Abstract

Organizations are increasingly becoming the target of phishing attacks, and victimization is typically accompanied by financial loss, disclosure of private information, and reputational damage. Building on existing persuasion and phishing literature, we argue that shared industry practices, values, and assumptions alter the effectiveness of phishing influence techniques. We tested our hypotheses with a quasi-experiment (n = 10,967) using a secondary dataset containing the results of mock phishing attacks sent to 30 finance and 15 non-finance organizations. Results demonstrated variability in susceptibility to phishing influence techniques due to industry. Consistent with our theorizing, phishing techniques such as liking were more effective among non-finance organizations and social proof, reciprocity, and authority were more effective among finance organizations. These findings address past inconsistencies in empirical phishing research and offer support for a more nuanced perspective concerning phishing susceptibility due to industry characteristics. Theoretical and practical implications are discussed.

Share

COinS