Cyber-security, Privacy and Ethics of IS
Loading...
Paper Number
1203
Paper Type
Completed
Description
Despite sophisticated phishing email detection systems, and training and awareness programs, humans continue to be tricked by phishing emails. In an attempt to better understand why phishing email attacks still work and how best to mitigate them, we have carried out an empirical study to investigate people’s thought processes when reading their emails. We used a scenario-based role-play “think aloud” method and follow-up interviews to collect data from 19 participants. The experiment was conducted using a simulated web email client, and real phishing and legitimate emails adapted to the given scenario. The analysis of the collected data has enabled us to identify eleven factors that influence people’s response decisions to both phishing and legitimate emails. Furthermore, based on the user study findings, we discuss novel insights into flaws in the general email decision-making behaviors that could make people susceptible to phishing attacks.
Recommended Citation
Jayatilaka, Asangi; Arachchilage, Nalin Asanka Gamagedara; and Ali Babar, M., "Falling for Phishing: An Empirical Investigation into People’s Email Response Behaviors" (2021). ICIS 2021 Proceedings. 1.
https://aisel.aisnet.org/icis2021/cyber_security/cyber_security/1
Falling for Phishing: An Empirical Investigation into People’s Email Response Behaviors
Despite sophisticated phishing email detection systems, and training and awareness programs, humans continue to be tricked by phishing emails. In an attempt to better understand why phishing email attacks still work and how best to mitigate them, we have carried out an empirical study to investigate people’s thought processes when reading their emails. We used a scenario-based role-play “think aloud” method and follow-up interviews to collect data from 19 participants. The experiment was conducted using a simulated web email client, and real phishing and legitimate emails adapted to the given scenario. The analysis of the collected data has enabled us to identify eleven factors that influence people’s response decisions to both phishing and legitimate emails. Furthermore, based on the user study findings, we discuss novel insights into flaws in the general email decision-making behaviors that could make people susceptible to phishing attacks.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.
Comments
07-Security