Contextual Influences on Phishing Susceptibility: A Qualitative Comparative Analysis

Authors

Fabian Hable
Bart van den Hooff
Nina-Birte Schirrmacher

Abstract

Phishing represents a pervasive form of social engineering, whereby the objective is to gain access to sensitive personal information through the use of deceptive emails. Despite extensive research on the internal factors – those inherent to the prospective target and beyond the control of organizational interventions – influencing phishing susceptibility, there has been comparatively little investigation of the external factors in a corporate setting. This study examined the influence of external factors, such as organizational context, environmental conditions, and the phishing attack itself, on phishing susceptibility within a corporate context. Towards this, a phishing campaign was conducted in a European-based manufacturing company. To identify all relevant external factors, we conducted interviews with employees targeted by the campaign and used a grounded theory approach. Next, we will investigate how configurations of external factors influence employee phishing susceptibility using a fuzzy-set qualitative comparative analysis (fsQCA). Thereby, this study seeks to contribute to the literature on phishing susceptibility.

Recommended Citation

Hable, Fabian; van den Hooff, Bart; and Schirrmacher, Nina-Birte, "Contextual Influences on Phishing Susceptibility: A Qualitative Comparative Analysis" (2024). WISP 2024 Proceedings. 13.
https://aisel.aisnet.org/wisp2024/13