Phishing attempts among the dark triad: Patterns of attack and vulnerability

Curtis, Shelby R.; Rajivan, Prashanth; Jones, Daniel N.; González, Cleotilde

doi:10.1016/j.chb.2018.05.037

Cited by 51 publications

(19 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This mirrors previous research (e.g. [26], [27]) that has also used a scale response method to emulate the range of response behaviors that a user may engage in, each of which carries with it a varying level of vulnerability. For example, simply opening the email itself carries a level of risk if embedded images are automatically downloaded, whilst clicking on the link within an email shows a greater level of vulnerability, but entering personal details on a linked web page demonstrates an even higher level.…”

Section: Introductionsupporting

confidence: 69%

Email fraud: The search for psychological predictors of susceptibility

et al. 2019

View full text Add to dashboard Cite

Decisions that we make about email legitimacy can result in a pernicious threat to security of both individuals and organisations. Yet user response to phishing emails is far from uniform; some respond while others do not. What is the source of this diversity in decision-making? From a psychological perspective, we consider cognitive and situational influences that might explain why certain users are more susceptible than others. Alongside an email judgment task employed as a proxy for fraud susceptibility, 224 participants completed a range of cognitive tasks. In addition, we manipulated time pressure for email legitimacy judgments. We identify cognitive reflection and sensation seeking as significant, albeit modest, predictors of susceptibility. Further to this, participants asked to make quicker responses made more judgment errors. We conclude there are cognitive signatures that partially contribute to email fraud susceptibility, with implications for efforts to limit online security breaches and train secure behaviors.

show abstract

Section: Introductionsupporting

confidence: 69%

Email fraud: The search for psychological predictors of susceptibility

et al. 2019

View full text Add to dashboard Cite

show abstract

“…Other studies concentrated on phishing scams to identify the influence of individual differences and other factors, such as demographics, on a user's response to phishing attempts or phishing susceptibility [31][32][33][34]. While most of the studies investigated the effects of individual differences on a user's responses to phishing in general, the present study concentrates on the effects of user's behaviour during the different steps of a phishing process.…”

Section: Background and Hypothesis Developmentmentioning

confidence: 99%

“…The participants in the study were 62.2% female (84 participants) and 37.8% male (51 participants). Age ranged from 18 to 45 years old (three age groups of 18-25, [26][27][28][29][30][31][32][33][34][35][36][37][38][39][40][41][42][43][44][45]. All the participants were university students, researchers, or had recently completed one level of higher-level education and were preparing to continue their education.…”

Section: A Demographicsmentioning

confidence: 99%

Phishing Happens Beyond Technology: The Effects of Human Behaviors and Demographics on Each Step of a Phishing Process

et al. 2021

View full text Add to dashboard Cite

Prior studies have shown that the behaviours and attitudes of Internet users influence the likelihood of being victimised by phishing attacks. Many scammers design a step-by-step approach to phishing in order to gain the potential victim's trust and convince them to take the desired actions. It is important to understand which behaviours and attitudes can influence following the attacker in each step of a phishing scam. This will enable us to identify the root causes of phishing and to develop specific mitigation plans for each step of the phishing process and to increase prevention points. This study investigates to what extent people's risk-taking and decision-making styles influence the likelihood of phishing victimisation in three specific phishing steps. We asked participants to play a risk-taking game and to answer questions related to two psychological scales to measure their behaviours, and then conducted a simulated phishing campaign to assess their phishability throughout the three phishing steps selected. We find that the attitude to risk-taking and gender can predict users' phishability in the different steps selected. There are however other possible direct and indirect behavioural factors that could be investigated in future studies. The results of this study and the model developed can be used to build a comprehensive framework to prevent the success of phishing attempts, starting from their root causes.

show abstract

“…They believe that logo extraction can be improved in the future. Authors in Curtis et al [ 21 ] introduced the dark triad attacker’s concepts. They used a dark triad score to complete the 27 items short dark triad with both attackers.…”

Section: Literature Surveymentioning

confidence: 99%

A comprehensive survey of AI-enabled phishing attacks detection techniques

et al. 2020

View full text Add to dashboard Cite

In recent times, a phishing attack has become one of the most prominent attacks faced by internet users, governments, and service-providing organizations. In a phishing attack, the attacker(s) collects the client’s sensitive data (i.e., user account login details, credit/debit card numbers, etc.) by using spoofed emails or fake websites. Phishing websites are common entry points of online social engineering attacks, including numerous frauds on the websites. In such types of attacks, the attacker(s) create website pages by copying the behavior of legitimate websites and sends URL(s) to the targeted victims through spam messages, texts, or social networking. To provide a thorough understanding of phishing attack(s), this paper provides a literature review of Artificial Intelligence (AI) techniques: Machine Learning, Deep Learning, Hybrid Learning, and Scenario-based techniques for phishing attack detection. This paper also presents the comparison of different studies detecting the phishing attack for each AI technique and examines the qualities and shortcomings of these methodologies. Furthermore, this paper provides a comprehensive set of current challenges of phishing attacks and future research direction in this domain.

show abstract

Phishing attempts among the dark triad: Patterns of attack and vulnerability

Cited by 51 publications

References 36 publications

Email fraud: The search for psychological predictors of susceptibility

Email fraud: The search for psychological predictors of susceptibility

Phishing Happens Beyond Technology: The Effects of Human Behaviors and Demographics on Each Step of a Phishing Process

A comprehensive survey of AI-enabled phishing attacks detection techniques

Contact Info

Product

Resources

About