based on the time taken to complete the experiment. The practice of the research group is to provide a living wage rate of $ 15 an hour. The initial IRB approval occurred in February 2022. Immediately after the approval, sanctions were placed on Russia. Due to an inability to prove that no participants were Russian nationals, the university counsel required that the IRB be resubmitted with no payments. As a result all of our participants are volunteers recruited using emails and snowball sampling. IV. RESULTS Our results and analysis address the five research questions listed in Section I. The variables utilized to address our research questions are phishing, technical expertise (i.e., certificate, computer security, and general computing knowledge), website familiarity, risk assessment behaviors, and overall phishing resilience levels, respectively. We conduct statistical tests to identify differences between COZ group countries. We examine participants’ ability to recognize legitimate and illegitimate sites and analyze any significant differences between COZ group countries. In Section V we compare the COZ group results with those from a previous study conducted with participants from the Five Eyes (Camp, 2021). A. Cyber Model Comparison The overall results of this study generally support the fundamental assumption of the cyber health model in that we identified significant similarities in the populations. Recall R1: Can the cyber model used for measuring phishing resilience in the Five Eyes provide insight into resilience in the COZ? , as well R2: To what degree is phishing resilience similarity or different between the COZ countries and how do these levels compare to those of the Five Eyes? A detailed comparative analysis of the independent variables utilized in this study shows that behavioral factors remain relatively consistent across our two target socio-cultural groups. B. Differences in Phishing and Security Certificate Knowledge To address our third research question, Does computer security expertise, particularly knowledge and skills related to measures designed to prevent phishing, influence phishing resiliency in COZ countries? Is this different from previous results from the Five Eye countries? , we asked participants to respond to a series of questions designed to gauge their level of computer security expertise. This series of questions was presented as part of the post-experimental survey so that the questions posed would not bias the results of the primary experiment task. The first two questions address participants’ knowledge of phishing and security certificates (questions 1 and 2 in the appendix). These measures were previously developed for measures of technical expertise specifically for use in computer security research (Alkhozae 2011 ). Below each question we listed a series of multiple choice answers and asked participants to choose all possible correct responses. In order to account for partially correct responses, we calculated the final phishing and certificate knowledge score with the following formula: (#CorrectOptionsSelected + 1) /(#WrongOptionsSelected + 1). The same method was proposed in the development of a similar security expertise measure (Rajivan 2017), and was used in the Five Eyes study (Camp, 2021). The distribution shows that phishing and certificate knowledge is rather low across the COZ group. We conducted one-way ANOVA tests to see if the distributions for phishing and certificate knowledge were significantly different amongst the three divisions of the COZ group. The results show that levels of phishing (F-value: 1.38, p-value: 0.117) and certificate knowledge (F-value: 2.85, p-value: 0.071) were not significantly different amongst the COZ group. As a result of the lack of variability in the participants’ security and privacy expertise we can neither reject nor accept the hypothesis that expertise plays the same role in phishing resilience in the two compared socio-cultural groups. C. Differences in Security Knowledge and Computer Expertise The following three questions address participants’ knowledge of general computer security knowledge. Participants were awarded one point for each correctly answered security knowledge question. The final results show that participants from all regions of the COZ group received low computer security knowledge scores. The results of the one-way ANOVA test show that general security knowledge is not significantly different amongst the COZ group: F-value: 1.38, p-value: 0.263. The final set of questions address participants’ level of computer expertise. While the previous questions listed a set of multiple choice answers, the final seven questions of the post-experimental survey (questions 6–11 in the Appendix) were framed as a series of computer tasks, with an option to respond either “yes” or “no”. As described in previous related work, we calculated a score for computer expertise by tallying the sum of affirmative responses per participant. The results of the one-way ANOVA test show that the differences of computer expertise are significant amongst the COZ group: F-value: 3.35, p-value: 0.045. Following the one-way ANOVA test we conducted pair-wise t-tests, which showed that differences is computer expertise are significantly different between the Russian and Bulgarian groups (t:1.800, p-value: 0.05). The Russian group shows a higher mean (µ = 1.80) comparative to the Bulgarian group (µ = 0.40). Similarly, the bilingual group, consisting of participants from Belarus and Ukraine, shows a higher mean (µ = 2.00) in comparison to the Bulgarian group (µ = 0.40). D. Differences in Website Familiarity Participants were shown a series of ten websites during the principal experiment task. Within the post-experimental survey, we asked participants to report their level of familiarity with each of the websites shown. These questions are designed to gain insights into any relationships between website familiarity and phishing resilience and provide and answer to research question four: Does website familiarity in COZ countries affect one’s ability to identify illegitimate sites at the same rate as in Five Eye countries? To compare distributions of website familiarity among the COZ group, we conducted a one-way ANOVA test. The results of this test show that levels of website familiarity are not significantly different among the COZ group: (F-value: 1.35, p-value: 0.27). E. Differences in Risk Assessment Behavior Research question five was, does risk assessment behavior vary across COZ countries and between COZ and the Five Eyes? To answer this question, we presented participants with a variety of computer security indicators (https, lock icon, certificates, type of website, professional appearance, and privacy policy). We asked participants to indicate which of the listed indicators they use when determining whether or not to enter their username and password on a particular website. We conducted a Kruskal-Wallis test to measure the frequency of selected risk indicators amongst the COZ group. We found that differences in the risk indicators are significantly different amongst the COZ group (p-value 0.033). The results from our analysis show that, while the presence of HTTPS is the most frequently selected indicator of security amongst all divisions of the COZ group, this indicator was selected more frequently amongst the Russian and bilingual Belarussian, Ukrainian groups (74% and 80%, respectively). The Bulgarian group, however, indicated HTTPS as a security indicator at the rate of 50%. Additionally, our results show that the professional appearance of a website is more frequently considered an indicator of security within the bilingual Belarussian, Ukrainian division, where 60% of respondents selected this indicator versus 17% and 21% of respondents from the Bulgarian and Russian divisions, respectively. F. Differences in Phishing Resilience We define phishing resilience as the ability to accurately identify legitimate, safe websites, as well as unsafe, phishing websites. The principal task of this experiment consisted of presenting participants with five legitimate and five illegitimate (phishing) sites in a simulated environment. We asked participants to view each simulated site and click the login variant for those sites which seemed legitimate. For those sites which seemed illegitimate, we asked the participants to click the back button. We recorded these actions pertaining to all ten websites for each participant in the experiment in order to gauge the participants’ ability to accurately discern between phishing and legitimate websites. We calculated a resiliency score by computing the fraction of login actions over the total number of legitimate sites presented and the fraction of back actions over the total number of phished sites presented. Higher scores indicate a greater resiliency to phishing. In order to identify any differences in phishing resiliency across the COZ group, we conducted a one-way ANOVA test followed by pairwise t-tests. Our results show that phishing resiliency levels are not significantly different amongst the COZ group (F-value: 0.85, p-value: 0.43). The results from the pairwise t-tests are as follows: Russian division (µ = 6.7), Bulgarian division (µ = 6.2), and the bilingual Belarussian, Ukrainian division (µ = 6.4). V. DISCUSSION AND IMPLICATIONS Our primary goal in this study is to shed light upon the degree to which assumptions of cybersecurity decision-making are consistent across two culturally and linguistically different groups. We have replicated a study conducted in the Five Eyes, the intelligence sharing alliance of anglophone nations (Australia, Canada, New Zealand, United Kingdom, and the United States), with another historically, culturally, and linguistically close group of nations, which we refer to as part of the Cyrillic Orthographic Zone (Belarus, Bulgaria, Russia, and Ukraine). Recall the first research question was if the model used for measuring phishing resilience in the Five Eyes provides insight into resilience in the COZ? Our overall results suggest that models of economic and health behaviors can generally be applied to computer security though applying a cyber resilience model based in health designed specifically for the Five Eyes to the Cyrillic Orthographic Zone. Despite the many cultural and linguistic differences between our two human study groups, there are few occurrences where our data suggest the security decision making varies greatly between two groups of people pertaining to separate spheres of social and cultural influence when examining which factors impinge these decisions. Recall that the cyber health model focused on expertise and familiarity. While the overall resilience is quite different, we do not reject the cyber health model described by Camp et al. In measuring human resilience in the face of the global epidemiology of cyber attacks (Camp 2014). The following table compares the results of our statistical tests, analyzing the factors we used to measure phishing resilience among both groups: Five Eyes F-value p-value Phishing Knowledge 1.86 0.12 Certificate Knowledge 0.76 0.55 General Security Knowledge 1.34 0.26 Computer Expertise 2.90 0.02 Website Familiarity 0.57 0.68 COZ F-value p-value Phishing Knowledge 1.38 0.12 Certificate Knowledge 2.85 0.07 General Security Knowledge 1.38 0.26 Computer Expertise 3.35 0.04 Website Familiarity 1.68 0.20 The only difference in significant factors is certificate knowledge; there was not adequate variance in certificate knowledge in the COZ populations for this to be a straight-forward comparison. For all other factors, significance and insignificance were consistent. We expect to see correspondence within the responses from singular participants, i.e. a particular participant may be less accurate than another. We also expect to see correspondence within the responses of participants from the same region, i.e. a certain degree of consistency among all Bulgarian participants. The second research question of this study addresses the level of phishing resiliency of the COZ group as a whole. To what degree is phishing resilience similar or different between the COZ countries and how do these levels compare to those of the Five Eyes? We can compare these findings with those of the Five Eyes group. Overall, the high-level factors had the same significance or lack of significance. Phishing and certificate knowledge was not, in the aggregate, significant in either case nor was general security knowledge. In order to illustrate certain correlations amongst all COZ group participants, we organized a table of ANOVA test results to compare the final phishing resilience scores with the following variables: age, education level, phishing & certificate knowledge, general security knowledge, site familiarity, and the six security indicators listed in Section E of Part IV. The original study conducted within the Five Eyes countries shows that age, phishing knowledge, general security knowledge, site familiarity, and the lock icon impact participants’ ability to correctly identify legitimate websites. Additionally, age and computer expertise also impact the ability to correctly identify phishing websites among the Five Eyes group. The results from the COZ group show that, as within the Five Eyes group, both general security knowledge and attention to the lock icon significantly impacted participants’ ability to accurately identify legitimate websites. However, our results also show that none of the factors had a significant impact on participants’ ability to identify phishing sites. The following table outlines the factors impacting phishing resiliency within the COZ group: Five Eyes COZ F-value p-value F-value p-value Phishing Knowledge 1.86 0.12 1.38 0.12 Certificate Knowledge 0.76 0.55 2.85 0.07 General Security Knowledge 1.34 0.26 1.38 0.26 Computer Expertise 2.90 0.02 3.35 0.04 Website Familiarity 0.57 0.68 1.68 0.20 Phishing Resilience 2.90 0.03 0.85 0.43 After this further analysis of the cross-regional study results, we can address the specific research questions. RQ1: Results from this comparative study show that there is a degree of correlation between underlying factors of phishing resilience between the two target socio-cultural groups. Not all underlying factors of phishing resilience play the same role in the COZ as they do in the Five Eyes. However, there are significant general tendencies amongst the two groups that support the assumptions of a common cyber health model. RQ2: We saw that phishing resiliency levels are significantly different within the AFE group between the United Kingdom and Australia. Participants from those nations also had significant differences in expertise. Resiliency levels among the remaining countries in the Five Eyes group were not significantly different. Similarly, we did not find any significant difference between phishing resiliency levels amongst the COZ group, nor were there large differences in expertise. RQ3: Computer security expertise is uncommon amongst the general population in both the AFE and COZ groups. However, individuals with higher levels of expertise in general computer security from both the Five Eyes and COZ groups were more accurately able to identify legitimate websites. RQ4: We saw that participants’ familiarity with the sites presented in the simulated environment increased the chances of identifying legitimate sites in the Five Eyes group. However, site familiarity did not have a significant impact on the ability of participants from the COZ group to identify a legitimate site. RQ5: Regardless of socio-cultural background, participants show broadly similar risk assessment behaviors. Participants from both the Five Eyes and COZ groups specified that HTTPS and the presence of a lock icon are the most frequently identified indicators of site security. Furthermore, participants from both cultural groups who pay close attention to the lock icon show significantly higher accuracy in identifying legitimate websites. Phishing is a common form of cybercrime that occurs throughout the world. By repeating a risk perception and phishing resiliency test with a different cultural group, the present study offers insights into how internet users from different socio-cultural backgrounds interpret, interact with, and respond to a common threat. While the results were not identical among the two target populations, we find that the outcomes of these experiments could offer constructive contributions to practices incorporating health modeling to cybersecurity. Our results can inform research in security decision making, collective defense, and design of collective or individual phishing interventions. LIMITATIONS & FUTURE WORK As a result of the timing of this work, the researchers were unable to recruit and pay participants in the nations where we sought participants. This was noted in the preceding recruitment section. The impact of the conflict on risk perceptions also cannot be measured until the end of hostilities. Specifically, the study kept the use of Russian for Ukrainian participants. We cannot reject the possibility that attitudes towards Russian language websites influenced the results. A larger scale work after the resumption of normal peacetime trade may result in either more significant findings or fail to reify these results. The experimental harness and study dataset is available for reuse on GitHub: https://github.com/vaibhav201297/PhishUpwork Our research provides a test of the global applicability of both the cyber health model and the generalizability of the experimental platform developed by Kelley et al. For future work we seek collaborators to implement comparative studies in Sino-Tibetan, Turkic, Semitic, and other Indo-European linguistic groups. VII. CONCLUSION We conducted a comparative study with participants from Slavic countries within the Cyrillic Orthographic Zone. The study was designed to complement previous work in the field of cyber risk perception conducted in the intelligence-sharing alliance of Anglosphere nations known as the Five Eyes. We explored the degree to which the results from the COZ are correspond to those obtained in the original study among Five Eye countries. The ultimate goal of this comparison is to provide evidence for or against the application of a model of cybersecurity decision making based on public health. Human biology remains the same when combatting threats such as physical disease, is there consistency in the socio-cultural factors that impinge cyber resilience? Key findings from this comparative study are that risk assessment behaviors do not vary greatly amongst cultural groups. In particular, HTTPS and the presence of a lock icon represent the most significant factors in risk assessment, independent of one's nationality. One of the most intriguing findings is that while greater website familiarity has been found to correlate to an increased ability to identify a legitimate website amongst the Five Eyes group, the same tendency does not occur amongst the COZ participants. Some factors cannot be compared, possibly because of the differences in historical adoption. One important factor to note for global resilience is that computer security expertise is not common amongst the general population regardless of socio-cultural background. While we can reject the hypotheses that all underlying factors in phishing resilience in the Five Eyes have the same effect in the COZ, we cannot reject the overall hypothesis that a cyber health model could be applicable using a subset of indicators of resilience. Similarly, general trends in cyber risk assessment behaviors suggest more commonalities than differences amongst varying socio-cultural groups. Declarations AUTHOR CONTRIBUTIONS The following authors contributed equally to this work: Author 1, Author 2, Author 3, and Author 4. The following author jointly supervised this work: Author 5. Author contributions include: Author 1: conceptualization, data analysis, editing/review, methodology original draft. Author 3: conceptualization, data analysis, editing/review, original draft, participant recruitment, translations. Author 2: coding. Author 4: coding. Author 5: conceptualization, participant recruitment. ETHICS DECLARATIONS The authors of this work declare no conflicts of interest. Approval for all procedures conducted in this study was obtained by the Human Research Protection Program Indiana University Institutional Review Board (IRB#1707304414) on 29/11/2020. We confirm that all research was performed in accordance with relevant guidelines and regulations applicable when human subjects are involved specifically as defined by the Belmont Report in accordance with additional guidance U.S. Department of Health and Human services, Office for Human Research Protections (OHRP), and the US National Science Foundation. The datasets used to produce the results of this study are anonymized. Informed consent was obtained by all participants, who verified their age and agreement to participate in the study at the beginning of the initial demographic survey. Informed consent was obtained by participants between 1/4/2023 and 1/7/2023. References Alkhozae, Mona Ghotaish, and Omar Abdullah Batarfi. \"Phishing websites detection based on phishing characteristics in the webpage source code.\" International Journal of Information and Communication Technology Research 1.6 (2011). Camp, J., S. Das, J. Dev, M. Grobler, and D. Kim, “Cross-national study on phishing resilience,” In Proceedings of the Workshop on Usable Security and Privacy (USEC), 2021. Camp, L. Jean, et al. \"Measuring human resilience in the face of the global epidemiology of cyber attacks.\" Proceedings of the 52nd Hawaii International Conference on System Sciences . 2019. Camp, L. Jean, et al. \"Measuring human resilience in the face of the global epidemiology of cyber attacks.\" (2019). Chaudhry, Junaid Ahsenali, Shafique Ahmad Chaudhry, and Robert G. Rittenhouse. \"Phishing attacks and defenses.\" International Journal of Security and Its Applications 10.1 (2016): 247-256. C. W. Choo, “Information culture and organizational effectiveness,” International Journal of Information Management, vol. 33, no. 5, pp. 775–779, 2013. L. Cranor, J. Downs, and M. Holbrook, “Decision Strategies and Susceptibility to Phishing”, Proceedings of the second symposium on Usable privacy and security, 2006. Das, Sanchari, et al. \"All about phishing: Exploring user research through a systematic literature review.\" arXiv preprint arXiv:1908.05897 (2019). Desolda, Giuseppe, et al. \"Human factors in phishing attacks: a systematic literature review.\" ACM Computing Surveys (CSUR)54.8 (2021): 1-35. Dykstra, Josiah, et al. \"Position Paper: Evaluating Analogies and Applying Public Health Models for Cybersecurity.\" Proceedings of the 2024 Workshop on Cybersecurity in Healthcare . 2023. Egelman, Serge, Lorrie Faith Cranor, and Jason Hong. \"You've been warned: an empirical study of the effectiveness of web browser phishing warnings.\" Proceedings of the SIGCHI Conference on Human Factors in Computing Systems . 2008. Ermakova, L. “Spam and phishing detection in various languages,” International Journal “Information Technologies and Knowledge”, Vol. 4, Number 3, 2010. Flores, Waldo Rocha, et al. \"Investigating personal determinants of phishing and the effect of national culture.\" Information & Computer Security (2015). Garg, Vaibhav, Thomas Koster, and Linda Jean Camp. \"Cross-country analysis of spambots.\" EURASIP Journal on Information Security 2013 (2013): 1-13. T. Kelley and B. I. Bertenthal, “Attention and past behavior, not security knowledge, modulate users’ decisions to login to insecure websites,” Information & Computer Security , 2016. Krebs, B., 2014. Spam nation: The inside story of organized cybercrime-from global epidemic to your front door. Sourcebooks, Inc. C. W. Lejuez, J. P. Read, C. W. Kahler, J. B. Richards, S. E. Ramsey, G. L. Stuart, D. R. Strong, and R. A. Brown, “Evaluation of a behavioral measure of risk taking: the balloon analogue risk task (bart).” Journal of Experimental Psychology: Applied , vol. 8, no. 2, p. 75, 2002. S. Purkait, “Phishing counter measures and their effectiveness – literature review”, Information Management & Computer Security, Volume 20 Issue 5, 2012. Rajivan, Prashanth, et al. “Factors in an end user security expertise instrument”, Information & Computer Security , 2017. Rajivan, Prashanth, et al. \"What Can Johnny Do?–Factors in an End-User Expertise Instrument.\" HAISA . 2016. Sample, C. “Culture and cyber behaviors: DNS defending,” Journal of Information Warfare Vol. 14, No. 4, 2015. Sheng, Steve, et al. \"Who falls for phish? A demographic analysis of phishing susceptibility and effectiveness of interventions.\" Proceedings of the SIGCHI conference on human factors in computing systems . 2010. Shostack, Adam, and Josiah Dykstra. \"Handling Pandemic-Scale Cyber Threats: Lessons from COVID-19.\" arXiv preprint arXiv:2408.08417 (2024). Wolk, R. The effects of English language dominance of the internet and the digital divide. 2004 International Symposium on Technology and Society (IEEE Cat. No. 04CH37548). IEEE, 2004. Zhuo, Sijie, et al. \"SoK: Human-Centered Phishing Susceptibility.\" arXiv preprint arXiv:2202.07905 (2022). Deryugin, Roman Aleksandrovich. “Kiberprestupnost’ v Rossii: sovremennoe sostoyanie i aktual’nye problemy.” Vestnik ural’skogo yuridicheskogo instituta MVD Rossii 2 (2019): 46-49. Kuznetsov, Maksim Valer’evich. Sotsial’naya injeneriya i sotsial’nye hakery. BHV-Petersburg, 2007. Starostenko, Oleg Aleksandrovich. \"Priroda i sposoby soversheniya moshennichestva s ispol’zovaniem informatsionno-telekommunikatsionnyh tehnologij.” Vestnik Udmurtskogo universiteta Seriya “Ekonomika i pravo” 30.4 (2020): 576-582. Yangaeva, Mariya Olegnova. \"Sotsial’naya injeneriya kak sposob soversheniya kiberprestuplenij.\" Vestnik Siberskogo yuridicheskogo instituta MVD Rossii 1 (42) (2021): 133-138. Additional Declarations No competing interests reported. Supplementary Files Appendix.docx Cite Share Download PDF Status: Under Review Version 1 posted Reviewers agreed at journal 30 Jan, 2026 Reviews received at journal 28 Jan, 2026 Reviewers agreed at journal 22 Dec, 2025 Reviewers agreed at journal 16 Dec, 2025 Reviewers invited by journal 11 Sep, 2025 Editor invited by journal 05 Sep, 2025 Editor assigned by journal 08 Jun, 2025 Submission checks completed at journal 03 Jun, 2025 First submitted to journal 20 May, 2025 You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {\"props\":{\"pageProps\":{\"initialData\":{\"identity\":\"rs-6706255\",\"acceptedTermsAndConditions\":true,\"allowDirectSubmit\":false,\"archivedVersions\":[],\"articleType\":\"Article\",\"associatedPublications\":[],\"authors\":[{\"id\":514574156,\"identity\":\"b5ea4921-548b-46ad-9cc3-a371f07b7697\",\"order_by\":0,\"name\":\"William Smeal\",\"email\":\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAm0lEQVRIiWNgGAWjYNCCAhseECVBghaDNNK1HGYgXovB+dOJD34YnJcxOMB88DYPUVpu5G427DG4zWNwgC3ZmigtZjd4t0nwgLXwmEkTp+X82e0//xicA2rh/0aklgO525hBVgARG3Fa7IF+kZYxSOaRPMxmbDmHGC2S/Wc3fnxTYWfPd7z54Y03xGhBAGbSlI+CUTAKRsEowAcA4BcuMH6/sLkAAAAASUVORK5CYII=\",\"orcid\":\"\",\"institution\":\"Indiana University Bloomington\",\"correspondingAuthor\":true,\"prefix\":\"\",\"firstName\":\"William\",\"middleName\":\"\",\"lastName\":\"Smeal\",\"suffix\":\"\"},{\"id\":514574157,\"identity\":\"92462ede-57ff-483d-b18b-f5ecaac42873\",\"order_by\":1,\"name\":\"L. Jean Camp\",\"email\":\"\",\"orcid\":\"\",\"institution\":\"Indiana University Bloomington\",\"correspondingAuthor\":false,\"prefix\":\"\",\"firstName\":\"L.\",\"middleName\":\"Jean\",\"lastName\":\"Camp\",\"suffix\":\"\"},{\"id\":514574159,\"identity\":\"0d9555b7-b6ac-48f0-a7f8-3122b6f093f5\",\"order_by\":2,\"name\":\"Yash Kumar\",\"email\":\"\",\"orcid\":\"\",\"institution\":\"Indiana University Bloomington\",\"correspondingAuthor\":false,\"prefix\":\"\",\"firstName\":\"Yash\",\"middleName\":\"\",\"lastName\":\"Kumar\",\"suffix\":\"\"},{\"id\":514574160,\"identity\":\"dfe5720e-6631-4b24-9bb6-6014522ab54a\",\"order_by\":3,\"name\":\"Vaibhav Vishwanath\",\"email\":\"\",\"orcid\":\"\",\"institution\":\"Indiana University Bloomington\",\"correspondingAuthor\":false,\"prefix\":\"\",\"firstName\":\"Vaibhav\",\"middleName\":\"\",\"lastName\":\"Vishwanath\",\"suffix\":\"\"},{\"id\":514574161,\"identity\":\"39f51437-1e3e-4077-a264-a9c43bc694b0\",\"order_by\":4,\"name\":\"Mihai Mihai Paunescu\",\"email\":\"\",\"orcid\":\"\",\"institution\":\"National School of Political Science and Public Administration\",\"correspondingAuthor\":false,\"prefix\":\"\",\"firstName\":\"Mihai\",\"middleName\":\"Mihai\",\"lastName\":\"Paunescu\",\"suffix\":\"\"}],\"badges\":[],\"createdAt\":\"2025-05-20 09:38:55\",\"currentVersionCode\":1,\"declarations\":\"\",\"doi\":\"10.21203/rs.3.rs-6706255/v1\",\"doiUrl\":\"https://doi.org/10.21203/rs.3.rs-6706255/v1\",\"draftVersion\":[],\"editorialEvents\":[],\"editorialNote\":\"\",\"failedWorkflow\":false,\"files\":[{\"id\":91818646,\"identity\":\"37efc343-9498-4af7-84e4-7cb0ce9fc73d\",\"added_by\":\"auto\",\"created_at\":\"2025-09-22 07:04:58\",\"extension\":\"svg\",\"order_by\":0,\"title\":\"\",\"display\":\"\",\"copyAsset\":false,\"role\":\"acdc-reference\",\"size\":17620,\"visible\":true,\"origin\":\"\",\"legend\":\"\",\"description\":\"\",\"filename\":\"CertificateKnowledgefig3.svg\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-6706255/v1/2cb76f314f65391dbe15ec61.svg\"},{\"id\":91818666,\"identity\":\"3743eec1-0b7c-4286-8397-f2e5c884722d\",\"added_by\":\"auto\",\"created_at\":\"2025-09-22 07:05:02\",\"extension\":\"docx\",\"order_by\":1,\"title\":\"\",\"display\":\"\",\"copyAsset\":false,\"role\":\"acdc-reference\",\"size\":73659,\"visible\":true,\"origin\":\"\",\"legend\":\"\",\"description\":\"\",\"filename\":\"CyrillicPhishPaperNatureSubmission1.docx\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-6706255/v1/ebc67d510dfab77578b818ca.docx\"},{\"id\":91818739,\"identity\":\"71a244c1-8027-4e02-ad0b-78b80ede0111\",\"added_by\":\"auto\",\"created_at\":\"2025-09-22 07:05:08\",\"extension\":\"svg\",\"order_by\":2,\"title\":\"\",\"display\":\"\",\"copyAsset\":false,\"role\":\"acdc-reference\",\"size\":15594,\"visible\":true,\"origin\":\"\",\"legend\":\"\",\"description\":\"\",\"filename\":\"Flowchartfig2.svg\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-6706255/v1/95a84e49d1464c92995c0073.svg\"},{\"id\":91818574,\"identity\":\"93e111ee-6089-4733-b9cb-59cb766a0598\",\"added_by\":\"auto\",\"created_at\":\"2025-09-22 07:04:47\",\"extension\":\"svg\",\"order_by\":3,\"title\":\"\",\"display\":\"\",\"copyAsset\":false,\"role\":\"acdc-reference\",\"size\":15465,\"visible\":true,\"origin\":\"\",\"legend\":\"\",\"description\":\"\",\"filename\":\"GeneralSecurityKnowledgefig5.svg\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-6706255/v1/2b450b302f3f2a251922c3f3.svg\"},{\"id\":91818840,\"identity\":\"ec3bf5dc-e306-44db-9ba1-7ac4ca1369c9\",\"added_by\":\"auto\",\"created_at\":\"2025-09-22 07:05:22\",\"extension\":\"svg\",\"order_by\":4,\"title\":\"\",\"display\":\"\",\"copyAsset\":false,\"role\":\"acdc-reference\",\"size\":16405,\"visible\":true,\"origin\":\"\",\"legend\":\"\",\"description\":\"\",\"filename\":\"PhishingKnowledgefig4.svg\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-6706255/v1/8636bfbc4572314de83ecc66.svg\"},{\"id\":91818883,\"identity\":\"68172c53-b4a6-449a-a76b-6551eb6e8bce\",\"added_by\":\"auto\",\"created_at\":\"2025-09-22 07:05:31\",\"extension\":\"svg\",\"order_by\":5,\"title\":\"\",\"display\":\"\",\"copyAsset\":false,\"role\":\"acdc-reference\",\"size\":16621,\"visible\":true,\"origin\":\"\",\"legend\":\"\",\"description\":\"\",\"filename\":\"PhishingResiliencyfig8.svg\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-6706255/v1/4837a9585f3c11f9a16f98e0.svg\"},{\"id\":91818728,\"identity\":\"a55e4d69-eb6e-4755-ab07-2206451d7689\",\"added_by\":\"auto\",\"created_at\":\"2025-09-22 07:05:07\",\"extension\":\"svg\",\"order_by\":6,\"title\":\"\",\"display\":\"\",\"copyAsset\":false,\"role\":\"acdc-reference\",\"size\":12412,\"visible\":true,\"origin\":\"\",\"legend\":\"\",\"description\":\"\",\"filename\":\"RiskAssessmentfig7.svg\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-6706255/v1/f187123b30e74cc8d479975c.svg\"},{\"id\":91818891,\"identity\":\"d07203f3-96e2-408a-95ee-60b1b300e5dc\",\"added_by\":\"auto\",\"created_at\":\"2025-09-22 07:05:32\",\"extension\":\"svg\",\"order_by\":7,\"title\":\"\",\"display\":\"\",\"copyAsset\":false,\"role\":\"acdc-reference\",\"size\":51399,\"visible\":true,\"origin\":\"\",\"legend\":\"\",\"description\":\"\",\"filename\":\"SiteInstructionsfig1.svg\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-6706255/v1/b2104df0166ce6659d64fa2f.svg\"},{\"id\":91819007,\"identity\":\"8c0c70b5-4434-42eb-9b32-a7f9ce563fb4\",\"added_by\":\"auto\",\"created_at\":\"2025-09-22 07:05:49\",\"extension\":\"svg\",\"order_by\":8,\"title\":\"\",\"display\":\"\",\"copyAsset\":false,\"role\":\"acdc-reference\",\"size\":18300,\"visible\":true,\"origin\":\"\",\"legend\":\"\",\"description\":\"\",\"filename\":\"WebsiteFamiliarityfig6.svg\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-6706255/v1/86ba69ed7831528417c73b15.svg\"},{\"id\":91818885,\"identity\":\"70a46b6f-f1b5-4d34-bc6c-8cac4062276f\",\"added_by\":\"auto\",\"created_at\":\"2025-09-22 07:05:32\",\"extension\":\"json\",\"order_by\":9,\"title\":\"\",\"display\":\"\",\"copyAsset\":false,\"role\":\"acdc-reference\",\"size\":6556,\"visible\":true,\"origin\":\"\",\"legend\":\"\",\"description\":\"\",\"filename\":\"3dbe84a8c43f4dd5be70fe3006bfff00.json\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-6706255/v1/e57eb9826c57a20640fecf5e.json\"},{\"id\":91818619,\"identity\":\"5ae32d7c-fc6c-4bee-9cb6-774517d35856\",\"added_by\":\"auto\",\"created_at\":\"2025-09-22 07:04:52\",\"extension\":\"docx\",\"order_by\":10,\"title\":\"\",\"display\":\"\",\"copyAsset\":false,\"role\":\"acdc-reference\",\"size\":16588,\"visible\":true,\"origin\":\"\",\"legend\":\"\",\"description\":\"\",\"filename\":\"Appendix.docx\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-6706255/v1/67b0ec116a9f408b4f6f7371.docx\"},{\"id\":91818746,\"identity\":\"5180875d-8e5e-4f24-bbb3-b42e90557e55\",\"added_by\":\"auto\",\"created_at\":\"2025-09-22 07:05:10\",\"extension\":\"xml\",\"order_by\":11,\"title\":\"\",\"display\":\"\",\"copyAsset\":false,\"role\":\"acdc-reference\",\"size\":86601,\"visible\":true,\"origin\":\"\",\"legend\":\"\",\"description\":\"\",\"filename\":\"3dbe84a8c43f4dd5be70fe3006bfff001enriched.xml\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-6706255/v1/a53986ebec2cab5cd3fde86d.xml\"},{\"id\":91818718,\"identity\":\"767558af-dd4c-4679-8a59-1f9dff576966\",\"added_by\":\"auto\",\"created_at\":\"2025-09-22 07:05:06\",\"extension\":\"svg\",\"order_by\":12,\"title\":\"\",\"display\":\"\",\"copyAsset\":false,\"role\":\"acdc-reference\",\"size\":17620,\"visible\":true,\"origin\":\"\",\"legend\":\"\",\"description\":\"\",\"filename\":\"CertificateKnowledgefig3.svg\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-6706255/v1/dd418ae64666c256d3badea8.svg\"},{\"id\":91819010,\"identity\":\"94e3cefd-95c6-4fcd-9e40-39a4b5eecfab\",\"added_by\":\"auto\",\"created_at\":\"2025-09-22 07:05:50\",\"extension\":\"svg\",\"order_by\":13,\"title\":\"\",\"display\":\"\",\"copyAsset\":false,\"role\":\"acdc-reference\",\"size\":15594,\"visible\":true,\"origin\":\"\",\"legend\":\"\",\"description\":\"\",\"filename\":\"Flowchartfig2.svg\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-6706255/v1/fd31a75048a0f6f0940fc654.svg\"},{\"id\":91818756,\"identity\":\"98ab2b8a-eef9-40f9-a842-751f867c6af5\",\"added_by\":\"auto\",\"created_at\":\"2025-09-22 07:05:12\",\"extension\":\"svg\",\"order_by\":14,\"title\":\"\",\"display\":\"\",\"copyAsset\":false,\"role\":\"acdc-reference\",\"size\":15465,\"visible\":true,\"origin\":\"\",\"legend\":\"\",\"description\":\"\",\"filename\":\"GeneralSecurityKnowledgefig5.svg\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-6706255/v1/03e20d874ade50c3c6c5bd22.svg\"},{\"id\":91818651,\"identity\":\"5896c839-091b-41dc-bd12-5899ace7a4a5\",\"added_by\":\"auto\",\"created_at\":\"2025-09-22 07:05:00\",\"extension\":\"svg\",\"order_by\":15,\"title\":\"\",\"display\":\"\",\"copyAsset\":false,\"role\":\"acdc-reference\",\"size\":16405,\"visible\":true,\"origin\":\"\",\"legend\":\"\",\"description\":\"\",\"filename\":\"PhishingKnowledgefig4.svg\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-6706255/v1/3e2e12650240d04e515828e2.svg\"},{\"id\":91818893,\"identity\":\"b7d81b22-ee83-4287-8eb7-7cb2cace9d50\",\"added_by\":\"auto\",\"created_at\":\"2025-09-22 07:05:33\",\"extension\":\"svg\",\"order_by\":16,\"title\":\"\",\"display\":\"\",\"copyAsset\":false,\"role\":\"acdc-reference\",\"size\":16621,\"visible\":true,\"origin\":\"\",\"legend\":\"\",\"description\":\"\",\"filename\":\"PhishingResiliencyfig8.svg\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-6706255/v1/9b52e6c3c32b960e749cdf37.svg\"},{\"id\":91818837,\"identity\":\"89f7bb74-40e4-4fad-86bf-47d12b745795\",\"added_by\":\"auto\",\"created_at\":\"2025-09-22 07:05:21\",\"extension\":\"svg\",\"order_by\":17,\"title\":\"\",\"display\":\"\",\"copyAsset\":false,\"role\":\"acdc-reference\",\"size\":12412,\"visible\":true,\"origin\":\"\",\"legend\":\"\",\"description\":\"\",\"filename\":\"RiskAssessmentfig7.svg\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-6706255/v1/6131429bbfd3bea681f96215.svg\"},{\"id\":91818854,\"identity\":\"60c50f33-f8d7-4875-9d22-ef1845298cfd\",\"added_by\":\"auto\",\"created_at\":\"2025-09-22 07:05:26\",\"extension\":\"svg\",\"order_by\":18,\"title\":\"\",\"display\":\"\",\"copyAsset\":false,\"role\":\"acdc-reference\",\"size\":51399,\"visible\":true,\"origin\":\"\",\"legend\":\"\",\"description\":\"\",\"filename\":\"SiteInstructionsfig1.svg\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-6706255/v1/903126424ca1230aed7dad42.svg\"},{\"id\":91818935,\"identity\":\"5bef34c4-ad25-4753-b598-cf911b096b30\",\"added_by\":\"auto\",\"created_at\":\"2025-09-22 07:05:40\",\"extension\":\"svg\",\"order_by\":19,\"title\":\"\",\"display\":\"\",\"copyAsset\":false,\"role\":\"acdc-reference\",\"size\":18300,\"visible\":true,\"origin\":\"\",\"legend\":\"\",\"description\":\"\",\"filename\":\"WebsiteFamiliarityfig6.svg\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-6706255/v1/d508ecaabb24d4f05d22c80a.svg\"},{\"id\":91818842,\"identity\":\"6509eb84-6405-408c-bfda-a559edfa54db\",\"added_by\":\"auto\",\"created_at\":\"2025-09-22 07:05:24\",\"extension\":\"png\",\"order_by\":20,\"title\":\"\",\"display\":\"\",\"copyAsset\":false,\"role\":\"acdc-reference\",\"size\":19088,\"visible\":true,\"origin\":\"\",\"legend\":\"\",\"description\":\"\",\"filename\":\"OnlineCertificateKnowledgefig3.png\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-6706255/v1/82f0364828d001d532039728.png\"},{\"id\":91818617,\"identity\":\"db9eb81b-aab2-4fd3-afdb-e16234fafd5f\",\"added_by\":\"auto\",\"created_at\":\"2025-09-22 07:04:51\",\"extension\":\"png\",\"order_by\":21,\"title\":\"\",\"display\":\"\",\"copyAsset\":false,\"role\":\"acdc-reference\",\"size\":5072,\"visible\":true,\"origin\":\"\",\"legend\":\"\",\"description\":\"\",\"filename\":\"OnlineFlowchartfig2.png\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-6706255/v1/6db711d6057210930bb9bda3.png\"},{\"id\":91818751,\"identity\":\"762715aa-17b6-4f7c-84e9-1c7133441547\",\"added_by\":\"auto\",\"created_at\":\"2025-09-22 07:05:12\",\"extension\":\"png\",\"order_by\":22,\"title\":\"\",\"display\":\"\",\"copyAsset\":false,\"role\":\"acdc-reference\",\"size\":23395,\"visible\":true,\"origin\":\"\",\"legend\":\"\",\"description\":\"\",\"filename\":\"OnlineGeneralSecurityKnowledgefig5.png\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-6706255/v1/ebb191e956a587a7ca357002.png\"},{\"id\":91818753,\"identity\":\"03ee331b-cf7d-4857-b067-ce4ebf8f4e09\",\"added_by\":\"auto\",\"created_at\":\"2025-09-22 07:05:12\",\"extension\":\"png\",\"order_by\":23,\"title\":\"\",\"display\":\"\",\"copyAsset\":false,\"role\":\"acdc-reference\",\"size\":18496,\"visible\":true,\"origin\":\"\",\"legend\":\"\",\"description\":\"\",\"filename\":\"OnlinePhishingKnowledgefig4.png\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-6706255/v1/24ee2d06cf6a39187cb25195.png\"},{\"id\":91818735,\"identity\":\"7eff72d0-eee1-4068-851b-57d699837570\",\"added_by\":\"auto\",\"created_at\":\"2025-09-22 07:05:08\",\"extension\":\"png\",\"order_by\":24,\"title\":\"\",\"display\":\"\",\"copyAsset\":false,\"role\":\"acdc-reference\",\"size\":19341,\"visible\":true,\"origin\":\"\",\"legend\":\"\",\"description\":\"\",\"filename\":\"OnlinePhishingResiliencyfig8.png\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-6706255/v1/b28c7f1c7e7294fe09c444fc.png\"},{\"id\":91818986,\"identity\":\"8db54c95-c72c-4bc6-90c7-a60b110ba6a2\",\"added_by\":\"auto\",\"created_at\":\"2025-09-22 07:05:49\",\"extension\":\"png\",\"order_by\":25,\"title\":\"\",\"display\":\"\",\"copyAsset\":false,\"role\":\"acdc-reference\",\"size\":34547,\"visible\":true,\"origin\":\"\",\"legend\":\"\",\"description\":\"\",\"filename\":\"OnlineRiskAssessmentfig7.png\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-6706255/v1/e700e4808999ffe1259a1d83.png\"},{\"id\":91818633,\"identity\":\"050d96f0-7882-4e01-94f1-b35d4a83eebc\",\"added_by\":\"auto\",\"created_at\":\"2025-09-22 07:04:56\",\"extension\":\"png\",\"order_by\":26,\"title\":\"\",\"display\":\"\",\"copyAsset\":false,\"role\":\"acdc-reference\",\"size\":22650,\"visible\":true,\"origin\":\"\",\"legend\":\"\",\"description\":\"\",\"filename\":\"OnlineSiteInstructionsfig1.png\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-6706255/v1/a4453c8dd76987df61fd513a.png\"},{\"id\":91818851,\"identity\":\"42936d31-cab8-4af8-88f1-6873635f138d\",\"added_by\":\"auto\",\"created_at\":\"2025-09-22 07:05:26\",\"extension\":\"png\",\"order_by\":27,\"title\":\"\",\"display\":\"\",\"copyAsset\":false,\"role\":\"acdc-reference\",\"size\":18245,\"visible\":true,\"origin\":\"\",\"legend\":\"\",\"description\":\"\",\"filename\":\"OnlineWebsiteFamiliarityfig6.png\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-6706255/v1/6c1faff8080388b96308648e.png\"},{\"id\":91818655,\"identity\":\"7f140f14-9c4c-46f6-a7f8-3eb8b36083e2\",\"added_by\":\"auto\",\"created_at\":\"2025-09-22 07:05:01\",\"extension\":\"xml\",\"order_by\":28,\"title\":\"\",\"display\":\"\",\"copyAsset\":false,\"role\":\"acdc-reference\",\"size\":80571,\"visible\":true,\"origin\":\"\",\"legend\":\"\",\"description\":\"\",\"filename\":\"3dbe84a8c43f4dd5be70fe3006bfff001structuring.xml\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-6706255/v1/3ed29741a5220f57bda95983.xml\"},{\"id\":91818714,\"identity\":\"fdaf23e6-87d2-4ddd-a63c-943f0760bfd5\",\"added_by\":\"auto\",\"created_at\":\"2025-09-22 07:05:05\",\"extension\":\"html\",\"order_by\":29,\"title\":\"\",\"display\":\"\",\"copyAsset\":false,\"role\":\"acdc-reference\",\"size\":94005,\"visible\":true,\"origin\":\"\",\"legend\":\"\",\"description\":\"\",\"filename\":\"earlyproof.html\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-6706255/v1/9fa2e985e9fd65a230cbe846.html\"},{\"id\":91818807,\"identity\":\"7e028283-d585-4a3c-a385-58e58bfd1513\",\"added_by\":\"auto\",\"created_at\":\"2025-09-22 07:05:13\",\"extension\":\"png\",\"order_by\":1,\"title\":\"Figure 1\",\"display\":\"\",\"copyAsset\":false,\"role\":\"figure\",\"size\":154871,\"visible\":true,\"origin\":\"\",\"legend\":\"\\u003cp\\u003eScreenshots of the instructions pages of the Anglophone Five Eyes experiment (left) and the COZ experiment (right).\\u003c/p\\u003e\",\"description\":\"\",\"filename\":\"SiteInstructionsfig1.png\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-6706255/v1/4e2b70dcd950e4fde7254e94.png\"},{\"id\":91818865,\"identity\":\"99235995-65ee-4739-a15f-155808845fa5\",\"added_by\":\"auto\",\"created_at\":\"2025-09-22 07:05:29\",\"extension\":\"png\",\"order_by\":2,\"title\":\"Figure 2\",\"display\":\"\",\"copyAsset\":false,\"role\":\"figure\",\"size\":31038,\"visible\":true,\"origin\":\"\",\"legend\":\"\\u003cp\\u003eFlow chart illustrating the steps of the experiment procedure.\\u003c/p\\u003e\",\"description\":\"\",\"filename\":\"Flowchartfig2.png\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-6706255/v1/dee535cbf9121e32af46ff0d.png\"},{\"id\":91819124,\"identity\":\"76e85b57-9728-4737-ac81-8056f1331a64\",\"added_by\":\"auto\",\"created_at\":\"2025-09-22 07:05:52\",\"extension\":\"png\",\"order_by\":3,\"title\":\"Figure 3\",\"display\":\"\",\"copyAsset\":false,\"role\":\"figure\",\"size\":73403,\"visible\":true,\"origin\":\"\",\"legend\":\"\\u003cp\\u003eBoxplot showing the distribution of certificate knowledge.\\u003c/p\\u003e\",\"description\":\"\",\"filename\":\"CertificateKnowledgefig3.png\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-6706255/v1/24fe9225545d66fde75b69e4.png\"},{\"id\":91818569,\"identity\":\"a534cd75-5028-4d8e-87db-7a8df9981c8b\",\"added_by\":\"auto\",\"created_at\":\"2025-09-22 07:04:44\",\"extension\":\"png\",\"order_by\":4,\"title\":\"Figure 4\",\"display\":\"\",\"copyAsset\":false,\"role\":\"figure\",\"size\":76089,\"visible\":true,\"origin\":\"\",\"legend\":\"\\u003cp\\u003eBoxplot showing the distribution of phishing knowledge.\\u003c/p\\u003e\",\"description\":\"\",\"filename\":\"PhishingKnowledgefig4.png\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-6706255/v1/4a8c917518c53a09882838ac.png\"},{\"id\":91818863,\"identity\":\"75d100c5-33f4-4637-bc9e-98ae102be8fa\",\"added_by\":\"auto\",\"created_at\":\"2025-09-22 07:05:28\",\"extension\":\"png\",\"order_by\":5,\"title\":\"Figure 5\",\"display\":\"\",\"copyAsset\":false,\"role\":\"figure\",\"size\":117111,\"visible\":true,\"origin\":\"\",\"legend\":\"\\u003cp\\u003eBoxplot illustrating the distribution of general security knowledge\\u003c/p\\u003e\",\"description\":\"\",\"filename\":\"GeneralSecurityKnowledgefig5.png\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-6706255/v1/50b31cd09aec0ccfb65ef985.png\"},{\"id\":91819123,\"identity\":\"cf62e915-e789-477c-bc54-5d743c2edf2e\",\"added_by\":\"auto\",\"created_at\":\"2025-09-22 07:05:52\",\"extension\":\"png\",\"order_by\":6,\"title\":\"Figure 6\",\"display\":\"\",\"copyAsset\":false,\"role\":\"figure\",\"size\":76177,\"visible\":true,\"origin\":\"\",\"legend\":\"\\u003cp\\u003eBox plot illustrating the distribution of website familiarity.\\u003c/p\\u003e\",\"description\":\"\",\"filename\":\"WebsiteFamiliarityfig6.png\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-6706255/v1/c62121ff04170fecbca38311.png\"},{\"id\":91818635,\"identity\":\"fe1a79df-0c97-42f1-a490-642e6931df4f\",\"added_by\":\"auto\",\"created_at\":\"2025-09-22 07:04:56\",\"extension\":\"png\",\"order_by\":7,\"title\":\"Figure 7\",\"display\":\"\",\"copyAsset\":false,\"role\":\"figure\",\"size\":145377,\"visible\":true,\"origin\":\"\",\"legend\":\"\\u003cp\\u003eCount plot showing the distribution of indicators participants use when determining if a website is legitimate.\\u003c/p\\u003e\",\"description\":\"\",\"filename\":\"RiskAssessmentfig7.png\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-6706255/v1/e8cb93bdaeec5c03aae0a0ce.png\"},{\"id\":91818936,\"identity\":\"98de0970-b61e-40ad-85e2-4778c7c28e6d\",\"added_by\":\"auto\",\"created_at\":\"2025-09-22 07:05:40\",\"extension\":\"png\",\"order_by\":8,\"title\":\"Figure 8\",\"display\":\"\",\"copyAsset\":false,\"role\":\"figure\",\"size\":78655,\"visible\":true,\"origin\":\"\",\"legend\":\"\\u003cp\\u003eBoxplot illustrating the distribution of phishing resiliency scores.\\u003c/p\\u003e\",\"description\":\"\",\"filename\":\"PhishingResiliencyfig8.png\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-6706255/v1/8d51580b6a6105127f0006b5.png\"},{\"id\":91818844,\"identity\":\"d4d189bb-75a3-4528-a4b4-7a28ebb79de8\",\"added_by\":\"auto\",\"created_at\":\"2025-09-22 07:05:24\",\"extension\":\"png\",\"order_by\":9,\"title\":\"Figure 9\",\"display\":\"\",\"copyAsset\":false,\"role\":\"figure\",\"size\":4493,\"visible\":true,\"origin\":\"\",\"legend\":\"\\u003cp\\u003eTable showing a comparison of statistical results between two different socio-cultural groups: the Five Eyes (top) and the COZ (bottom).\\u003c/p\\u003e\",\"description\":\"\",\"filename\":\"9.png\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-6706255/v1/3f823fd344c777ab87397d17.png\"},{\"id\":91818862,\"identity\":\"9c2a2789-2fd4-4608-ae8f-5ed8b974c0cd\",\"added_by\":\"auto\",\"created_at\":\"2025-09-22 07:05:28\",\"extension\":\"png\",\"order_by\":10,\"title\":\"Figure 10\",\"display\":\"\",\"copyAsset\":false,\"role\":\"figure\",\"size\":4493,\"visible\":true,\"origin\":\"\",\"legend\":\"\\u003cp\\u003eTable showing the significance of factors impacting phishing resiliency within the COZ. The similar factors are in bold, those that differ are italicized.\\u003c/p\\u003e\",\"description\":\"\",\"filename\":\"10.png\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-6706255/v1/13cbe1f206d660c13965cbc3.png\"},{\"id\":91819497,\"identity\":\"b41956f2-4f42-4dc9-85da-bcb27fa5e8ff\",\"added_by\":\"auto\",\"created_at\":\"2025-09-22 07:06:56\",\"extension\":\"pdf\",\"order_by\":0,\"title\":\"\",\"display\":\"\",\"copyAsset\":false,\"role\":\"manuscript-pdf\",\"size\":1146950,\"visible\":true,\"origin\":\"\",\"legend\":\"\",\"description\":\"\",\"filename\":\"manuscript.pdf\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-6706255/v1/856f2280-6220-42ec-ad0c-b9cb12c83c1d.pdf\"},{\"id\":91818887,\"identity\":\"5e5eb110-88c2-48ea-b68d-89c85915b65a\",\"added_by\":\"auto\",\"created_at\":\"2025-09-22 07:05:32\",\"extension\":\"docx\",\"order_by\":0,\"title\":\"\",\"display\":\"\",\"copyAsset\":false,\"role\":\"supplement\",\"size\":16588,\"visible\":true,\"origin\":\"\",\"legend\":\"\",\"description\":\"\",\"filename\":\"Appendix.docx\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-6706255/v1/4f30f823e6fda488c19cb928.docx\"}],\"financialInterests\":\"No competing interests reported.\",\"formattedTitle\":\"Phishing resiliency across socio-cultural Spheres: Cyrillic Orthographic Zone versus The Five Eyes\",\"fulltext\":[{\"header\":\"I. Introduction\",\"content\":\"\\u003cp\\u003ePhishing is a common form of cybercrime characterized by deception in order to obtain victims\\u0026rsquo; personal private information such as a Social Security number or banking credentials. Most commonly, phishing attacks take on the form of an email written in such a fashion as to convince the recipient that the sender is trustworthy. Unsuspecting victims of email phishing attacks are typically deceived into performing an action that can provide the attacker with sensitive information, such as opening an embedded link. Phishing emails may also present victims with a deceptive message containing a link to a seemingly legitimate domain name, which, in reality, is controlled by a criminal.\\u003c/p\\u003e\\n\\u003cp\\u003ePhishing is so ubiquitous that there is a $5B global cyber security training market focused solely on teaching individuals how to identify potential phishing attempts. Despite this training and additional technical preventative measures, a large proportion of internet users across the world are still susceptible to phishing attacks (https://dl.acm.org/doi/abs/10.1145/3469886). Our study evaluates phishing resiliency across several countries within the Cyrillic Orthographic Zone (COZ): Belarus, Bulgaria, Russia, and Ukraine, and compares these results with a similar study conducted with participants from the Five Eyes, the Anglophone intelligence alliance consisting of Australia, Canada, New Zealand, the United Kingdom, and the United States. The countries we have chosen share a common linguistic and literary history, representing nations in which the use of Cyrillic script is not only most prominent in cyberspace, but also culturally significant.\\u0026nbsp;\\u003c/p\\u003e\\n\\u003cp\\u003eIn our comparative cross-national phishing resilience study, we seek to address the following research questions. Together these research question address the applicability of a cyber health model to phishing.\\u003c/p\\u003e\\n\\u003cp\\u003eRQ1) Can the cyber model used for measuring phishing resilience in the Five Eyes provide insight into resilience in the COZ?\\u0026nbsp;\\u003c/p\\u003e\\n\\u003cp\\u003eRQ2) To what degree is phishing resilience similar or different between the COZ countries; and how do these countries\\u0026rsquo; results compare to those of the Five Eyes?\\u0026nbsp;\\u003c/p\\u003e\\n\\u003cp\\u003eRQ3) Does computer security expertise, particularly knowledge and skills related to measures designed to prevent phishing, influence phishing resiliency in COZ countries? Is this different from previous results from the Five Eyes countries? If so, what are the differences?\\u003c/p\\u003e\\n\\u003cp\\u003eRQ4) Does website familiarity in COZ countries affect participant ability to identify illegitimate sites? Is this the same as in the Five Eyes countries?\\u003c/p\\u003e\\n\\u003cp\\u003eRQ5) Does risk assessment behavior vary between COZ countries and to what degree to these behavioral trends compare with countries in the Five Eyes?\\u003c/p\\u003e\\n\\u003cp\\u003eFor the purposes of this study, we define phishing resilience as having two components: correctly identifying legitimate websites and correctly distinguishing phishing websites from legitimate sites. \\u0026nbsp;As with many experiments, participants were asked to correctly identify an illegitimate site, where the domain name resembles the imitations cyber criminals typically employ when designing their attacks. Additionally, to measure resilience as opposed to vulnerability, we define phishing resilience as including the ability to correctly identify a legitimate site, where no deceptive changes have been made. Our work has two principle goals. Firstly, we identify not only the similarities and differences in resiliency but also the degree to which, if any, factors which have been shown to impinge resilience in previous research apply to participants from the COZ. Secondly, we identify commonalities and differences between the two populations in terms of socio-cultural traits.\\u003c/p\\u003e\\n\\u003cp\\u003eOur specific findings have expanded the scope of the existing body of literature regarding anti-phishing theory, phishing awareness, and phishing resilience. Beyond the specified research questions, our findings inform the following two open questions. Is a cyber health model appropriate for increasing resilience to phishing? If a cyber health model is appropriate, then arguably the same underlying factors useful in identifying high-risk populations for targeted interventions would apply across different orthographic zones. \\u0026nbsp;So our research also informs the question, \\u0026ldquo;would global or region-specific approaches be more effective in reducing the risk of insecurity brought about by successful phishing attacks?\\u0026rdquo;. To inform these questions we begin with a brief overview of previous research on phishing with a focus on populations within the COZ. Section III outlines the methodology utilized to carry out this cross-national study; referring back to related work to identify the theoretical basis for our choices of factors. Section IV and V detail the results of the statistical tests and offer a comparison to the results of a 2021 study (Camp 2021) (which addressed phishing resiliency in the Five Eyes). We then offer a general conclusion in Section VI. We close with a summary and the results, conclude with limited support for the cyber health model for phishing resilience.\\u0026nbsp;\\u003c/p\\u003e\"},{\"header\":\"II. RELATED WORK\",\"content\":\"\\u003cp\\u003ePhishing is a cybercrime in which illegitimate websites are designed to fool internet users in order to collect users' credentials, personal information, and access to their machines or accounts. Phishing websites are typically designed to resemble legitimate, trustworthy sites. Successful phishing sites create the illusion of security through increasingly sophisticated practices. For example, some phishing attacks involve spoofing a user\\u0026rsquo;s web browser to subvert security warnings and information in URL addresses (Desolda 2021).\\u003c/p\\u003e\\u003cp\\u003eCybersecurity attacks take on three principal natures: physical, syntactic, and semantic. While physical and syntactic attacks target physical computer network infrastructure and software respectively, semantic attacks are based on human interaction with the internet (Choo \\u003cspan citationid=\\\"CR6\\\" class=\\\"CitationRef\\\"\\u003e2013\\u003c/span\\u003e). Phishing attacks are categorized as semantic cybersecurity incidents. Traditionally, cyber criminals have targeted internet users in the English-speaking world (Rajivan 2017). However, phishers have expanded the scope of their attacks to include individual users and companies around the globe, sometimes even carefully crafting their messages for specific linguistic audiences. For example, Ermakova finds that phishing attempts through spam sent to Francophone users are more carefully designed than similar scams sent to Anglophone users. The intricacies of the French verbal system are often employed by phishers in French language spam for semantic purposes to legitimize their offers with correspondences in accordance with standard business French registers (Ermakova \\u003cspan citationid=\\\"CR12\\\" class=\\\"CitationRef\\\"\\u003e2010\\u003c/span\\u003e).\\u003c/p\\u003e\\u003cp\\u003eOne factor influencing ongoing phishing susceptibility is the increasingly elaborate nature of attacks, even as more preventative measures are regularly introduced. An additional factor is the increasingly ubiquitous nature of phishing, which has led to an increase in contact between cyber criminals and the progressively diverse demographics of internet users. As the internet has become commonplace throughout much of the world, phishers have access to users across the globe who possess increasing heterogeneity of technical expertise, cultural understandings, and attitudes towards cybersecurity. Ultimately, human beings are the last line of defense in tackling phishing attacks and a better understanding of human factors is therefore key to advancing studies of phishing susceptibility and resilience (e.g., Kelley \\u003cspan citationid=\\\"CR15\\\" class=\\\"CitationRef\\\"\\u003e2016\\u003c/span\\u003e, Sample, \\u003cspan citationid=\\\"CR21\\\" class=\\\"CitationRef\\\"\\u003e2015\\u003c/span\\u003e). Understanding human factors in phishing requires also understanding cultural and collective resilience.\\u003c/p\\u003e\\u003cp\\u003eRecent global events, particularly the COVID-19 pandemic, have illustrated that certain incidents are capable of affecting the global population as a whole. Incidents such as war and pandemics, though tied to the physical world, illicit international attention and global solutions. Shostack and Dykstra suggest that evaluating responses to globally-significant incidents in the physical world, namely the COVID-19 pandemic, can offer insights into tackling similar issues with global reach in the digital realm (Dykstra 2023, (Shostack, \\u003cspan citationid=\\\"CR23\\\" class=\\\"CitationRef\\\"\\u003e2024\\u003c/span\\u003e). Just as a globally-recognized understanding of human biology and virology was instrumental in organizational responses to the COVID-19 pandemic throughout the world, an increased understanding of how human beings identify, interpret, and react to cyber risks is instrumental in the fight against cybercrime.\\u003c/p\\u003e\\u003cp\\u003eIn a cross-national study, Camp et. al. tested phishing resilience with the goal of identifying commonalities between comparable nationalities, more specifically English-speaking, western, industrialized democracies (Camp 2021). Phishing in the wealthiest Anglophone nations, where phishing emails first developed in an attempt to compromise America Online accounts, is particularly common. This may be driven by the comparatively high population of internet users in English-speaking democracies and the hegemonic status of the English language on the internet (Chaudhry 2016, Sample \\u003cspan citationid=\\\"CR21\\\" class=\\\"CitationRef\\\"\\u003e2015\\u003c/span\\u003e). In part because of the dominance of English and the corresponding economic incentives, phishing and spam in the COZ originated as exports (Krebs \\u003cspan citationid=\\\"CR16\\\" class=\\\"CitationRef\\\"\\u003e2014\\u003c/span\\u003e).\\u003c/p\\u003e\\u003cp\\u003eIn this study, we examine participants from a similarly connected group of nations: Belarus, Bulgaria, the Russian Federation, and Ukraine. Although these nations are not western nor Anglophone, phishing attacks are characterized by similar set of stylistic components as in English-language phishing messages: curiosity, fear, and or empathy (Chaudhry 2016). The focus of this work is on phishing attacks targeting Russian language speakers. Kuznetsov outlines the nature of phishing e-mails targeted at Russian-speaking people, particularly those in the Russian Federation. He begins with the first large scale Cyrillic phishing attack in 2004, where Citi Bank clients received an e-mail requesting their banking credentials and PIN codes be re-entered in order to recover accounts after a \\u0026ldquo;system technical error\\u0026rdquo; (Zhuo 2022). Starostenko discusses the spread of phishing emails containing links to falsely advertised products (Starostenko \\u003cspan citationid=\\\"CR28\\\" class=\\\"CitationRef\\\"\\u003e2020\\u003c/span\\u003e). He documents the prevalence and increase in phishing in COZ.\\u003c/p\\u003e\\u003cp\\u003eCloser to this work, Yangaeva discusses the human factors affecting attack phishing success rates (Yangaeva \\u003cspan citationid=\\\"CR29\\\" class=\\\"CitationRef\\\"\\u003e2021\\u003c/span\\u003e). He reified that the general indicators of phishing outlined by Alkhozae et al. (evaluating phishing characteristics out of the World Wide Web Consortium (W3C) standards to evaluate the security of the websites) are consistent with indicators of phishing discussed in Russian-language literature (Alkhozae \\u003cspan citationid=\\\"CR1\\\" class=\\\"CitationRef\\\"\\u003e2011\\u003c/span\\u003e, Deryugin \\u003cspan citationid=\\\"CR26\\\" class=\\\"CitationRef\\\"\\u003e2019\\u003c/span\\u003e, Kuznetsov \\u003cspan citationid=\\\"CR27\\\" class=\\\"CitationRef\\\"\\u003e2007\\u003c/span\\u003e, Starostenko \\u003cspan citationid=\\\"CR28\\\" class=\\\"CitationRef\\\"\\u003e2020\\u003c/span\\u003e).\\u003c/p\\u003e\\u003cp\\u003eIn summary, previous research has shown that the design of phishing attacks targeting our participant demographics do not largely deviate from those employed in the Five Eyes. In this work, we evaluate the similarities and differences in resilience and the factors underlying resilience.\\u003c/p\\u003e\"},{\"header\":\"III. EXPERIMENT DESIGN\",\"content\":\"\\u003cp\\u003eThis study aims to evaluate the relationship between phishing resilience and those factors identified as being significant in the cyber health model of phishing resilience: demographics, computer knowledge and skills, computer security knowledge, website familiarity, risk tolerance, and risk perception. The participants in this study are native speakers of one or more Slavic, Cyrillic languages from Belarus, Bulgaria, Russia, and Ukraine. We tested their level of phishing resilience in a simulated environment and analyzed the cyber health factors proportionate to their respective levels of resilience.\\u003c/p\\u003e\\u003cp\\u003eA. \\u003cem\\u003eChoice of Countries\\u003c/em\\u003e\\u003c/p\\u003e\\u003cp\\u003eThe countries involved in this experiment were selected because of their unique literary history and linguistic proximity. Within the countries comprising the Cyrillic Orthographic Zone Russia, Ukraine, and Belarus host the largest number of websites, respectively. Bulgaria was included in this study as this nation is the birthplace of Cyrillic script and linguistic trends in this country are therefore significant to the international Cyrillic orthographic community as a whole. We excluded Serbia and Montenegro from this experiment as, despite the officiality of Cyrillic script, a large proportion of digital communications continue to be written in Latin script. This practice represents an orthographic deviation from our specific target population. For the purposes of data analysis, we compiled participants into three groups: 1. Russian group, 2. Bulgarian group, 3. Bilingual group. The latter represents participants from Belarus and Ukraine, territories where the Russian language is prevalent in professional, educational, and recreational settings, but is also spoken alongside other official languages (Belarussian and Ukrainian, respectively) which may or may not be the primary spoken language of a given participant.\\u003c/p\\u003e\\u003cp\\u003eB. \\u003cem\\u003eSimulated Environment\\u003c/em\\u003e\\u003c/p\\u003e\\u003cp\\u003eThis experiment was conducted in a simulated environment as to avoid exposing our participants to any real cyber risks. Participants were presented with both legitimate and illegitimate versions of websites written in their native tongues. Our dataset was created with screenshots of legitimate sites, the same screenshots with only the URL modified to present a high-quality phishing website. The phishing URLS were characterized by homoglyphs and/or short hamming distances.\\u003c/p\\u003e\\u003cp\\u003eTo provide controls to the participants we bitmapped the login variants and back button to make these parts of the site clickable. We instructed participants to click the login feature in any of its possible forms (вход, войти, регистрация) if the site appeared to be legitimate. When participants were presented with a site they deemed to be illegitimate, we asked them to click the back button, which is universally represented. We detail the procedure in the following section.\\u003c/p\\u003e\\u003cp\\u003eC. \\u003cem\\u003eExperiment Procedure\\u003c/em\\u003e\\u003c/p\\u003e\\u003cp\\u003eIn order to take part in the study, participants needed to be at least 18 years of age and nationals of one of Belarus, Bulgaria, the Russian Federation, or Ukraine, and a native speaker of Russian or Bulgarian. Initially, participants were presented with a study information sheet (SIS) and, after agreeing to participate in the study, we requested basic demographic information including an email address so as to track their responses throughout the experiment, as well as to ensure participants could participate in the study only once.\\u003c/p\\u003e\\u003cp\\u003eUpon the collection of demographic information, participants proceeded to a BART (Balloon Analog Risk Task) experiment (Lejuez 2002). The BART was used to measure participants\\u0026rsquo; risk-taking behavior prior to recording any results from the simulated environment, instructions to which were provided upon completion of the BART test. In order to test participants\\u0026rsquo; comprehension and ensure they understood the procedures of the experimental task, we included a series of confirmation questions addressing the experiment controls, single attempt policy, and time penalty. Upon completing these comprehension questions the experimental task began and participants were presented with a series of ten websites in their native languages.\\u003c/p\\u003e\\u003cp\\u003eUpon completion of the experimental phishing task, participants proceeded to a final survey, which collected information pertaining to website familiarity, security knowledge, computer expertise, and website risk assessment behavior. These questions are available in the appendix in an English translation.\\u003c/p\\u003e\\u003cp\\u003eD. \\u003cem\\u003eRecruitment\\u003c/em\\u003e\\u003c/p\\u003e\\u003cp\\u003eThis initial experiment was designed to include a payment for participants based on the time taken to complete the experiment. The practice of the research group is to provide a living wage rate of \\u003cspan\\u003e$\\u003c/span\\u003e15 an hour. The initial IRB approval occurred in February 2022. Immediately after the approval, sanctions were placed on Russia. Due to an inability to prove that no participants were Russian nationals, the university counsel required that the IRB be resubmitted with no payments. As a result all of our participants are volunteers recruited using emails and snowball sampling.\\u003c/p\\u003e\"},{\"header\":\"IV. RESULTS\",\"content\":\"\\u003cp\\u003eOur results and analysis address the five research questions listed in Section I. The variables utilized to address our research questions are phishing, technical expertise (i.e., certificate, computer security, and general computing knowledge), website familiarity, risk assessment behaviors, and overall phishing resilience levels, respectively. We conduct statistical tests to identify differences between COZ group countries. We examine participants’ ability to recognize legitimate and illegitimate sites and analyze any significant differences between COZ group countries. In Section V we compare the COZ group results with those from a previous study conducted with participants from the Five Eyes (Camp, 2021).\\u003c/p\\u003e\\u003cp\\u003eA. \\u003cem\\u003eCyber Model Comparison\\u003c/em\\u003e\\u003c/p\\u003e\\u003cp\\u003eThe overall results of this study generally support the fundamental assumption of the cyber health model in that we identified significant similarities in the populations. Recall R1: \\u003cem\\u003eCan the cyber model used for measuring phishing resilience in the Five Eyes provide insight into resilience in the COZ?\\u003c/em\\u003e, as well R2: \\u003cem\\u003eTo what degree is phishing resilience similarity or different between the COZ countries and how do these levels compare to those of the Five Eyes?\\u003c/em\\u003e A detailed comparative analysis of the independent variables utilized in this study shows that behavioral factors remain relatively consistent across our two target socio-cultural groups.\\u003c/p\\u003e\\u003cp\\u003eB. \\u003cem\\u003eDifferences in Phishing and Security Certificate Knowledge\\u003c/em\\u003e\\u003c/p\\u003e\\u003cp\\u003eTo address our third research question, \\u003cem\\u003eDoes computer security expertise, particularly knowledge and skills related to measures designed to prevent phishing, influence phishing resiliency in COZ countries? Is this different from previous results from the Five Eye countries?\\u003c/em\\u003e, we asked participants to respond to a series of questions designed to gauge their level of computer security expertise. This series of questions was presented as part of the post-experimental survey so that the questions posed would not bias the results of the primary experiment task.\\u003c/p\\u003e\\u003cp\\u003eThe first two questions address participants’ knowledge of phishing and security certificates (questions 1 and 2 in the appendix). These measures were previously developed for measures of technical expertise specifically for use in computer security research (Alkhozae \\u003cspan citationid=\\\"CR1\\\" class=\\\"CitationRef\\\"\\u003e2011\\u003c/span\\u003e). Below each question we listed a series of multiple choice answers and asked participants to choose all possible correct responses. In order to account for partially correct responses, we calculated the final phishing and certificate knowledge score with the following formula: (#CorrectOptionsSelected + 1) /(#WrongOptionsSelected + 1). The same method was proposed in the development of a similar security expertise measure (Rajivan 2017), and was used in the Five Eyes study (Camp, 2021).\\u003c/p\\u003e\\u003cp\\u003eThe distribution shows that phishing and certificate knowledge is rather low across the COZ group. We conducted one-way ANOVA tests to see if the distributions for phishing and certificate knowledge were significantly different amongst the three divisions of the COZ group.\\u003c/p\\u003e\\u003cp\\u003eThe results show that levels of phishing (F-value: 1.38, p-value: 0.117) and certificate knowledge (F-value: 2.85, p-value: 0.071) were not significantly different amongst the COZ group.\\u003c/p\\u003e\\u003cp\\u003eAs a result of the lack of variability in the participants’ security and privacy expertise we can neither reject nor accept the hypothesis that expertise plays the same role in phishing resilience in the two compared socio-cultural groups.\\u003c/p\\u003e\\u003cp\\u003eC. \\u003cem\\u003eDifferences in Security Knowledge and Computer Expertise\\u003c/em\\u003e\\u003c/p\\u003e\\u003cp\\u003eThe following three questions address participants’ knowledge of general computer security knowledge. Participants were awarded one point for each correctly answered security knowledge question. The final results show that participants from all regions of the COZ group received low computer security knowledge scores. The results of the one-way ANOVA test show that general security knowledge is not significantly different amongst the COZ group: F-value: 1.38, p-value: 0.263.\\u003c/p\\u003e\\u003cp\\u003eThe final set of questions address participants’ level of computer expertise. While the previous questions listed a set of multiple choice answers, the final seven questions of the post-experimental survey (questions 6–11 in the Appendix) were framed as a series of computer tasks, with an option to respond either “yes” or “no”. As described in previous related work, we calculated a score for computer expertise by tallying the sum of affirmative responses per participant. The results of the one-way ANOVA test show that the differences of computer expertise are significant amongst the COZ group: F-value: 3.35, p-value: 0.045. Following the one-way ANOVA test we conducted pair-wise t-tests, which showed that differences is computer expertise are significantly different between the Russian and Bulgarian groups (t:1.800, p-value: 0.05). The Russian group shows a higher mean (µ = 1.80) comparative to the Bulgarian group (µ = 0.40). Similarly, the bilingual group, consisting of participants from Belarus and Ukraine, shows a higher mean (µ = 2.00) in comparison to the Bulgarian group (µ = 0.40).\\u003c/p\\u003e\\u003cp\\u003eD. \\u003cem\\u003eDifferences in Website Familiarity\\u003c/em\\u003e\\u003c/p\\u003e\\u003cp\\u003eParticipants were shown a series of ten websites during the principal experiment task. Within the post-experimental survey, we asked participants to report their level of familiarity with each of the websites shown. These questions are designed to gain insights into any relationships between website familiarity and phishing resilience and provide and answer to research question four: \\u003cem\\u003eDoes website familiarity in COZ countries affect one’s ability to identify illegitimate sites at the same rate as in Five Eye countries?\\u003c/em\\u003e To compare distributions of website familiarity among the COZ group, we conducted a one-way ANOVA test. The results of this test show that levels of website familiarity are not significantly different among the COZ group: (F-value: 1.35, p-value: 0.27).\\u003c/p\\u003e\\u003cp\\u003eE. \\u003cem\\u003eDifferences in Risk Assessment Behavior\\u003c/em\\u003e\\u003c/p\\u003e\\u003cp\\u003eResearch question five was, \\u003cem\\u003edoes risk assessment behavior vary across COZ countries and between COZ and the Five Eyes?\\u003c/em\\u003e To answer this question, we presented participants with a variety of computer security indicators (https, lock icon, certificates, type of website, professional appearance, and privacy policy). We asked participants to indicate which of the listed indicators they use when determining whether or not to enter their username and password on a particular website.\\u003c/p\\u003e\\u003cp\\u003eWe conducted a Kruskal-Wallis test to measure the frequency of selected risk indicators amongst the COZ group. We found that differences in the risk indicators are significantly different amongst the COZ group (p-value 0.033). The results from our analysis show that, while the presence of HTTPS is the most frequently selected indicator of security amongst all divisions of the COZ group, this indicator was selected more frequently amongst the Russian and bilingual Belarussian, Ukrainian groups (74% and 80%, respectively). The Bulgarian group, however, indicated HTTPS as a security indicator at the rate of 50%. Additionally, our results show that the professional appearance of a website is more frequently considered an indicator of security within the bilingual Belarussian, Ukrainian division, where 60% of respondents selected this indicator versus 17% and 21% of respondents from the Bulgarian and Russian divisions, respectively.\\u003c/p\\u003e\\u003cp\\u003eF. \\u003cem\\u003eDifferences in Phishing Resilience\\u003c/em\\u003e\\u003c/p\\u003e\\u003cp\\u003eWe define phishing resilience as the ability to accurately identify legitimate, safe websites, as well as unsafe, phishing websites. The principal task of this experiment consisted of presenting participants with five legitimate and five illegitimate (phishing) sites in a simulated environment. We asked participants to view each simulated site and click the login variant for those sites which seemed legitimate. For those sites which seemed illegitimate, we asked the participants to click the back button. We recorded these actions pertaining to all ten websites for each participant in the experiment in order to gauge the participants’ ability to accurately discern between phishing and legitimate websites. We calculated a resiliency score by computing the fraction of login actions over the total number of legitimate sites presented and the fraction of back actions over the total number of phished sites presented. Higher scores indicate a greater resiliency to phishing.\\u003c/p\\u003e\\u003cp\\u003eIn order to identify any differences in phishing resiliency across the COZ group, we conducted a one-way ANOVA test followed by pairwise t-tests. Our results show that phishing resiliency levels are not significantly different amongst the COZ group (F-value: 0.85, p-value: 0.43). The results from the pairwise t-tests are as follows: Russian division (µ = 6.7), Bulgarian division (µ = 6.2), and the bilingual Belarussian, Ukrainian division (µ = 6.4).\\u003c/p\\u003e\\u003cp\\u003e\\u003c/p\\u003e\\u003cp\\u003e\\u003c/p\\u003e\\u003cp\\u003e\\u003c/p\\u003e\\u003cp\\u003e\\u003c/p\\u003e\\u003cp\\u003e\\u003c/p\\u003e\\u003cp\\u003e\\u003c/p\\u003e\"},{\"header\":\"V. DISCUSSION AND IMPLICATIONS\",\"content\":\"\\u003cp\\u003eOur primary goal in this study is to shed light upon the degree to which assumptions of cybersecurity decision-making are consistent across two culturally and linguistically different groups. We have replicated a study conducted in the Five Eyes, the intelligence sharing alliance of anglophone nations (Australia, Canada, New Zealand, United Kingdom, and the United States), with another historically, culturally, and linguistically close group of nations, which we refer to as part of the Cyrillic Orthographic Zone (Belarus, Bulgaria, Russia, and Ukraine).\\u003c/p\\u003e\\n\\u003cp\\u003eRecall the first research question was if the model used for measuring phishing resilience in the Five Eyes provides insight into resilience in the COZ?\\u003c/p\\u003e\\n\\u003cp\\u003eOur overall results suggest that models of economic and health behaviors can generally be applied to computer security though applying a cyber resilience model based in health designed specifically for the Five Eyes to the Cyrillic Orthographic Zone. Despite the many cultural and linguistic differences between our two human study groups, there are few occurrences where our data suggest the security decision making varies greatly between two groups of people pertaining to separate spheres of social and cultural influence when examining which factors impinge these decisions. Recall that the cyber health model focused on expertise and familiarity. While the overall resilience is quite different, we do not reject the cyber health model described by Camp et al. In measuring human resilience in the face of the global epidemiology of cyber attacks (Camp 2014). The following table compares the results of our statistical tests, analyzing the factors we used to measure phishing resilience among both groups:\\u003c/p\\u003e\\n\\u003cdiv\\u003e\\n \\u003ctable id=\\\"Taba\\\" border=\\\"1\\\"\\u003e\\n \\u003cthead\\u003e\\n \\u003ctr\\u003e\\n \\u003cth align=\\\"left\\\"\\u003e\\u0026nbsp;\\u003c/th\\u003e\\n \\u003cth align=\\\"left\\\" colspan=\\\"2\\\"\\u003e\\n \\u003cp\\u003eFive Eyes\\u003c/p\\u003e\\n \\u003c/th\\u003e\\n \\u003c/tr\\u003e\\n \\u003c/thead\\u003e\\n \\u003ctbody\\u003e\\n \\u003ctr\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\u0026nbsp;\\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003eF-value\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003ep-value\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003c/tr\\u003e\\n \\u003ctr\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003ePhishing Knowledge\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e1.86\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e0.12\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003c/tr\\u003e\\n \\u003ctr\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003eCertificate Knowledge\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e0.76\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e0.55\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003c/tr\\u003e\\n \\u003ctr\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003eGeneral Security Knowledge\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e1.34\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e0.26\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003c/tr\\u003e\\n \\u003ctr\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003eComputer Expertise\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e2.90\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e\\u003cspan type=\\\"BoldUnderline\\\" name=\\\"Emphasis\\\"\\u003e0.02\\u003c/span\\u003e\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003c/tr\\u003e\\n \\u003ctr\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003eWebsite Familiarity\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e0.57\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e0.68\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003c/tr\\u003e\\n \\u003ctr\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\u0026nbsp;\\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\" colspan=\\\"2\\\"\\u003e\\n \\u003cp\\u003e\\u003cstrong\\u003eCOZ\\u003c/strong\\u003e\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003c/tr\\u003e\\n \\u003ctr\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\u0026nbsp;\\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003eF-value\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003ep-value\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003c/tr\\u003e\\n \\u003ctr\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003ePhishing Knowledge\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e1.38\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e0.12\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003c/tr\\u003e\\n \\u003ctr\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003eCertificate Knowledge\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e2.85\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e0.07\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003c/tr\\u003e\\n \\u003ctr\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003eGeneral Security Knowledge\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e1.38\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e0.26\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003c/tr\\u003e\\n \\u003ctr\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003eComputer Expertise\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e3.35\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e\\u003cspan type=\\\"BoldUnderline\\\" name=\\\"Emphasis\\\"\\u003e0.04\\u003c/span\\u003e\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003c/tr\\u003e\\n \\u003ctr\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003eWebsite Familiarity\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e1.68\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e0.20\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003c/tr\\u003e\\n \\u003c/tbody\\u003e\\n \\u003c/table\\u003e\\n\\u003c/div\\u003e\\n\\u003cp\\u003eThe only difference in significant factors is certificate knowledge; there was not adequate variance in certificate knowledge in the COZ populations for this to be a straight-forward comparison. For all other factors, significance and insignificance were consistent. We expect to see correspondence within the responses from singular participants, i.e. a particular participant may be less accurate than another. We also expect to see correspondence within the responses of participants from the same region, i.e. a certain degree of consistency among all Bulgarian participants.\\u003c/p\\u003e\\n\\u003cp\\u003eThe second research question of this study addresses the level of phishing resiliency of the COZ group as a whole. To what degree is phishing resilience similar or different between the COZ countries and how do these levels compare to those of the Five Eyes? We can compare these findings with those of the Five Eyes group.\\u003c/p\\u003e\\n\\u003cp\\u003eOverall, the high-level factors had the same significance or lack of significance. Phishing and certificate knowledge was not, in the aggregate, significant in either case nor was general security knowledge.\\u003c/p\\u003e\\n\\u003cp\\u003eIn order to illustrate certain correlations amongst all COZ group participants, we organized a table of ANOVA test results to compare the final phishing resilience scores with the following variables: age, education level, phishing \\u0026amp; certificate knowledge, general security knowledge, site familiarity, and the six security indicators listed in Section E of Part IV.\\u003c/p\\u003e\\n\\u003cp\\u003eThe original study conducted within the Five Eyes countries shows that age, phishing knowledge, general security knowledge, site familiarity, and the lock icon impact participants\\u0026rsquo; ability to correctly identify legitimate websites. Additionally, age and computer expertise also impact the ability to correctly identify phishing websites among the Five Eyes group. The results from the COZ group show that, as within the Five Eyes group, both general security knowledge and attention to the lock icon significantly impacted participants\\u0026rsquo; ability to accurately identify legitimate websites. However, our results also show that none of the factors had a significant impact on participants\\u0026rsquo; ability to identify phishing sites. The following table outlines the factors impacting phishing resiliency within the COZ group:\\u003c/p\\u003e\\n\\u003cdiv\\u003e\\n \\u003ctable id=\\\"Tabb\\\" border=\\\"1\\\"\\u003e\\n \\u003cthead\\u003e\\n \\u003ctr\\u003e\\n \\u003cth align=\\\"left\\\"\\u003e\\u0026nbsp;\\u003c/th\\u003e\\n \\u003cth align=\\\"left\\\" colspan=\\\"2\\\"\\u003e\\n \\u003cp\\u003eFive Eyes\\u003c/p\\u003e\\n \\u003c/th\\u003e\\n \\u003cth align=\\\"left\\\" colspan=\\\"2\\\"\\u003e\\n \\u003cp\\u003eCOZ\\u003c/p\\u003e\\n \\u003c/th\\u003e\\n \\u003c/tr\\u003e\\n \\u003c/thead\\u003e\\n \\u003ctbody\\u003e\\n \\u003ctr\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\u0026nbsp;\\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003eF-value\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003ep-value\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003eF-value\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003ep-value\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003c/tr\\u003e\\n \\u003ctr\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003ePhishing Knowledge\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e1.86\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e0.12\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e1.38\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e0.12\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003c/tr\\u003e\\n \\u003ctr\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003eCertificate Knowledge\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e0.76\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e0.55\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e2.85\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e0.07\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003c/tr\\u003e\\n \\u003ctr\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003eGeneral Security Knowledge\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e1.34\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e0.26\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e1.38\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e0.26\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003c/tr\\u003e\\n \\u003ctr\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003eComputer Expertise\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e2.90\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e\\u003cspan type=\\\"BoldUnderline\\\" name=\\\"Emphasis\\\"\\u003e0.02\\u003c/span\\u003e\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e3.35\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e\\u003cspan type=\\\"BoldUnderline\\\" name=\\\"Emphasis\\\"\\u003e0.04\\u003c/span\\u003e\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003c/tr\\u003e\\n \\u003ctr\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003eWebsite Familiarity\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e0.57\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e0.68\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e1.68\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e0.20\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003c/tr\\u003e\\n \\u003ctr\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003ePhishing Resilience\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e2.90\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e\\u003cspan type=\\\"BoldUnderline\\\" name=\\\"Emphasis\\\"\\u003e0.03\\u003c/span\\u003e\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e0.85\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003ctd align=\\\"left\\\"\\u003e\\n \\u003cp\\u003e0.43\\u003c/p\\u003e\\n \\u003c/td\\u003e\\n \\u003c/tr\\u003e\\n \\u003c/tbody\\u003e\\n \\u003c/table\\u003e\\n\\u003c/div\\u003e\\n\\u003cp\\u003eAfter this further analysis of the cross-regional study results, we can address the specific research questions.\\u003c/p\\u003e\\n\\u003cp\\u003eRQ1: Results from this comparative study show that there is a degree of correlation between underlying factors of phishing resilience between the two target socio-cultural groups. Not all underlying factors of phishing resilience play the same role in the COZ as they do in the Five Eyes. However, there are significant general tendencies amongst the two groups that support the assumptions of a common cyber health model.\\u003c/p\\u003e\\n\\u003cp\\u003eRQ2: We saw that phishing resiliency levels are significantly different within the AFE group between the United Kingdom and Australia. Participants from those nations also had significant differences in expertise. Resiliency levels among the remaining countries in the Five Eyes group were not significantly different. Similarly, we did not find any significant difference between phishing resiliency levels amongst the COZ group, nor were there large differences in expertise.\\u003c/p\\u003e\\n\\u003cp\\u003eRQ3: Computer security expertise is uncommon amongst the general population in both the AFE and COZ groups. However, individuals with higher levels of expertise in general computer security from both the Five Eyes and COZ groups were more accurately able to identify legitimate websites.\\u003c/p\\u003e\\n\\u003cp\\u003eRQ4: We saw that participants\\u0026rsquo; familiarity with the sites presented in the simulated environment increased the chances of identifying legitimate sites in the Five Eyes group. However, site familiarity did not have a significant impact on the ability of participants from the COZ group to identify a legitimate site.\\u003c/p\\u003e\\n\\u003cp\\u003eRQ5: Regardless of socio-cultural background, participants show broadly similar risk assessment behaviors. Participants from both the Five Eyes and COZ groups specified that HTTPS and the presence of a lock icon are the most frequently identified indicators of site security. Furthermore, participants from both cultural groups who pay close attention to the lock icon show significantly higher accuracy in identifying legitimate websites.\\u003c/p\\u003e\\n\\u003cp\\u003ePhishing is a common form of cybercrime that occurs throughout the world. By repeating a risk perception and phishing resiliency test with a different cultural group, the present study offers insights into how internet users from different socio-cultural backgrounds interpret, interact with, and respond to a common threat. While the results were not identical among the two target populations, we find that the outcomes of these experiments could offer constructive contributions to practices incorporating health modeling to cybersecurity.\\u003c/p\\u003e\\n\\u003cp\\u003eOur results can inform research in security decision making, collective defense, and design of collective or individual phishing interventions.\\u003c/p\\u003e\\n\\u003cp\\u003eLIMITATIONS \\u0026amp; FUTURE WORK\\u003c/p\\u003e\\n\\u003cp\\u003eAs a result of the timing of this work, the researchers were unable to recruit and pay participants in the nations where we sought participants. This was noted in the preceding recruitment section. The impact of the conflict on risk perceptions also cannot be measured until the end of hostilities. Specifically, the study kept the use of Russian for Ukrainian participants. We cannot reject the possibility that attitudes towards Russian language websites influenced the results.\\u003c/p\\u003e\\n\\u003cp\\u003eA larger scale work after the resumption of normal peacetime trade may result in either more significant findings or fail to reify these results. The experimental harness and study dataset is available for reuse on GitHub: \\u003cspan\\u003e\\u003cspan\\u003ehttps://github.com/vaibhav201297/PhishUpwork\\u003c/span\\u003e\\u003c/span\\u003e\\u003c/p\\u003e\\n\\u003cp\\u003eOur research provides a test of the global applicability of both the cyber health model and the generalizability of the experimental platform developed by Kelley et al. For future work we seek collaborators to implement comparative studies in Sino-Tibetan, Turkic, Semitic, and other Indo-European linguistic groups.\\u003c/p\\u003e\"},{\"header\":\"VII. CONCLUSION\",\"content\":\"\\u003cp\\u003eWe conducted a comparative study with participants from Slavic countries within the Cyrillic Orthographic Zone. The study was designed to complement previous work in the field of cyber risk perception conducted in the intelligence-sharing alliance of Anglosphere nations known as the Five Eyes. We explored the degree to which the results from the COZ are correspond to those obtained in the original study among Five Eye countries. The ultimate goal of this comparison is to provide evidence for or against the application of a model of cybersecurity decision making based on public health. Human biology remains the same when combatting threats such as physical disease, is there consistency in the socio-cultural factors that impinge cyber resilience?\\u003c/p\\u003e\\u003cp\\u003eKey findings from this comparative study are that risk assessment behaviors do not vary greatly amongst cultural groups. In particular, HTTPS and the presence of a lock icon represent the most significant factors in risk assessment, independent of one's nationality. One of the most intriguing findings is that while greater website familiarity has been found to correlate to an increased ability to identify a legitimate website amongst the Five Eyes group, the same tendency does not occur amongst the COZ participants. Some factors cannot be compared, possibly because of the differences in historical adoption. One important factor to note for global resilience is that computer security expertise is not common amongst the general population regardless of socio-cultural background.\\u003c/p\\u003e\\u003cp\\u003eWhile we can reject the hypotheses that all underlying factors in phishing resilience in the Five Eyes have the same effect in the COZ, we cannot reject the overall hypothesis that a cyber health model could be applicable using a subset of indicators of resilience. Similarly, general trends in cyber risk assessment behaviors suggest more commonalities than differences amongst varying socio-cultural groups.\\u003c/p\\u003e\"},{\"header\":\"Declarations\",\"content\":\"\\u003cp\\u003eAUTHOR CONTRIBUTIONS\\u003c/p\\u003e\\n\\u003cp\\u003eThe following authors contributed equally to this work: Author 1, Author 2, Author 3, and Author 4. The following author jointly supervised this work: Author 5.\\u0026nbsp;\\u003c/p\\u003e\\n\\u003cp\\u003eAuthor contributions include:\\u003c/p\\u003e\\n\\u003cp\\u003eAuthor 1: conceptualization, data analysis, editing/review, methodology original draft. Author 3: conceptualization, data analysis, editing/review, original draft, participant recruitment, translations. Author 2: coding. Author 4: coding. Author 5: conceptualization, participant recruitment.\\u003c/p\\u003e\\n\\u003cp\\u003eETHICS DECLARATIONS\\u003c/p\\u003e\\n\\u003cp\\u003eThe authors of this work declare no conflicts of interest. Approval for all procedures conducted in this study was obtained by the Human Research Protection Program Indiana University Institutional Review Board (IRB#1707304414) on 29/11/2020. We confirm that all research was performed in accordance with relevant guidelines and regulations applicable when human subjects are involved specifically as defined by the Belmont Report in accordance with additional guidance U.S. Department of Health and Human services, Office for Human Research Protections (OHRP), and the US National Science Foundation. The datasets used to produce the results of this study are anonymized. Informed consent was obtained by all participants, who verified their age and agreement to participate in the study at the beginning of the initial demographic survey. Informed consent was obtained by participants between 1/4/2023 and 1/7/2023.\\u003c/p\\u003e\"},{\"header\":\"References\",\"content\":\"\\u003col\\u003e\\n\\u003cli\\u003eAlkhozae, Mona Ghotaish, and Omar Abdullah Batarfi. \\u0026quot;Phishing websites detection based on phishing characteristics in the webpage source code.\\u0026quot; \\u003cem\\u003eInternational Journal of Information and Communication Technology Research\\u003c/em\\u003e 1.6 (2011).\\u003c/li\\u003e\\n\\u003cli\\u003eCamp, J., S. Das, J. Dev, M. Grobler, and D. Kim, \\u0026ldquo;Cross-national study on phishing resilience,\\u0026rdquo; In Proceedings of the Workshop on Usable Security and Privacy (USEC), 2021.\\u003c/li\\u003e\\n\\u003cli\\u003eCamp, L. Jean, et al. \\u0026quot;Measuring human resilience in the face of the global epidemiology of cyber attacks.\\u0026quot; \\u003cem\\u003eProceedings of the 52nd Hawaii International Conference on System Sciences\\u003c/em\\u003e. 2019.\\u003c/li\\u003e\\n\\u003cli\\u003eCamp, L. Jean, et al. \\u0026quot;Measuring human resilience in the face of the global epidemiology of cyber attacks.\\u0026quot; (2019).\\u003c/li\\u003e\\n\\u003cli\\u003eChaudhry, Junaid Ahsenali, Shafique Ahmad Chaudhry, and Robert G. Rittenhouse. \\u0026quot;Phishing attacks and defenses.\\u0026quot; \\u003cem\\u003eInternational Journal of Security and Its Applications\\u003c/em\\u003e 10.1 (2016): 247-256.\\u003c/li\\u003e\\n\\u003cli\\u003eC. W. Choo, \\u0026ldquo;Information culture and organizational effectiveness,\\u0026rdquo; International Journal of Information Management, vol. 33, no. 5, pp. 775\\u0026ndash;779, 2013.\\u003c/li\\u003e\\n\\u003cli\\u003eL. Cranor, J. Downs, and M. Holbrook, \\u0026ldquo;Decision Strategies and Susceptibility to Phishing\\u0026rdquo;, Proceedings of the second symposium on Usable privacy and security, 2006.\\u003c/li\\u003e\\n\\u003cli\\u003eDas, Sanchari, et al. \\u0026quot;All about phishing: Exploring user research through a systematic literature review.\\u0026quot; \\u003cem\\u003earXiv preprint arXiv:1908.05897\\u003c/em\\u003e (2019).\\u003c/li\\u003e\\n\\u003cli\\u003eDesolda, Giuseppe, et al. \\u0026quot;Human factors in phishing attacks: a systematic literature review.\\u0026quot; ACM Computing Surveys (CSUR)54.8 (2021): 1-35.\\u003c/li\\u003e\\n\\u003cli\\u003eDykstra, Josiah, et al. \\u0026quot;Position Paper: Evaluating Analogies and Applying Public Health Models for Cybersecurity.\\u0026quot; \\u003cem\\u003eProceedings of the 2024 Workshop on Cybersecurity in Healthcare\\u003c/em\\u003e. 2023.\\u003c/li\\u003e\\n\\u003cli\\u003eEgelman, Serge, Lorrie Faith Cranor, and Jason Hong. \\u0026quot;You\\u0026apos;ve been warned: an empirical study of the effectiveness of web browser phishing warnings.\\u0026quot; \\u003cem\\u003eProceedings of the SIGCHI Conference on Human Factors in Computing Systems\\u003c/em\\u003e. 2008.\\u003c/li\\u003e\\n\\u003cli\\u003eErmakova, L. \\u0026ldquo;Spam and phishing detection in various languages,\\u0026rdquo; International Journal \\u0026ldquo;Information Technologies and Knowledge\\u0026rdquo;, Vol. 4, Number 3, 2010.\\u003c/li\\u003e\\n\\u003cli\\u003eFlores, Waldo Rocha, et al. \\u0026quot;Investigating personal determinants of phishing and the effect of national culture.\\u0026quot; \\u003cem\\u003eInformation \\u0026amp; Computer Security\\u003c/em\\u003e (2015).\\u003c/li\\u003e\\n\\u003cli\\u003eGarg, Vaibhav, Thomas Koster, and Linda Jean Camp. \\u0026quot;Cross-country analysis of spambots.\\u0026quot; EURASIP Journal on Information Security 2013 (2013): 1-13.\\u003c/li\\u003e\\n\\u003cli\\u003eT. Kelley and B. I. Bertenthal, \\u0026ldquo;Attention and past behavior, not security knowledge, modulate users\\u0026rsquo; decisions to login to insecure websites,\\u0026rdquo; \\u003cem\\u003eInformation \\u0026amp; Computer Security\\u003c/em\\u003e, 2016.\\u003c/li\\u003e\\n\\u003cli\\u003eKrebs, B., 2014. Spam nation: The inside story of organized cybercrime-from global epidemic to your front door. Sourcebooks, Inc.\\u003c/li\\u003e\\n\\u003cli\\u003eC. W. Lejuez, J. P. Read, C. W. Kahler, J. B. Richards, S. E. Ramsey, G. L. Stuart, D. R. Strong, and R. A. Brown, \\u0026ldquo;Evaluation of a behavioral measure of risk taking: the balloon analogue risk task (bart).\\u0026rdquo; \\u003cem\\u003eJournal of Experimental Psychology: Applied\\u003c/em\\u003e, vol. 8, no. 2, p. 75, 2002.\\u003c/li\\u003e\\n\\u003cli\\u003eS. Purkait, \\u0026ldquo;Phishing counter measures and their effectiveness \\u0026ndash; literature review\\u0026rdquo;, Information Management \\u0026amp; Computer Security, Volume 20 Issue 5, 2012.\\u003c/li\\u003e\\n\\u003cli\\u003eRajivan, Prashanth, et al. \\u0026ldquo;Factors in an end user security expertise instrument\\u0026rdquo;, \\u003cem\\u003eInformation \\u0026amp; Computer Security\\u003c/em\\u003e, 2017. \\u003c/li\\u003e\\n\\u003cli\\u003eRajivan, Prashanth, et al. \\u0026quot;What Can Johnny Do?\\u0026ndash;Factors in an End-User Expertise Instrument.\\u0026quot; \\u003cem\\u003eHAISA\\u003c/em\\u003e. 2016.\\u003c/li\\u003e\\n\\u003cli\\u003eSample, C. \\u0026ldquo;Culture and cyber behaviors: DNS defending,\\u0026rdquo; Journal of Information Warfare Vol. 14, No. 4, 2015.\\u003c/li\\u003e\\n\\u003cli\\u003eSheng, Steve, et al. \\u0026quot;Who falls for phish? A demographic analysis of phishing susceptibility and effectiveness of interventions.\\u0026quot; \\u003cem\\u003eProceedings of the SIGCHI conference on human factors in computing systems\\u003c/em\\u003e. 2010.\\u003c/li\\u003e\\n\\u003cli\\u003eShostack, Adam, and Josiah Dykstra. \\u0026quot;Handling Pandemic-Scale Cyber Threats: Lessons from COVID-19.\\u0026quot; \\u003cem\\u003earXiv preprint arXiv:2408.08417\\u003c/em\\u003e (2024).\\u003c/li\\u003e\\n\\u003cli\\u003eWolk, R. The effects of English language dominance of the internet and the digital divide. 2004 International Symposium on Technology and Society (IEEE Cat. No. 04CH37548). IEEE, 2004.\\u003c/li\\u003e\\n\\u003cli\\u003eZhuo, Sijie, et al. \\u0026quot;SoK: Human-Centered Phishing Susceptibility.\\u0026quot; \\u003cem\\u003earXiv preprint arXiv:2202.07905\\u003c/em\\u003e (2022).\\u003c/li\\u003e\\n\\u003cli\\u003eDeryugin, Roman Aleksandrovich. \\u0026ldquo;Kiberprestupnost\\u0026rsquo; v Rossii: sovremennoe sostoyanie i aktual\\u0026rsquo;nye problemy.\\u0026rdquo; Vestnik ural\\u0026rsquo;skogo yuridicheskogo instituta MVD Rossii 2 (2019): 46-49.\\u003c/li\\u003e\\n\\u003cli\\u003eKuznetsov, Maksim Valer\\u0026rsquo;evich. Sotsial\\u0026rsquo;naya injeneriya i sotsial\\u0026rsquo;nye hakery. BHV-Petersburg, 2007. \\u003c/li\\u003e\\n\\u003cli\\u003eStarostenko, Oleg Aleksandrovich. \\u0026quot;Priroda i sposoby soversheniya moshennichestva s ispol\\u0026rsquo;zovaniem informatsionno-telekommunikatsionnyh tehnologij.\\u0026rdquo; Vestnik Udmurtskogo universiteta Seriya \\u0026ldquo;Ekonomika i pravo\\u0026rdquo; 30.4 (2020): 576-582.\\u003c/li\\u003e\\n\\u003cli\\u003eYangaeva, Mariya Olegnova. \\u0026quot;Sotsial\\u0026rsquo;naya injeneriya kak sposob soversheniya kiberprestuplenij.\\u0026quot; \\u003cem\\u003eVestnik Siberskogo yuridicheskogo instituta MVD Rossii \\u003c/em\\u003e1 (42) (2021): 133-138.\\u003c/li\\u003e\\n\\u003c/ol\\u003e\"}],\"fulltextSource\":\"\",\"fullText\":\"\",\"funders\":[],\"hasAdminPriorityOnWorkflow\":false,\"hasManuscriptDocX\":true,\"hasOptedInToPreprint\":true,\"hasPassedJournalQc\":\"\",\"hasAnyPriority\":false,\"hideJournal\":false,\"highlight\":\"\",\"institution\":\"\",\"isAcceptedByJournal\":false,\"isAuthorSuppliedPdf\":false,\"isDeskRejected\":\"\",\"isHiddenFromSearch\":false,\"isInQc\":false,\"isInWorkflow\":false,\"isPdf\":false,\"isPdfUpToDate\":true,\"isWithdrawnOrRetracted\":false,\"journal\":{\"display\":true,\"email\":\"info@researchsquare.com\",\"identity\":\"humanities-and-social-sciences-communications\",\"isNatureJournal\":false,\"hasQc\":true,\"allowDirectSubmit\":false,\"externalIdentity\":\"palcomms\",\"sideBox\":\"Learn more about [Humanities \\u0026 Social Sciences Communications](http://www.nature.com/palcomms/)\",\"snPcode\":\"41599\",\"submissionUrl\":\"https://submission.springernature.com/new-submission/41599/3\",\"title\":\"Humanities and Social Sciences Communications\",\"twitterHandle\":\"\",\"acdcEnabled\":true,\"dfaEnabled\":true,\"editorialSystem\":\"stoa\",\"reportingPortfolio\":\"Nature AJ\",\"inReviewEnabled\":true,\"inReviewRevisionsEnabled\":false},\"keywords\":\"Phishing, Resilience, Cybersecurity, Cross-National, Familiarity, Risk-Assessment, Socio-Technical, Cyrillic Orthographic Zone\",\"lastPublishedDoi\":\"10.21203/rs.3.rs-6706255/v1\",\"lastPublishedDoiUrl\":\"https://doi.org/10.21203/rs.3.rs-6706255/v1\",\"license\":{\"name\":\"CC BY 4.0\",\"url\":\"https://creativecommons.org/licenses/by/4.0/\"},\"manuscriptAbstract\":\"\\u003cp\\u003eModels of economic and health behaviors have been applied to computer security decision-making. One argument against health models is that cybersecurity behavioral factors may vary widely across cultures, while human biology remains the same. In this work we explore the degree to which assumptions of cybersecurity decision-making is consistent across two cultural and linguistic spheres of influence. Specifically, we replicate a study of phishing resilience that was implemented across five English-speaking nations in four nations within the Cyrillic orthographic zone. We compare the overall resilience and factors weights between the two population groups. Our findings illustrate that there were few indicators of significant difference between the two human subjects studies. While the comparisons of the results opens questions that can only be answered with the large scale longitudinal studies, overall the implications support arguments for the application of health models to cybersecurity.\\u003c/p\\u003e\",\"manuscriptTitle\":\"Phishing resiliency across socio-cultural Spheres: Cyrillic Orthographic Zone versus The Five Eyes\",\"msid\":\"\",\"msnumber\":\"\",\"nonDraftVersions\":[{\"code\":1,\"date\":\"2025-09-22 06:55:05\",\"doi\":\"10.21203/rs.3.rs-6706255/v1\",\"editorialEvents\":[{\"type\":\"communityComments\",\"content\":0},{\"type\":\"reviewerAgreed\",\"content\":\"268733012276832429100190638230381894663\",\"date\":\"2026-01-30T14:34:13+00:00\",\"index\":\"hide\",\"fulltext\":\"\"},{\"type\":\"editorInvitedReview\",\"content\":\"\",\"date\":\"2026-01-28T17:29:06+00:00\",\"index\":\"hide\",\"fulltext\":\"\"},{\"type\":\"reviewerAgreed\",\"content\":\"241789148553220926086362750089299262015\",\"date\":\"2025-12-22T09:06:12+00:00\",\"index\":\"hide\",\"fulltext\":\"\"},{\"type\":\"reviewerAgreed\",\"content\":\"192398154586820906993580990900230451190\",\"date\":\"2025-12-16T18:57:48+00:00\",\"index\":\"hide\",\"fulltext\":\"\"},{\"type\":\"reviewersInvited\",\"content\":\"\",\"date\":\"2025-09-11T10:47:14+00:00\",\"index\":\"\",\"fulltext\":\"\"},{\"type\":\"editorInvited\",\"content\":\"\",\"date\":\"2025-09-05T07:36:41+00:00\",\"index\":\"\",\"fulltext\":\"\"},{\"type\":\"editorAssigned\",\"content\":\"\",\"date\":\"2025-06-08T10:36:05+00:00\",\"index\":\"\",\"fulltext\":\"\"},{\"type\":\"checksComplete\",\"content\":\"\",\"date\":\"2025-06-03T14:06:21+00:00\",\"index\":\"\",\"fulltext\":\"\"},{\"type\":\"submitted\",\"content\":\"Humanities and Social Sciences Communications\",\"date\":\"2025-05-20T09:29:12+00:00\",\"index\":\"\",\"fulltext\":\"\"}],\"status\":\"published\",\"journal\":{\"display\":true,\"email\":\"info@researchsquare.com\",\"identity\":\"humanities-and-social-sciences-communications\",\"isNatureJournal\":false,\"hasQc\":true,\"allowDirectSubmit\":false,\"externalIdentity\":\"palcomms\",\"sideBox\":\"Learn more about [Humanities \\u0026 Social Sciences Communications](http://www.nature.com/palcomms/)\",\"snPcode\":\"41599\",\"submissionUrl\":\"https://submission.springernature.com/new-submission/41599/3\",\"title\":\"Humanities and Social Sciences Communications\",\"twitterHandle\":\"\",\"acdcEnabled\":true,\"dfaEnabled\":true,\"editorialSystem\":\"stoa\",\"reportingPortfolio\":\"Nature AJ\",\"inReviewEnabled\":true,\"inReviewRevisionsEnabled\":false}}],\"origin\":\"\",\"ownerIdentity\":\"34d4740d-3f47-42b4-b0a2-eaf373b7e4e9\",\"owner\":[],\"postedDate\":\"September 22nd, 2025\",\"published\":true,\"recentEditorialEvents\":[],\"rejectedJournal\":[],\"revision\":\"\",\"amendment\":\"\",\"status\":\"under-review\",\"subjectAreas\":[{\"id\":54666457,\"name\":\"Business and commerce/Information systems and information technology\"},{\"id\":54666458,\"name\":\"Social science/Science technology and society\"}],\"tags\":[],\"updatedAt\":\"2025-09-22T06:55:05+00:00\",\"versionOfRecord\":[],\"versionCreatedAt\":\"2025-09-22 06:55:05\",\"video\":\"\",\"vorDoi\":\"\",\"vorDoiUrl\":\"\",\"workflowStages\":[]},\"version\":\"v1\",\"identity\":\"rs-6706255\",\"journalConfig\":\"researchsquare\"},\"__N_SSP\":true},\"page\":\"/article/[identity]/[[...version]]\",\"query\":{\"redirect\":\"/article/rs-6706255\",\"identity\":\"rs-6706255\",\"version\":[\"v1\"]},\"buildId\":\"XKTyCvWXoU3ODBz1xrDgd\",\"isFallback\":false,\"isExperimentalCompile\":false,\"dynamicIds\":[84888],\"gssp\":true,\"scriptLoader\":[]}","source_license":"CC-BY-4.0","license_restricted":false}