Brynne Harrison, Elena Svetieva and Arun Vishwanath
The purpose of this paper is to explore user susceptibility to phishing by unpacking the mechanisms that may influence individual victimization. The focus is on the…
Abstract
Purpose
The purpose of this paper is to explore user susceptibility to phishing by unpacking the mechanisms that may influence individual victimization. The focus is on the characteristics of the e-mail message, users’ knowledge and experience with phishing, and the manner in which these interact and influence how users cognitively process phishing e-mails.
Design/methodology/approach
A field experiment was conducted where 194 subjects were exposed to a real phishing attack. The experimenters manipulated the contents of the message and measures of user traits and user processing were obtained after the phishing attack.
Findings
Of the original list of targets, 47 percent divulged their private information to a bogus form page. Phishing susceptibility was predicted by a particular combination of both low attention to the e-mail elements and high elaboration of the phishing message. The presence of a threat or reward-based phishing message did not affect these processes, nor did it affect subsequent phishing susceptibility. Finally, individual factors such as knowledge and experience with e-mail increased resilience to the phishing attack.
Research limitations/implications
The findings are generalizable to students who are a particularly vulnerable target of phishing attacks.
Practical implications
The results presented in this study provide pragmatic recommendations for developing user-centered interventions to thwart phishing attacks. Lastly the authors suggest more effective educational efforts to protect individuals from such online fraud.
Originality/value
This study provides novel insight into why phishing is successful, the human factor in susceptibility to online deception as well the role of information processing in effective decision making in this context. Based on the findings, the authors dispel common misconceptions about phishing and discuss more effective educational efforts to protect individuals from such online fraud.
Details
Keywords
That ice‐creams prepared with dirty materials and under dirty conditions will themselves be dirty is a proposition which, to the merely ordinary mind, appears to be sufficiently…
Abstract
That ice‐creams prepared with dirty materials and under dirty conditions will themselves be dirty is a proposition which, to the merely ordinary mind, appears to be sufficiently obvious without the institution of a series of elaborate and highly “scientific” experiments to attempt to prove it. But, to the mind of the bacteriological medicine‐man, it is by microbic culture alone that anything that is dirty can be scientifically proved to be so. Not long ago, it having been observed that the itinerant vendor of ice‐creams was in the habit of rinsing his glasses, and, some say, of washing himself—although this is doubtful—in a pail of water attached to his barrow, samples of the liquor contained by such pails were duly obtained, and were solemnly submitted to a well‐known bacteriologist for bacteriological examination. After the interval necessary for the carrying out of the bacterial rites required, the eminent expert's report was published, and it may be admitted that after a cautious study of the same the conclusion seems justifiable that the pail waters were dirty, although it may well be doubted that an allegation to this effect, based on the report, would have stood the test of cross‐examination. It is true that our old and valued friend the Bacillus coli communis was reported as present, but his reputation as an awful example and as a producer of evil has been so much damaged that no one but a dangerous bacteriologist would think of hanging a dog—or even an ice‐cream vendor—on the evidence afforded by his presence. A further illustration of bacteriological trop de zèle is afforded by the recent prosecutions of some vendors of ice‐cream, whose commodities were reported to contain “millions of microbes,” including, of course, the in‐evitable and ubiquitous Bacillus coli very “communis.” To institute a prosecution under the Sale of Food and Drugs Act upon the evidence yielded by a bacteriological examination of ice‐cream is a proceeding which is foredoomed, and rightly foredoomed, to failure. The only conceivable ground upon which such a prosecution could be undertaken is the allegation that the “millions of microbes ” make the ice‐cream injurious to health. Inas‐much as not one of these millions can be proved beyond the possibility of doubt to be injurious, in the present state of knowledge; and as millions of microbes exist in everything everywhere, the breakdown of such a case must be a foregone conclusion. Moreover, a glance at the Act will show that, under existing circumstances at any rate, samples cannot be submitted to public analysts for bacteriological examination—with which, in fact, the Act has nothing to do—even if such examinations yielded results upon which it would be possible to found action. In order to prevent the sale of foul and unwholesome or actual disease‐creating ice‐cream, the proper course is to control the premises where such articles are prepared; while, at the same time, the sale of such materials should also be checked by the methods employed under the Public Health Act in dealing with decomposed and polluted articles of food. In this, no doubt, the aid of the public analyst may sometimes be sought as one of the scientific advisers of the authority taking action, but not officially in his capacity as public analyst under the Adulteration Act. And in those cases in which such advice is sought it may be hoped that it will be based, as indeed it can be based, upon something more practical, tangible and certain than the nebulous results of a bacteriological test.