Brynne Harrison scite author profile

et al. 2015

Research on phishing has implicated users' heuristic processing as the reason why they fail to recognize deception cues and fall prey to phishing attacks. Other research on online behavior has found that the attributes of the medium activate heuristics that contribute to feelings of presence and enhance the persuasiveness of presented information. The deception literature has, however, yet to examine how such medium attributes lead to victimization in a phishing attack. The present research thus fills an important gap in the literature. The study explores how perceptions of presence in a phishing attack influence its victimization rate. This is examined using an experiment in which participants are subjected to a phishing attack where the amount of social presence in the email is manipulated. In contrast to subjects in the lean information conditions, those in the informationrich condition were more likely to heuristically process presence cues, leading to their victimization.

show abstract

Individual processing of phishing emails

Svetieva

2016

Purpose – The purpose of this paper is to explore user susceptibility to phishing by unpacking the mechanisms that may influence individual victimization. The focus is on the characteristics of the e-mail message, users’ knowledge and experience with phishing, and the manner in which these interact and influence how users cognitively process phishing e-mails. Design/methodology/approach – A field experiment was conducted where 194 subjects were exposed to a real phishing attack. The experimenters manipulated the contents of the message and measures of user traits and user processing were obtained after the phishing attack. Findings – Of the original list of targets, 47 percent divulged their private information to a bogus form page. Phishing susceptibility was predicted by a particular combination of both low attention to the e-mail elements and high elaboration of the phishing message. The presence of a threat or reward-based phishing message did not affect these processes, nor did it affect subsequent phishing susceptibility. Finally, individual factors such as knowledge and experience with e-mail increased resilience to the phishing attack. Research limitations/implications – The findings are generalizable to students who are a particularly vulnerable target of phishing attacks. Practical implications – The results presented in this study provide pragmatic recommendations for developing user-centered interventions to thwart phishing attacks. Lastly the authors suggest more effective educational efforts to protect individuals from such online fraud. Originality/value – This study provides novel insight into why phishing is successful, the human factor in susceptibility to online deception as well the role of information processing in effective decision making in this context. Based on the findings, the authors dispel common misconceptions about phishing and discuss more effective educational efforts to protect individuals from such online fraud.

show abstract

A User-Centered Approach to Phishing Susceptibility: The Role of a Suspicious Personality in Protecting Against Phishing

Rao³

2016

Understanding How Social-Behavioural Science Theory Can Explain the Design of Software Websites

2016