2019
DOI: 10.2139/ssrn.3317498
|View full text |Cite
|
Sign up to set email alerts
|

Why Employees (Still) Click on Phishing Links: An Investigation in Hospitals

Abstract: Background: Hospitals have been one of the major targets for phishing attacks. Despite efforts to improve information security compliance, hospitals still significantly suffer from such attacks, impacting the quality of care and the safety of patients. Objective: This study aimed to investigate why hospital employees decide to click on phishing emails by analyzing actual clicking data. Methods: We first gauged the factors that influence clicking behavior using the theory of planned behavior (TPB) and integrati… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1

Citation Types

0
20
0

Year Published

2020
2020
2022
2022

Publication Types

Select...
6
1

Relationship

0
7

Authors

Journals

citations
Cited by 10 publications
(20 citation statements)
references
References 92 publications
0
20
0
Order By: Relevance
“…For example, we suspect that the importance of factors may be specific to attack scenarios. This is supported by two very recent studies: van der Heijden and Allodi ( 2019 ) observed that certain short-term and long-term factors (e.g., workload) may be exploited to wage phishing attacks because malicious emails can coincide with high email volume; and Jalali et al ( 2020 ) showed that certain short-term and long-term factors (e.g., high workload and lack of expertise) are two important factors against medical workers. For example, Insight 6 says that awareness and general technical knowledge do not necessarily reduce one's susceptibility to social engineering cyberattacks; however, this may not hold when taking awareness and human cognition functions into consideration.…”
Section: Victim Cognition Through the Lens Of Social Engineering Cmentioning
confidence: 76%
See 1 more Smart Citation
“…For example, we suspect that the importance of factors may be specific to attack scenarios. This is supported by two very recent studies: van der Heijden and Allodi ( 2019 ) observed that certain short-term and long-term factors (e.g., workload) may be exploited to wage phishing attacks because malicious emails can coincide with high email volume; and Jalali et al ( 2020 ) showed that certain short-term and long-term factors (e.g., high workload and lack of expertise) are two important factors against medical workers. For example, Insight 6 says that awareness and general technical knowledge do not necessarily reduce one's susceptibility to social engineering cyberattacks; however, this may not hold when taking awareness and human cognition functions into consideration.…”
Section: Victim Cognition Through the Lens Of Social Engineering Cmentioning
confidence: 76%
“…For example, when an employee attempts to manage several tasks simultaneously (e.g., reply to hundreds of emails in the email inbox while answering calls and an occasional request from the boss), the employee is more likely to overlook cues in phishing messages that might indicate deception. A study that examined actual phishing behavior by sending employees an innocuous phishing email, found that self-perceived work overload was positively associated with the likelihood of clicking on the phishing link (Jalali et al, 2020 ). Vishwanath et al ( 2011 ) investigate the effect of information processing and user's vulnerability to phishing.…”
Section: Victim Cognition Through the Lens Of Social Engineering Cmentioning
confidence: 99%
“…Even when the decision-making style is not the main cause of a successful phishing attack, it can be one of the factors that determine the success or failure of the attack. For instance, the target user might decide to share sensitive, personal information in one of the phishing steps [8,[49][50][51]. A target user might open a phishing email and click on the link as a result of their risk-taking behaviour but may submit their sensitive, personal information on the phishing website due to their decision-making style.…”
Section: B Decision-making Stylementioning
confidence: 99%
“…[13,14]. Nevertheless, the mentioned solutions cannot stop all phishing attempts [2,15]. Scammers design new campaigns to lure victims into falling to phishing by exploiting human psychological weaknesses.…”
Section: Introductionmentioning
confidence: 99%