Individual processing of phishing emails: How attention and elaboration protect against phishing

  title={Individual processing of phishing emails: How attention and elaboration protect against phishing},
  author={Brynne Harrison and Elena Svetieva and Arun Vishwanath},
  journal={Online Inf. Rev.},
Purpose – The purpose of this paper is to explore user susceptibility to phishing by unpacking the mechanisms that may influence individual victimization. The focus is on the characteristics of the e-mail message, users’ knowledge and experience with phishing, and the manner in which these interact and influence how users cognitively process phishing e-mails. Design/methodology/approach – A field experiment was conducted where 194 subjects were exposed to a real phishing attack. The… 

Figures and Tables from this paper

Determining psycholinguistic features of deception in phishing messages

It is found that most participants, who played the role of a phisher in the study, chose to deceive their end-user targets by pretending to be a familiar individual and presenting time pressure or deadlines, which shows that use of words conveying certainty and work-related features in the phishing messages predicted higher end- user vulnerability.

Developing a measure of information seeking about phishing

Higher perceived threat severity, self-efficacy and response efficacy were associated with greater intentions, while greater perceived vulnerability was associated with lower intentions and no relationship was found with phishing discrimination ability.

So Many Phish, So Little Time: Exploring Email Task Factors and Phishing Susceptibility

Overall, the present studies suggest that high email load and low phishing prevalence can influence email classifications, and organizations and researchers should consider the influences of both email Load and Phishing prevalence when implementing phishing interventions.

How persuasive is phishing email? The role of authentic design, influence and current events in email judgements

Examination of participant judgements of 20 pre-designed emails varied according to whether they used loss or reward-based influence techniques, whether they contained particular authentic design cues, and whether they referenced a salient current event.

Exploring susceptibility to phishing in the workplace. International Human-Computer

Phishing emails provide a means to in fi ltrate the technical systems of organisations by encouraging employees to click on malicious links or attachments. Despite the use of awareness campaigns and

Response to a phishing attack: persuasion and protection motivation in an organizational context

Purpose This study aims to examine the effect of cybersecurity threat and efficacy upon click-through, response to a phishing attack: persuasion and protection motivation in an organizational

An Investigation into Students Responses to Various Phishing Emails and Other Phishing-Related Behaviours

This descriptive study investigated 126 university students’ responses to various forms of phishing emails and other security-related behaviours through a self-designed questionnaire offering insights on behavioural aspects that can assist the information security community in designing and implementing more efficient controls against phishing attacks.

Mindless Response or Mindful Interpretation: Examining the Effect of Message Influence on Phishing Susceptibility

Empirical evidence shows that both message influence and cognitive processing can lead to people being phished, and a combination of different influences can also trigger cognitive processing.

Examining the Impact of Presence on Individual Phishing Victimization

This study explores how perceptions of presence in a phishing attack influence its victimization rate and finds that those in the information-rich condition were more likely to heuristically process presence cues, leading to their victimization.

The Influence of Experiential and Dispositional Factors in Phishing: An Empirical Investigation of the Deceived

The paper concludes by suggesting that the behavioral aspect of susceptible users be integrated into the current tools and materials used in antiphishing efforts.

Phishing IQ Tests Measure Fear, Not Ability

It is argued that phishing IQ tests fail to measure susceptibility to phishing attacks, and the only measurable effect of the phishing education was an increased concern--not an increased ability.

Who falls for phish?: a demographic analysis of phishing susceptibility and effectiveness of interventions

The results suggest that women are more susceptible than men to phishing and participants between the ages of 18 and 25 are more susceptibility to phishers than other age groups.

What Instills Trust? A Qualitative Study of Phishing

A user study gauges reactions to a variety of common "trust indicators" - such as logos, third party endorsements, and padlock icons - over a selection of authentic and phishing stimuli to analysis of what makes phishing emails and web pages appear authentic.

Decision strategies and susceptibility to phishing

Preliminary analysis of interviews with 20 non-expert computer users to reveal their strategies and understand their decisions when encountering possibly suspicious emails suggests that people can manage the risks that they are most familiar with, but don't appear to extrapolate to be wary of unfamiliar risks.

The Human Factor in

The importance of understanding psychological aspects of phishing is discussed, some commonly used security practices are critique and alternatives are suggested, including educational approaches, based both on psychological and technical insights.

Why phishing works

This paper provides the first empirical evidence about which malicious strategies are successful at deceiving general users by analyzing a large set of captured phishing attacks and developing a set of hypotheses about why these strategies might work.

A test of interventions for security threats from social engineering

  • M. Workman
  • Psychology
    Inf. Manag. Comput. Secur.
  • 2008
It was found that threat assessment, commitment, trust, and obedience to authority were strong indicators of social engineering threat success, and that treatment efficacy depends on which factors are most prominent.