Individual processing of phishing emails: how attention and elaboration protect against phishing

Brynne Harrison; Elena Svetieva; Arun Vishwanath

doi:10.1108/OIR-04-2015-0106

Individual processing of phishing emails: how attention and elaboration protect against phishing

Brynne Harrison
, Elena Svetieva
, Arun Vishwanath^*

^*Autor correspondente para este trabalho

Resultado de pesquisa › revisão de pares

97 Citações (Scopus)

Resumo

Purpose - The purpose of this paper is to explore user susceptibility to phishing by unpacking the mechanisms that may influence individual victimization. The focus is on the characteristics of the e-mail message, users' knowledge and experience with phishing, and the manner in which these interact and influence how users cognitively process phishing e-mails. Design/methodology/approach - A field experiment was conducted where 194 subjects were exposed to a real phishing attack. The experimenters manipulated the contents of the message and measures of user traits and user processing were obtained after the phishing attack. Findings - Of the original list of targets, 47 percent divulged their private information to a bogus form page. Phishing susceptibility was predicted by a particular combination of both low attention to the e-mail elements and high elaboration of the phishing message. The presence of a threat or reward-based phishing message did not affect these processes, nor did it affect subsequent phishing susceptibility. Finally, individual factors such as knowledge and experience with e-mail increased resilience to the phishing attack. Research limitations/implications - The findings are generalizable to students who are a particularly vulnerable target of phishing attacks. Practical implications - The results presented in this study provide pragmatic recommendations for developing user-centered interventions to thwart phishing attacks. Lastly the authors suggest more effective educational efforts to protect individuals from such online fraud. Originality/value - This study provides novel insight into why phishing is successful, the human factor in susceptibility to online deception as well the role of information processing in effective decision making in this context. Based on the findings, the authors dispel common misconceptions about phishing and discuss more effective educational efforts to protect individuals from such online fraud.

Idioma original	English
Páginas (de-até)	265-281
Número de páginas	17
Revista	Online Information Review
Volume	40
Número de emissão	2
DOIs	https://doi.org/10.1108/OIR-04-2015-0106
Estado da publicação	Publicado - 11 abr. 2016

Acesso ao documento

10.1108/OIR-04-2015-0106

Outros arquivos e links

Link to publication in Scopus

Citação

@article{4e70a5ac5cea496f9579ce0b13a9fa56,

title = "Individual processing of phishing emails: how attention and elaboration protect against phishing",

abstract = "Purpose - The purpose of this paper is to explore user susceptibility to phishing by unpacking the mechanisms that may influence individual victimization. The focus is on the characteristics of the e-mail message, users' knowledge and experience with phishing, and the manner in which these interact and influence how users cognitively process phishing e-mails. Design/methodology/approach - A field experiment was conducted where 194 subjects were exposed to a real phishing attack. The experimenters manipulated the contents of the message and measures of user traits and user processing were obtained after the phishing attack. Findings - Of the original list of targets, 47 percent divulged their private information to a bogus form page. Phishing susceptibility was predicted by a particular combination of both low attention to the e-mail elements and high elaboration of the phishing message. The presence of a threat or reward-based phishing message did not affect these processes, nor did it affect subsequent phishing susceptibility. Finally, individual factors such as knowledge and experience with e-mail increased resilience to the phishing attack. Research limitations/implications - The findings are generalizable to students who are a particularly vulnerable target of phishing attacks. Practical implications - The results presented in this study provide pragmatic recommendations for developing user-centered interventions to thwart phishing attacks. Lastly the authors suggest more effective educational efforts to protect individuals from such online fraud. Originality/value - This study provides novel insight into why phishing is successful, the human factor in susceptibility to online deception as well the role of information processing in effective decision making in this context. Based on the findings, the authors dispel common misconceptions about phishing and discuss more effective educational efforts to protect individuals from such online fraud.",

keywords = "Experimental study, Online cognitive processing, Online deception, Phishing",

author = "Brynne Harrison and Elena Svetieva and Arun Vishwanath",

year = "2016",

month = apr,

day = "11",

doi = "10.1108/OIR-04-2015-0106",

language = "English",

volume = "40",

pages = "265--281",

journal = "Online Information Review",

issn = "1468-4527",

publisher = "Emerald Publishing",

number = "2",

}

TY - JOUR

T1 - Individual processing of phishing emails

T2 - how attention and elaboration protect against phishing

AU - Harrison, Brynne

AU - Svetieva, Elena

AU - Vishwanath, Arun

PY - 2016/4/11

Y1 - 2016/4/11

N2 - Purpose - The purpose of this paper is to explore user susceptibility to phishing by unpacking the mechanisms that may influence individual victimization. The focus is on the characteristics of the e-mail message, users' knowledge and experience with phishing, and the manner in which these interact and influence how users cognitively process phishing e-mails. Design/methodology/approach - A field experiment was conducted where 194 subjects were exposed to a real phishing attack. The experimenters manipulated the contents of the message and measures of user traits and user processing were obtained after the phishing attack. Findings - Of the original list of targets, 47 percent divulged their private information to a bogus form page. Phishing susceptibility was predicted by a particular combination of both low attention to the e-mail elements and high elaboration of the phishing message. The presence of a threat or reward-based phishing message did not affect these processes, nor did it affect subsequent phishing susceptibility. Finally, individual factors such as knowledge and experience with e-mail increased resilience to the phishing attack. Research limitations/implications - The findings are generalizable to students who are a particularly vulnerable target of phishing attacks. Practical implications - The results presented in this study provide pragmatic recommendations for developing user-centered interventions to thwart phishing attacks. Lastly the authors suggest more effective educational efforts to protect individuals from such online fraud. Originality/value - This study provides novel insight into why phishing is successful, the human factor in susceptibility to online deception as well the role of information processing in effective decision making in this context. Based on the findings, the authors dispel common misconceptions about phishing and discuss more effective educational efforts to protect individuals from such online fraud.

AB - Purpose - The purpose of this paper is to explore user susceptibility to phishing by unpacking the mechanisms that may influence individual victimization. The focus is on the characteristics of the e-mail message, users' knowledge and experience with phishing, and the manner in which these interact and influence how users cognitively process phishing e-mails. Design/methodology/approach - A field experiment was conducted where 194 subjects were exposed to a real phishing attack. The experimenters manipulated the contents of the message and measures of user traits and user processing were obtained after the phishing attack. Findings - Of the original list of targets, 47 percent divulged their private information to a bogus form page. Phishing susceptibility was predicted by a particular combination of both low attention to the e-mail elements and high elaboration of the phishing message. The presence of a threat or reward-based phishing message did not affect these processes, nor did it affect subsequent phishing susceptibility. Finally, individual factors such as knowledge and experience with e-mail increased resilience to the phishing attack. Research limitations/implications - The findings are generalizable to students who are a particularly vulnerable target of phishing attacks. Practical implications - The results presented in this study provide pragmatic recommendations for developing user-centered interventions to thwart phishing attacks. Lastly the authors suggest more effective educational efforts to protect individuals from such online fraud. Originality/value - This study provides novel insight into why phishing is successful, the human factor in susceptibility to online deception as well the role of information processing in effective decision making in this context. Based on the findings, the authors dispel common misconceptions about phishing and discuss more effective educational efforts to protect individuals from such online fraud.

KW - Experimental study

KW - Online cognitive processing

KW - Online deception

KW - Phishing

UR - https://www.scopus.com/pages/publications/84962381638

U2 - 10.1108/OIR-04-2015-0106

DO - 10.1108/OIR-04-2015-0106

M3 - Article

AN - SCOPUS:84962381638

SN - 1468-4527

VL - 40

SP - 265

EP - 281

JO - Online Information Review

JF - Online Information Review

IS - 2

ER -

Individual processing of phishing emails: how attention and elaboration protect against phishing

Resumo

Acesso ao documento

Outros arquivos e links

Impressão digital

Citação