PACIS 2019 Proceedings


Hackers who engage in phishing manipulate their victims into revealing confidential information by exploiting their motives, habits and cognitive biases. Drawing on heuristic-systematic processing and anchoring effects, this study examines how the contextualisation of phishing messages, by modifying their framing and content, affects individual susceptibility to phishing. This study also investigates if there is a discrepancy between how individuals believe they will react to phishing attempts and their actual reactions. Using two fake phishing campaigns and an online survey, we find that individuals are more susceptible to phishing attempts when the phishing messages they receive are specific to their context, thereby appealing to their psychological vulnerabilities. There is also a significant gap between how individuals believe they will react and their actual reactions to phishing attempts. Finally, we find that these results vary by gender.