Paper Type
Complete
Abstract
Phishing remains a substantial threat, particularly in the context of email phishing. This study examines phishing susceptibility within an organizational setting, exploring how contextual factors influence cognitive processing and subsequent behavioral responses. While extant research has predominantly utilized quantitative methodologies to examine attack and target factors, our qualitative, exploratory approach integrates a realistic phishing campaign with in-depth interviews to reveal the role of context. The study's findings underscore that organizational context, such as the anticipation of a new CEO's arrival, can enhance the credibility of phishing emails, prompting heuristic processing even among security-aware employees. In addition, high workload has been shown to result in heuristic processing, as well as in postponed evaluation and more systematic processing, thereby reducing phishing susceptibility. Furthermore, the study underscores the influence of technical security and security awareness on susceptibility, emphasizing the necessity for context-aware defense strategies in corporate settings.
Paper Number
1478
Recommended Citation
Hable, Fabian; Schirrmacher, Nina-Birte; and van den Hooff, Bart, "Phishing Attacks in Context: Organizational Factors Shaping Phishing Susceptibility" (2025). AMCIS 2025 Proceedings. 26.
https://aisel.aisnet.org/amcis2025/sig_sec/sig_sec/26
Phishing Attacks in Context: Organizational Factors Shaping Phishing Susceptibility
Phishing remains a substantial threat, particularly in the context of email phishing. This study examines phishing susceptibility within an organizational setting, exploring how contextual factors influence cognitive processing and subsequent behavioral responses. While extant research has predominantly utilized quantitative methodologies to examine attack and target factors, our qualitative, exploratory approach integrates a realistic phishing campaign with in-depth interviews to reveal the role of context. The study's findings underscore that organizational context, such as the anticipation of a new CEO's arrival, can enhance the credibility of phishing emails, prompting heuristic processing even among security-aware employees. In addition, high workload has been shown to result in heuristic processing, as well as in postponed evaluation and more systematic processing, thereby reducing phishing susceptibility. Furthermore, the study underscores the influence of technical security and security awareness on susceptibility, emphasizing the necessity for context-aware defense strategies in corporate settings.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.
Comments
SIGSEC