Abstract
Phishing emails employ a multitude of persuasion techniques that may include reward schemes (such as a gift coupon), losses (such as a social urgency), the commonality of email structure and design, or related to a recent topic. These persuasion techniques appeal individual users to respond and share personal information by clicking on the URL shared via the email. In this study, we conducted a detailed investigation through a social experiment and identified those predictors of phishing emails, which makes them trustworthy. We considered the following persuasion techniques: (a) loss-based; (b) reward-based, (c) design authenticity, and (d) reference to a relevant topic. Additionally, we considered whether the cyber-hygiene of the participants could moderate persuasive factors and mislead the user to click on the link. We grounded our findings in behavioral IS theories that explain human susceptibility to phishing. We recommend that loss-based persuasion and design similarity are the two most influential factors that contribute to phishing attacks. Further, presence of prior cyber-hygiene knowledge and contextualized emails can moderate the actual user response towards phishing emails.
Recommended Citation
Biswas, Baidyanath and Mukhopadhyay, Arunabha, "Why do I get phished? The role of persuasion, design authenticity and contextualization" (2019). AMCIS 2019 Proceedings. 28.
https://aisel.aisnet.org/amcis2019/info_security_privacy/info_security_privacy/28
Why do I get phished? The role of persuasion, design authenticity and contextualization
Phishing emails employ a multitude of persuasion techniques that may include reward schemes (such as a gift coupon), losses (such as a social urgency), the commonality of email structure and design, or related to a recent topic. These persuasion techniques appeal individual users to respond and share personal information by clicking on the URL shared via the email. In this study, we conducted a detailed investigation through a social experiment and identified those predictors of phishing emails, which makes them trustworthy. We considered the following persuasion techniques: (a) loss-based; (b) reward-based, (c) design authenticity, and (d) reference to a relevant topic. Additionally, we considered whether the cyber-hygiene of the participants could moderate persuasive factors and mislead the user to click on the link. We grounded our findings in behavioral IS theories that explain human susceptibility to phishing. We recommend that loss-based persuasion and design similarity are the two most influential factors that contribute to phishing attacks. Further, presence of prior cyber-hygiene knowledge and contextualized emails can moderate the actual user response towards phishing emails.