Examining the Impact of Presence on Individual Phishing Victimization

Harrison, Brynne; Vishwanath, Arun; Ng, Yu Jie; Rao, Raghav

doi:10.1109/hicss.2015.419

Cited by 30 publications

(40 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They found that attention to visceral triggers and phishing detection indicators and to users' phishing knowledge played a critical role in phishing detection. Harrison, Vishwanath, Ng, and Rao (2015) found that information that alludes to social presence fosters heuristic decision making and increases susceptibility to phishing. The authors manipulated social presence with cues such as the university logo, versing security logo, and click-to-chat icons.…”

Section: Physical Attributes Of Messages In Susceptibility To Phishingmentioning

confidence: 99%

Got Phished? Internet Security and Human Vulnerability

Goel¹,

Williams²,

Dincelli³

2017

JAIS

133

117

View full text Add to dashboard Cite

A leading cause of security breaches is a basic human vulnerability: our susceptibility to deception. Hackers exploit this vulnerability by sending phishing emails that induce users to click on malicious links that then download malware or trick the victim into revealing personal confidential information to the hacker. Past research has focused on human susceptibility to generic phishing emails or individually targeted spear-phishing emails. This study addresses how contextualization of phishing emails for targeted groups impacts their susceptibility to phishing. We manipulated the framing and content of email messages and tested the effects on users' susceptibility to phishing. We constructed phishing emails to elicit either the fear of losing something valuable (e.g., course registrations, tuition assistance) or the anticipation of gaining something desirable (e.g., iPad, gift card, social networks). We designed the emails' context to manipulate human psychological weaknesses such as greed, social needs, and so on. We sent fictitious (benign) emails to 7,225 undergraduate students and recorded their responses. Results revealed that contextualizing messages to appeal to recipients' psychological weaknesses increased their susceptibility to phishing. The fear of losing or anticipation of gaining something valuable increased susceptibility to deception and vulnerability to phishing. The results of our study provide important contributions to information security research, including a theoretical framework based on the heuristic-systematic processing model to study the susceptibility of users to deception. We demonstrate through our experiment that several situational factors do, in fact, alter the effectiveness of phishing attempts.

show abstract

Section: Physical Attributes Of Messages In Susceptibility To Phishingmentioning

confidence: 99%

Got Phished? Internet Security and Human Vulnerability

Goel¹,

Williams²,

Dincelli³

2017

JAIS

133

117

View full text Add to dashboard Cite

show abstract

“…Harrison et al [87] studied how perceptions of social presence in a phishing attack influence the victimization rate. In their experiment, their participants were subject to a simulated phishing attack in which the amount of social presence in the email used was varied.…”

Section: Surveymentioning

confidence: 99%

Don’t click: towards an effective anti-phishing training. A comparative literature review

Jampen

Gür

Sutter

et al. 2020

Hum. Cent. Comput. Inf. Sci.

View full text Add to dashboard Cite

The security threat posed by email-based phishing campaigns targeted at employees is a well-known problem experienced by many organizations. Attacks are reported each year, and a reduction in the number of such attacks is unlikely to occur in the near future (see Fig. 1). A common type of phishing attack involves an attacker attempting to trick victims into clicking on links sent via email. Such links redirect victims to websites that are carefully designed to mimic those of legitimate organizations with the goal of convincing users to provide their personal information and credentials. Attackers then use the phished data to execute their schemes further. Phishing attacks may be used to obtain access to an organization's internal servers and steal company secrets or to steal victims' personal information, such as credit card details [1]. In this publication, we focus on email-based phishing attacks, as this is currently the most commonly used channel and poses a significant threat to both individuals and companies globally

show abstract

“…Social presence is a concept defining the subjective and psychological experience of how information richness influences the persuasive effects of email. Harrison, et al [18] constructed an experiment to examine the amount of social presence in email and its relation to phishing victimization. The information richness that they deploy shows how sophistications (i.e.…”

Section: Trust Victimization and Phishingmentioning

confidence: 99%

Multimodal Data Fusion and Behavioral Analysis Tooling for Exploring Trust, Trust-propensity, and Phishing Victimization in Online Environments

Hefley

Wethor

Hale

2018

Proceedings of the 51st Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

Online environments, including email and social media platforms, are continuously threatened by malicious content designed by attackers to install malware on unsuspecting users and/or phish them into revealing sensitive data about themselves. Often slipping past technical mitigations (e.g. spam filters), attacks target the human element and seek to elicit trust as a means of achieving their nefarious ends. Victimized end-users lack the discernment, visual acuity, training, and/or experience to correctly identify the nefarious antecedents of trust that should prompt suspicion. Existing literature has explored trust, trust-propensity, and victimization, but studies lack data capture richness, realism, and/or the ability to investigate active user interactions. This paper defines a data collection and fusion approach alongside new open-sourced behavioral analysis tooling that addresses all three factors to provide researchers with empirical, evidence-based, insights into active end-user trust behaviors. The approach is evaluated in terms of comparative analysis, run-time performance, and fused data accuracy.

show abstract

Examining the Impact of Presence on Individual Phishing Victimization

Cited by 30 publications

References 19 publications

Got Phished? Internet Security and Human Vulnerability

Got Phished? Internet Security and Human Vulnerability

Don’t click: towards an effective anti-phishing training. A comparative literature review

Multimodal Data Fusion and Behavioral Analysis Tooling for Exploring Trust, Trust-propensity, and Phishing Victimization in Online Environments

Contact Info

Product

Resources

About