TY - JOUR
T1 - Individual processing of phishing emails
T2 - how attention and elaboration protect against phishing
AU - Harrison, Brynne
AU - Svetieva, Elena
AU - Vishwanath, Arun
N1 - Publisher Copyright:
© Emerald Group Publishing Limited 2016.
Copyright:
Copyright 2017 Elsevier B.V., All rights reserved.
PY - 2016/4/11
Y1 - 2016/4/11
N2 - Purpose - The purpose of this paper is to explore user susceptibility to phishing by unpacking the mechanisms that may influence individual victimization. The focus is on the characteristics of the e-mail message, users' knowledge and experience with phishing, and the manner in which these interact and influence how users cognitively process phishing e-mails. Design/methodology/approach - A field experiment was conducted where 194 subjects were exposed to a real phishing attack. The experimenters manipulated the contents of the message and measures of user traits and user processing were obtained after the phishing attack. Findings - Of the original list of targets, 47 percent divulged their private information to a bogus form page. Phishing susceptibility was predicted by a particular combination of both low attention to the e-mail elements and high elaboration of the phishing message. The presence of a threat or reward-based phishing message did not affect these processes, nor did it affect subsequent phishing susceptibility. Finally, individual factors such as knowledge and experience with e-mail increased resilience to the phishing attack. Research limitations/implications - The findings are generalizable to students who are a particularly vulnerable target of phishing attacks. Practical implications - The results presented in this study provide pragmatic recommendations for developing user-centered interventions to thwart phishing attacks. Lastly the authors suggest more effective educational efforts to protect individuals from such online fraud. Originality/value - This study provides novel insight into why phishing is successful, the human factor in susceptibility to online deception as well the role of information processing in effective decision making in this context. Based on the findings, the authors dispel common misconceptions about phishing and discuss more effective educational efforts to protect individuals from such online fraud.
AB - Purpose - The purpose of this paper is to explore user susceptibility to phishing by unpacking the mechanisms that may influence individual victimization. The focus is on the characteristics of the e-mail message, users' knowledge and experience with phishing, and the manner in which these interact and influence how users cognitively process phishing e-mails. Design/methodology/approach - A field experiment was conducted where 194 subjects were exposed to a real phishing attack. The experimenters manipulated the contents of the message and measures of user traits and user processing were obtained after the phishing attack. Findings - Of the original list of targets, 47 percent divulged their private information to a bogus form page. Phishing susceptibility was predicted by a particular combination of both low attention to the e-mail elements and high elaboration of the phishing message. The presence of a threat or reward-based phishing message did not affect these processes, nor did it affect subsequent phishing susceptibility. Finally, individual factors such as knowledge and experience with e-mail increased resilience to the phishing attack. Research limitations/implications - The findings are generalizable to students who are a particularly vulnerable target of phishing attacks. Practical implications - The results presented in this study provide pragmatic recommendations for developing user-centered interventions to thwart phishing attacks. Lastly the authors suggest more effective educational efforts to protect individuals from such online fraud. Originality/value - This study provides novel insight into why phishing is successful, the human factor in susceptibility to online deception as well the role of information processing in effective decision making in this context. Based on the findings, the authors dispel common misconceptions about phishing and discuss more effective educational efforts to protect individuals from such online fraud.
KW - Experimental study
KW - Online cognitive processing
KW - Online deception
KW - Phishing
UR - http://www.scopus.com/inward/record.url?scp=84962381638&partnerID=8YFLogxK
U2 - 10.1108/OIR-04-2015-0106
DO - 10.1108/OIR-04-2015-0106
M3 - Article
AN - SCOPUS:84962381638
SN - 1468-4527
VL - 40
SP - 265
EP - 281
JO - Online Information Review
JF - Online Information Review
IS - 2
ER -