<b>Research Note</b>—Influence Techniques in Phishing Attacks: An Examination of Vulnerability and Resistance

Wright, Ryan; Jensen, Matthew L.; Thatcher, Jason Bennett; Dinger, Michael; Marett, Kent

doi:10.1287/isre.2014.0522

Cited by 118 publications

(112 citation statements)

References 68 publications

Supporting

Mentioning

103

Contrasting

Order By: Relevance

“…However, research did not come to any strong conclusions about which techniques are the most effective (Sundie, Cialdini, Griskevicius, & Kenrick, 2012). In that context, it seems that each technique's effectiveness is result of the context and the way in which it is employed (Ryan T Wright et al, 2014). Consequently, we have little insight into which technique will be the most effective in a phishing context where we have no clarity on the message source (Ryan T Wright et al, 2014).…”

Section: Theoretical Backgroundmentioning

confidence: 98%

“…Some influence techniques were found to be more effective than others. Specifically, phishing influence techniques that relied on fictitious prior shared experience were found to be less effective than techniques offering a high level of selfdetermination (Ryan T Wright, Jensen, Thatcher, Dinger, & Marett, 2014). Overall, influence techniques, supported by persuasion and motivation theories, can be split into six different categories: liking, reciprocity, social proof, consistency, authority, and scarcity (Cialdini & James, 2009).…”

Section: Theoretical Backgroundmentioning

confidence: 99%

“…In that context, it seems that each technique's effectiveness is result of the context and the way in which it is employed (Ryan T Wright et al, 2014). Consequently, we have little insight into which technique will be the most effective in a phishing context where we have no clarity on the message source (Ryan T Wright et al, 2014). This is particularly true in the SNSs context, where employees generally think that they can easily identify and avoid phishing attacks.…”

Section: Theoretical Backgroundmentioning

confidence: 99%

See 2 more Smart Citations

The dark side of social networking sites:Understanding phishing risks

Silic

Bäck

2016

Computers in Human Behavior

View full text Add to dashboard Cite

LinkedIn, with over 1.5 million Groups, has become a popular place for business employees to create private groups to exchange information and communicate. Recent research on social networking sites (SNSs) has widely explored the phenomenon and its positive effects on firms. However, social networking's negative effects on information security were not adequately addressed. Supported by the credibility, persuasion and motivation theories, we conducted 1) a field experiment, demonstrating how sensitive organizational data can be exploited, followed by 2) a qualitative study of employees engaged in SNSs activities; and 3) interviews with Chief Information Security Officers (CISOs). Our research has resulted in four main findings: 1) employees are easily deceived and susceptible to victimization on SNSs where contextual elements provide psychological triggers to attackers; 2) organizations lack mechanisms to control SNS online security threats, 3) companies need to strengthen their information security policies related to SNSs, where stronger employee identification and authentication is needed, and 4) SNSs have become important security holes where, with the use of social engineering techniques, malicious attacks are easily facilitated.

show abstract

Section: Theoretical Backgroundmentioning

confidence: 98%

Section: Theoretical Backgroundmentioning

confidence: 99%

Section: Theoretical Backgroundmentioning

confidence: 99%

See 1 more Smart Citation

The dark side of social networking sites:Understanding phishing risks

Silic

Bäck

2016

Computers in Human Behavior

View full text Add to dashboard Cite

show abstract

“…Recently, ISec research has turned to collective intelligence via knowledge management systems to leverage the human element by creating human firewalls in identifying malicious email [20]. Leveraging humans and engaging them as an effective countermeasure has proven elusive since it requires them to pay attention to information security warnings, phishing emails, information security training, and notifications [21,36,45,48,49].…”

Section: Attention To Cybersecuritymentioning

confidence: 99%

Can Trust be Trusted in Cybersecurity?

Pienta¹,

Tams²,

Thatcher³

2020

Proceedings of the Annual Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

Human compliance in cybersecurity continues to be a persistent problem for organizations. This researchin-progress advances theoretical understanding of the negative effects of trust formed between individuals and the cybersecurity function (i.e., those responsible for protection), cybersecurity system (i.e., the protective technologies), and organization (i.e., those verifying (e.g., hiring, championing, vouching.) the cybersecurity department) that leads to suboptimal compliance behaviors. In contrast to the current information security literature that focuses on how organizations can induce compliance, this study begins to provide understanding into the degradation of compliance through organizational actions. Additionally, understanding is provided on how to combat the negative effects of trust. An integrated model is conceptualized using the theories of trust and attention. This model provides the theoretical foundation to study the role of dark side trust in the context of cybersecurity and provides initial mechanisms to reduce it. By developing this conceptualization of dark side trust and model, this study contributes to the general study of trust in information systems research outside of the domain of cybersecurity.

show abstract

“…When phishers succeed in convincing the receivers that the mail is authentic, the next step is to persuade the recipient that sharing personal information is required. Here, social engineering strategies that have proven to be effective are 'liking' (i.e., pretending to be a person, organization or company the recipient likes and trusts) (Jagatic et al, 2007;Wright et al, 2014), 'reciprocity' (i.e., giving people the impression they have to return a favor), 'social proof' (i.e., claiming other people have shared their personal details as well), 'scarcity' (i.e., giving the impression that an opportunity is limited) (Wright et al, 2014) and 'authority' (i.e., pretending to be an authority figure) (Butavicius et al, 2015).…”

Section: Characteristics Of the Phishing Messagementioning

confidence: 99%

You’ve got mail! Explaining individual differences in becoming a phishing target

Kimpe

Walrave

Hardyns

et al. 2018

Telematics and Informatics

View full text Add to dashboard Cite

A B S T R A C TAlthough phishing is a form of cybercrime that internet users get confronted with rather frequently, many people still get deceived by these practices. Since receiving phishing e-mails is an important prerequisite of victimization, this study focusses on becoming a phishing target. More precisely, we use an integrative lifestyle exposure model to study the effects of risky online routine activities that make a target more likely to come across a motivated offender. Insights of the lifestyle exposure model are combined with propensity theories in order to determine which role impulsivity plays in phishing targeting. To achieve these objectives, data collected in 2016 from a representative sample (n = 723) were used. Support was found for a relationship between both online purchasing behavior and digital copying behavior, and phishing targeting. Moreover, a relationship was found between all online activities (except for online purchasing behavior) and impulsivity. The present study thus suggests that especially online shoppers and users who often share and use copied files online should be trained to deal with phishing attacks appropriately.

show abstract

Research Note—Influence Techniques in Phishing Attacks: An Examination of Vulnerability and Resistance

Cited by 118 publications

References 68 publications

The dark side of social networking sites:Understanding phishing risks

The dark side of social networking sites:Understanding phishing risks

Can Trust be Trusted in Cybersecurity?

You’ve got mail! Explaining individual differences in becoming a phishing target

Contact Info

Product

Resources

About