A pilot study of cyber security and privacy related behavior and personality traits

Recent research has begun to focus on the factors that cause people to respond to phishing attacks as well as affect user behavior on social networks. This study examines the correlation between the Big Five personality traits and email phishing response. Another aspect examined is how these factors relate to users' tendency to share information and protect their privacy on Facebook (which is one of the most popular social networking sites). This research shows that when using a prize phishing email, neuroticism is the factor most correlated to responding to this email, in addition to a gender-based difference in the response. This study also found that people who score high on the openness factor tend to both post more information on Facebook as well as have less strict privacy settings, which may cause them to be susceptible to privacy attacks. In addition, this work detected no correlation between the participants estimate of being vulnerable to phishing attacks and actually being phished, which suggests susceptibility to phishing is not due to lack of awareness of the phishing risks and that real-time response to phishing is hard to predict in advance by online users. The goal of this study is to better understand the traits that contribute to online vulnerability, for the purpose of developing customized user interfaces and secure awareness education, designed to increase users' privacy and security in the future.

[1]  R. McCrae,et al.  An introduction to the five-factor model and its applications. , 1992, Journal of personality.

[2]  Claire A. Hill,et al.  A Cognitive Theory of Trust , 2005 .

[3]  H. Nordvik,et al.  BMC Psychiatry BioMed Central Research article Five-factor model personality traits in opioid dependence , 2007 .

[4]  Mark S. Ackerman,et al.  Beyond Concern: Understanding Net Users' Attitudes About Online Privacy , 1999, ArXiv.

[5]  Shriram Krishnamurthi,et al.  Oops, I did it again: mitigating repeated access control errors on facebook , 2011, CHI.

[6]  Lorrie Faith Cranor,et al.  Teaching Johnny not to fall for phish , 2010, TOIT.

[7]  F. Prins,et al.  The relation between learning styles, the Big Five personality traits and achievement motivation in higher education , 1998 .

[8]  Daniele Quercia,et al.  The personality of popular facebook users , 2012, CSCW.

[9]  Y. Amichai-Hamburger,et al.  Loneliness and Internet use , 2003, Comput. Hum. Behav..

[10]  Markus Jakobsson,et al.  Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft , 2006 .

[11]  A. Tversky,et al.  Prospect theory: an analysis of decision under risk — Source link , 2007 .

[12]  Ponnurangam Kumaraguru,et al.  Who falls for phish?: a demographic analysis of phishing susceptibility and effectiveness of interventions , 2010, CHI.

[13]  Manfred Tscheligi,et al.  Personality traits, usage patterns and information disclosure in online communities , 2009, BCS HCI.

[14]  Bernhard Debatin,et al.  Facebook and Online Privacy: Attitudes, Behaviors, and Unintended Consequences , 2009, J. Comput. Mediat. Commun..

[15]  Yair Amichai-Hamburger,et al.  18. Loneliness and Internet Use , 2013 .

[16]  M. Jakobsson,et al.  Designing and Conducting Phishing Experiments , 2006 .

[17]  Thomas A. Widiger,et al.  Five factor model of personality disorder: Integrating science and practice , 2005 .

[18]  S. Rothmann,et al.  THE BIG FIVE PERSONALITY DIMENSIONS AND JOB PERFORMANCE , 2003 .

[19]  Samuel D. Gosling,et al.  Manifestations of Personality in Online Social Networks: Self-Reported Facebook-Related Behaviors and Observable Profile Information , 2011, Cyberpsychology Behav. Soc. Netw..

[20]  Mark S. Ackerman,et al.  Privacy in e-commerce: examining user scenarios and privacy preferences , 1999, EC '99.

[21]  Christian End,et al.  Unrealistic optimism in internet events , 2007, Comput. Hum. Behav..

[22]  P. Costa,et al.  Four ways five factors are basic , 1992 .

[23]  A. Tversky,et al.  Prospect theory: analysis of decision under risk , 1979 .

[24]  Y. Hamburger,et al.  The relationship between extraversion and neuroticism and the different uses of the Internet. , 2000 .

[25]  Peter Fischer,et al.  The psychology of scams: Provoking and committing errors of judgement , 2009 .

[26]  Julia Hirschberg,et al.  Personality factors in human deception detection: comparing human to machine performance , 2006, INTERSPEECH.

[27]  Kimberly Young,et al.  Internet Addiction: The Emergence of a New Clinical Disorder , 1998, Cyberpsychology Behav. Soc. Netw..

[28]  Markus Jakobsson,et al.  Designing ethical phishing experiments , 2007, IEEE Technology and Society Magazine.

[29]  S. Lea,et al.  How Neurotic are Scam Victims, Really? The Big Five and Internet Scams , 2012 .

[30]  Marti A. Hearst,et al.  Why phishing works , 2006, CHI.