Phishing emails are communications that are sent out in mass and are designed with the goal of obtaining sensitive information, installing malware on a user's machine, or gaining access to a network. Training users about the dangers of phishing emails is common in organizations, but users will still frequently fall victim to phishing attacks. Organizations may feel that they are doing the necessary actions, such as providing user security training, to mitigate the risk of users' lack of secure behavior. Organizations are faced with the challenge of the human element; the most undependable and uncontrollable part of an information system. As time has progressed, corporations are beginning to understand that they must put measures and controls into their security IT to mitigate the possible problems that arise from human interaction with IT. This research attempts to explore suspicion as it relates to emails and how-to better train individuals to recognize illegitimate emails.
Coppola, Jonathan and House, Deanna, "Suspicion in Phishing and Organization Risk" (2019). SAIS 2019 Proceedings. 40.