To Click or Not to Click? Deciding to Trust or Distrust Phishing Emails

Arduin, Pierre‐Emmanuel

doi:10.1007/978-3-030-46224-6_6

Cited by 4 publications

(2 citation statements)

References 50 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this section, we first describe the experimental protocol we used to conduct a study with 249 participants on how they interpreted phishing emails, and then decided to trust or distrust them. Second, we discuss the results that were already partially presented by Arduin (2020) during the EWG‐DSS

\text{sixth}

ICDSST 2020 “Cognitive Decision Support Systems and Technologies” held by the Faculty of Economics and Business, Zaragoza, Spain. Third, we present some examples of “trust‐optimized” phishing emails and discuss the limits and ethical implications of this research.…”

Section: Research Proposal and Experimental Protocolmentioning

confidence: 99%

A cognitive approach to the decision to trust or distrust phishing emails

Arduin

2021

Int Trans Operational Res

View full text Add to dashboard Cite

When interacting with computers or digital artifacts, individuals tend to replicate interpersonal trust and distrust mechanisms to calibrate their trust. Such mechanisms involve cognitive processes that individuals rely on before making a decision to trust or distrust. With the worldwide increase in email traffic, both the academic literature and professionals warn of insider threats, that is, coming from inside an organization, in particular those created by legitimate users who have decided to trust a phishing email. This article offers a cognitive approach to the decision whether to trust a phishing email. After reviewing the literature on decision making concerning a cognitive perspective, interpretation, trust, distrust, online deception, and insider threats, we present a study conducted on 249 participants designed to ascertain how they interpreted phishing emails and decided whether or not to trust them. We noted that certain elements eliciting trust or distrust remained invariable regardless of the participant. We show examples of phishing emails designed to maximize (or minimize) the decision to trust (or distrust), and lastly consider the limitations and ethical questions raised by this research.

show abstract

\text{sixth}

Section: Research Proposal and Experimental Protocolmentioning

confidence: 99%

A cognitive approach to the decision to trust or distrust phishing emails

Arduin

2021

Int Trans Operational Res

View full text Add to dashboard Cite

show abstract

“…Knowledge can be categorized into explicit and implicit knowledge. Explicit knowledge is usually gained through S Tian and Jensen [53] S Arduin [54] M learning and direct training, whereas implicit knowledge is gained from experiences, especially after encountering phishing attacks. Studies have found that, the more individuals are familiar with computers and technology, the more capable individuals would be in coping with phishing emails [57].…”

Section: A Stage One: Long-term Stablementioning

confidence: 99%

SoK: Human-Centered Phishing Susceptibility

Zhuo¹,

Biddle²,

Koh³

et al. 2022

Preprint

View full text Add to dashboard Cite

Phishing is recognised as a serious threat to organisations and individuals. While there have been significant technical advances in blocking phishing attacks, people remain the last line of defence after phishing emails reach their email client. Most of the existing literature on this subject has focused on the technical aspects related to phishing. However, the factors that cause humans to be susceptible to phishing attacks are still not well-understood. To fill this gap, we reviewed the available literature and we propose a three-stage Phishing Susceptibility Model (PSM) for explaining how humans are involved in phishing detection and prevention, and we systematically investigate the phishing susceptibility variables studied in the literature and taxonomize them using our model. This model reveals several research gaps that need to be addressed to improve users' detection performance. We also propose a practical impact assessment of the value of studying the phishing susceptibility variables, and quality of evidence criteria. These can serve as guidelines for future research to improve experiment design, result quality, and increase the reliability and generalizability of findings.

show abstract

SoK: Human-centered Phishing Susceptibility

Zhuo

Biddle

Koh

et al. 2023

ACM Trans. Priv. Secur.

View full text Add to dashboard Cite

Phishing is recognized as a serious threat to organizations and individuals. While there have been significant technical advances in blocking phishing attacks, end users remain the last line of defence after phishing emails reach their email inboxes. Most of the existing literature on this subject has focused on the technical aspects related to phishing. The factors that cause humans to be susceptible to phishing attacks are still not well-understood. To fill this gap, we reviewed the available literature and systematically categorised the phishing susceptibility variables studied. We classify variables based on their temporal scope which led us to propose a three-stage Phishing Susceptibility Model (PSM) for explaining how humans are vulnerable to phishing attacks. This model reveals several research gaps that need to be addressed to understand and improve protection against phishing susceptibility. Our review also systematizes existing studies by their sample size and generalizability, and further suggests a practical impact assessment of the value of studying variables: some more easily lead to improvements than others. We believe that this paper can provide guidelines for future phishing susceptibility research to improve experiment design and the quality of findings.

show abstract

To Click or Not to Click? Deciding to Trust or Distrust Phishing Emails

Cited by 4 publications

References 50 publications

A cognitive approach to the decision to trust or distrust phishing emails

A cognitive approach to the decision to trust or distrust phishing emails

SoK: Human-Centered Phishing Susceptibility

SoK: Human-centered Phishing Susceptibility

Contact Info

Product

Resources

About