Why They Ignore English Emails: The Challenges of Non-Native Speakers in Identifying Phishing Emails

Prior work in cybersecurity and risk management has shown that non-native speakers of the language used in phishing emails are more susceptible to such attacks. Despite much research on behaviors English speakers use to avoid phishing attacks, little is known about behaviors of non-native speakers. Therefore, we conducted an online survey with 862 nonnative English speakers (284 Germans, 276 South Koreans, and 302 Japanese). Our findings show that participants, especially those who lacked confidence in English, had a higher tendency to ignore English emails without careful inspection than emails in their native languages. Furthermore, both the German and South Korean participants generally followed the instructions in the email in their native languages without careful inspection. Finally, our qualitative analysis revealed five main factors that formed the participants’ concerns in identifying English phishing emails. These findings highlight the importance of providing non-native speakers with specific anti-phishing interventions that differ from those for native speakers.

[1]  Carsten Maple,et al.  Cyber security in the age of COVID-19: A timeline and analysis of cyber-crime and cyber-attacks during the pandemic , 2020, Computers & Security.

[2]  Melanie Volkamer,et al.  Analysis of publicly available anti-phishing webpages: contradicting information, lack of concrete advice and very narrow attack vector , 2020, 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).

[3]  Martin Shelton,et al.  Measuring Identity Confusion with Uniform Resource Locators , 2020, CHI.

[4]  Kami Vaniea,et al.  What is this URL's Destination? Empirical Evaluation of Users' URL Reading , 2020, CHI.

[5]  Kathryn B. Laskey,et al.  Experimental Investigation of Demographic Factors Related to Phishing Susceptibility , 2020, HICSS.

[6]  Rakesh M. Verma,et al.  SoK: A Comprehensive Reexamination of Phishing Research From the Security Perspective , 2019, IEEE Communications Surveys & Tutorials.

[7]  Marcus Nohlberg,et al.  The Language Effect in Phishing Susceptibility , 2020, STPIS.

[8]  Mitsuaki Akiyama,et al.  Comparative Analysis of Three Language Spheres: Are Linguistic and Cultural Differences Reflected in Password Selection Habits? , 2019, 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).

[9]  Luca Allodi,et al.  Cognitive Triaging of Phishing Attacks , 2019, USENIX Security Symposium.

[10]  Kristen Greene,et al.  A Phish Scale: Rating Human Phishing Message Detection Difficulty , 2019, Proceedings 2019 Workshop on Usable Security.

[11]  Elissa M. Redmiles "Should I Worry?" A Cross-Cultural Examination of Account Security Incident Response , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[12]  Harminder Singh,et al.  How Contextualisation Affects the Vulnerability of Individuals to Phishing Attempts , 2019, PACIS.

[13]  Tian Lin,et al.  Susceptibility to Spear-Phishing Emails: Effects of Internet User Demographics and Email Content , 2019, ACM Trans. Comput. Hum. Interact..

[14]  Adam N. Joinson,et al.  Exploring susceptibility to phishing in the workplace , 2018, International Journal of Human-Computer Studies.

[15]  Cleotilde González,et al.  Creative Persuasion: A Study on Adversarial Behaviors and Strategies in Phishing Attacks , 2018, Front. Psychol..

[16]  Kristen K. Greene,et al.  User Context : An Explanatory Variable in Phishing Susceptibility , 2018 .

[17]  Yada Zhu,et al.  Social Phishing , 2018, Encyclopedia of Social Network Analysis and Mining. 2nd Ed..

[18]  David B. Rear The language deficit: a comparison of the critical thinking skills of Asian students in first and second language contexts , 2017 .

[19]  Pieter H. Hartel,et al.  How Effective is Anti-Phishing Training for Children? , 2017, SOUPS.

[20]  James Nicholson,et al.  Can we fight social engineering attacks by social means? Assessing social salience as a means to improve phish detection , 2017, SOUPS.

[21]  Tian Lin,et al.  Dissecting Spear Phishing Emails for Older vs Young Adults: On the Interplay of Weapons of Influence and Life Domains in Predicting Susceptibility to Phishing , 2017, CHI.

[22]  Akira Yamada,et al.  Self-Confidence Trumps Knowledge: A Cross-Cultural Study of Security Behavior , 2017, CHI.

[23]  Rakesh M. Verma,et al.  Scaling and Effectiveness of Email Masquerade Attacks: Exploiting Natural Language Generation , 2017, AsiaCCS.

[24]  Alexander L. Davis,et al.  Replication: Challenges in Using Data Logs to Validate Phishing Detection Ability Metrics , 2016, SOUPS.

[25]  Malcolm Robert Pattinson,et al.  Understanding susceptibility to phishing emails: Assessing the impact of individual differences and culture , 2017, HAISA.

[26]  Anita Komlodi,et al.  Evaluating the credibility of english web sources as a foreign‐language searcher , 2016, ASIST.

[27]  Alexander L. Davis,et al.  Quantifying Phishing Susceptibility for Detection and Behavior Decisions , 2016, Hum. Factors.

[28]  Malcolm Robert Pattinson,et al.  Breaching the Human Firewall: Social engineering in Phishing and Spear-Phishing Emails , 2016, ACIS.

[29]  Malcolm Robert Pattinson,et al.  Do Users Focus on the Correct Cues to Differentiate Between Phishing and Genuine Emails? , 2016, ACIS.

[30]  Serge Egelman,et al.  Keep on Lockin' in the Free World: A Multi-National Comparison of Smartphone Locking , 2016, CHI.

[31]  Antesar M. Shabut,et al.  A literature review on phishing crime, prevention review and investigation of gaps , 2016, 2016 10th International Conference on Software, Knowledge, Information Management & Applications (SKIMA).

[32]  Sunny Consolvo,et al.  Rethinking Connection Security Indicators , 2016, SOUPS.

[33]  Anita Komlodi,et al.  Online search in english as a non‐native language , 2015, ASIST.

[34]  Mathias Ekstedt,et al.  Investigating personal determinants of phishing and the effect of national culture , 2015, Inf. Comput. Secur..

[35]  T. Köhler,et al.  Brain drain: The cognitive neuroscience of foreign language processing in multinational corporations , 2014, Journal of International Business Studies.

[36]  Mathias Ekstedt,et al.  An Empirical Investigation of the Effect of Target-Related Information in Phishing Attacks , 2014, 2014 IEEE 18th International Enterprise Distributed Object Computing Conference Workshops and Demonstrations.

[37]  Christopher B. Mayhorn,et al.  Phishing in international waters: exploring cross-national differences in phishing conceptualizations between Chinese, Indian and American samples , 2014, HotSoS '14.

[38]  Albert Costa,et al.  “Piensa” twice: On the foreign language effect in decision making , 2014, Cognition.

[39]  Malcolm Robert Pattinson,et al.  Phishing for the Truth: A Scenario-Based Experiment of Users' Behavioural Response to Emails , 2013, SEC.

[40]  Tsedal B. Neeley,et al.  Language Matters: Status Loss and Achieved Status Distinctions in Global Organizations , 2013, Organ. Sci..

[41]  Qing Hu,et al.  Future directions for behavioral information security research , 2013, Comput. Secur..

[42]  Rui Chen,et al.  Research Article Phishing Susceptibility: An Investigation Into the Processing of a Targeted Spear Phishing Email , 2012, IEEE Transactions on Professional Communication.

[43]  Anita Komlodi,et al.  An exploratory study on search behavior in different languages , 2012, IIiX.

[44]  Dennis F. Galletta,et al.  Which phish get caught? An exploratory study of individuals′ susceptibility to phishing , 2017, Eur. J. Inf. Syst..

[45]  Rui Chen,et al.  Why do people get phished? Testing individual differences in phishing vulnerability within an integrated, information processing model , 2011, Decis. Support Syst..

[46]  Ponnurangam Kumaraguru,et al.  Who falls for phish?: a demographic analysis of phishing susceptibility and effectiveness of interventions , 2010, CHI.

[47]  Lorrie Faith Cranor,et al.  School of phish: a real-world evaluation of anti-phishing training , 2009, SOUPS.

[48]  Lorrie Faith Cranor,et al.  Anti-Phishing Phil: the design and evaluation of a game that teaches people not to fall for phish , 2007, SOUPS '07.

[49]  Lorrie Faith Cranor,et al.  Decision strategies and susceptibility to phishing , 2006, SOUPS '06.

[50]  Marti A. Hearst,et al.  Why phishing works , 2006, CHI.

[51]  V. Braun,et al.  Using thematic analysis in psychology , 2006 .

[52]  Akiko Noda,et al.  A Temporary Decline of Thinking Ability During Foreign Language Processing , 1993 .

[53]  R. Cialdini Influence: The Psychology of Persuasion , 1993 .

[54]  Geert Hofstede,et al.  National Cultures in Four Dimensions: A Research-Based Theory of Cultural Differences among Nations , 1983 .

[55]  S. Ross SOME STRONGER MEASURES OF RISK AVERSION IN THE SMALL AND THE LARGE WITH APPLICATIONS , 1981 .

[56]  W. Conover Statistical Methods for Rates and Proportions , 1974 .