2018
DOI: 10.1371/journal.pone.0198213
|View full text |Cite
|
Sign up to set email alerts
|

Real or bogus: Predicting susceptibility to phishing with economic experiments

Abstract: We present a lab-in-the-field experiment to demonstrate how individual behavior in the lab predicts their ability to identify phishing attempts. Using the business and finance staff members from a large public university in the U.S., we find that participants who are intolerant of risk, more curious, and less trusting commit significantly more errors when evaluating interfaces. We also replicate prior results on demographic correlates of phishing vulnerability, including age, gender, and education level. Our r… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
7
1

Year Published

2018
2018
2024
2024

Publication Types

Select...
7

Relationship

0
7

Authors

Journals

citations
Cited by 11 publications
(8 citation statements)
references
References 26 publications
0
7
1
Order By: Relevance
“…5 , one can see that before obtaining the knowledge transfer associated with cybersecurity, the employees had a low level of cybersecurity awareness because more than 22% of the employees became victims of the phishing email by clicking on the malicious link provided in the phishing attack simulation. This is a higher number than the results of 12% and 20% as reported in Cranor ( 2018 ) and Chen et al ( 2018 ), respectively. After conducting the knowledge transfer processes using the mixed approach, it was found that the overall level of cybersecurity awareness of the employees for phishing improved significantly.…”
Section: Discussioncontrasting
confidence: 57%
See 1 more Smart Citation
“…5 , one can see that before obtaining the knowledge transfer associated with cybersecurity, the employees had a low level of cybersecurity awareness because more than 22% of the employees became victims of the phishing email by clicking on the malicious link provided in the phishing attack simulation. This is a higher number than the results of 12% and 20% as reported in Cranor ( 2018 ) and Chen et al ( 2018 ), respectively. After conducting the knowledge transfer processes using the mixed approach, it was found that the overall level of cybersecurity awareness of the employees for phishing improved significantly.…”
Section: Discussioncontrasting
confidence: 57%
“…According to a report on data breaches by Verizon, as in (Anstett, 2021 ), it was mentioned that 30% of phishing emails were read by the victims (Cranor, 2018 ). Also, it was reported that 12% of those victims clicked on fake websites or bogus attachments (Chen et al, 2018 ) and about 50,000 or 20% of the employees from a total of 250,000 employees in one well-known organization clicked on a malicious link. Based on breaches involving industries, it was announced by Verizon that about 10% of the breaches were in the financial industry (Verizon, 2019 ) causing significant financial loss not only to the financial companies but also to their customers and staff.…”
Section: Introductionmentioning
confidence: 99%
“…They found that participants who are intolerant of risk were more likely to regard legitimate interfaces as phishing. In contrast, participants who were more trusting and less curious performed better on a phishing security quiz [24]. In our study, we found that women, who are usually more risk-averse in cyber and other behaviours than men [25], [26], were only less susceptible if they had higher education levels.…”
Section: A Factors That Can Support Phishing Site Identificationmentioning
confidence: 52%
“…Under the guise of ignorance, individuals’ risk attitudes influence their final decision-making [ 68 ]. A risk attitude, for example, may influence one’s ability to recognise phishing attacks correctly [ 68 ].…”
Section: Research Model and Hypotheses Developmentmentioning
confidence: 99%