Location
260-005, Owen G. Glenn Building
Start Date
12-15-2014
Description
Phishing threatens the information security of Internet users and corporations. Where most research focuses on the phisher’s website, i.e., how to determine if a website is legitimate, this study examines the email that begins the phishing process. To understand why Internet consumers respond to phisher’s emails by sharing sensitive information, we draw on models of e-commerce deception to explain the efficacy of phishing strategies. To test our hypotheses, we conducted a field experiment that manipulated the content of phishing emails. Consistent with our hypotheses, we found content manipulations improved the likelihood of our subjects’ conveying sensitive information. Further, we found that cognitive processes can influence a consumer’s likelihood of being deceived. However, hypotheses about deception support mechanisms and presentation manipulations were not supported. In sum, we find support for the general theory of ecommerce deception as well as our cognitive processing explanations for phishing’s effectiveness.
Recommended Citation
Wright, Ryan; Marett, Kent; and Thatcher, Jason, "Extending Ecommerce Deception Theory to Phishing" (2014). ICIS 2014 Proceedings. 16.
https://aisel.aisnet.org/icis2014/proceedings/ISSecurity/16
Extending Ecommerce Deception Theory to Phishing
260-005, Owen G. Glenn Building
Phishing threatens the information security of Internet users and corporations. Where most research focuses on the phisher’s website, i.e., how to determine if a website is legitimate, this study examines the email that begins the phishing process. To understand why Internet consumers respond to phisher’s emails by sharing sensitive information, we draw on models of e-commerce deception to explain the efficacy of phishing strategies. To test our hypotheses, we conducted a field experiment that manipulated the content of phishing emails. Consistent with our hypotheses, we found content manipulations improved the likelihood of our subjects’ conveying sensitive information. Further, we found that cognitive processes can influence a consumer’s likelihood of being deceived. However, hypotheses about deception support mechanisms and presentation manipulations were not supported. In sum, we find support for the general theory of ecommerce deception as well as our cognitive processing explanations for phishing’s effectiveness.