Why do people get phished? Testing individual differences in phishing vulnerability within an integrated, information processing model

Authors:
Arun Vishwanath;Tejaswini Herath;Rui Chen;Jingguo Wang;H. Raghav Rao
Affiliations:
Department of Communication, Management Science and Systems, 333 Lord Christopher Baldy Hall, State University of New York at Buffalo, Buffalo, NY 14260, United States;Department of Finance, Operations and Information Systems, Brock University, Canada;Department of Information Systems and Operations Management, Ball State University, United States;Department of Information Systems and Operations Management, University of Texas at Arlington, United States;Management Science and Systems, State University of New York at Buffalo, United States
Venue:
Decision Support Systems
Year:
2011

Citing 13
Cited 2

Computer self-efficacy: development of a measure and initial test

MIS Quarterly
Admediation: New Horizons in Effective Email Advertising

Communications of the ACM
Cognitive style may mitigate the impact of communication mode

Information and Management
Risk profile and consumer shopping behavior in electronic and traditional channels

Decision Support Systems
Why phishing works

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Decision strategies and susceptibility to phishing

SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Social phishing

Communications of the ACM
Behavioral response to phishing risk

Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit
The impact of personality type on purchasing decisions in virtual stores

Information Technology and Management
Wisecrackers: A theory-grounded investigation of phishing and pretext social engineering threats to information security

Journal of the American Society for Information Science and Technology
Assessing anti-phishing preparedness: A study of online banks in Hong Kong

Decision Support Systems
Technical opinion: What drives the adoption of antiphishing measures by Hong Kong banks?

Communications of the ACM - A Blind Person's Interaction with Technology
What instills trust? a qualitative study of phishing

FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security

OTO: online trust oracle for user-centric trust establishment

Proceedings of the 2012 ACM conference on Computer and communications security
A multi-tier phishing detection and filtering approach

Journal of Network and Computer Applications

Quantified Score

Hi-index	0.00

Visualization

Abstract

This research presents an integrated information processing model of phishing susceptibility grounded in the prior research in information process and interpersonal deception. We refine and validate the model using a sample of intended victims of an actual phishing attack. The data provides strong support for the model's theoretical structure and causative sequence. Overall, the model explains close to 50% of the variance in individual phishing susceptibility. The results indicate that most phishing emails are peripherally processed and individuals make decisions based on simple cues embedded in the email. Interestingly, urgency cues in the email stimulated increased information processing thereby short circuiting the resources available for attending to other cues that could potentially help detect the deception. Additionally, the findings suggest that habitual patterns of media use combined with high levels of email load have a strong and significant influence on individuals' likelihood to be phished. Consistent with social cognitive theory, computer self-efficacy was found to significantly influence elaboration, but its influence was diminished by domain specific-knowledge.