Will the "Phisher-Men" Reel You In?: Assessing Individual Differences in a Phishing Detection Task

Some authors suggest that regardless of how good security technology is, it is the “people problem” that must be overcome for successful cybersecurity (West, Mayhorn, Hardee, & Mendel, 2009). While security threats to the average computer user might take a variety of forms such as viruses or worms delivered via nefarious websites or USB drives, identity theft tactics such as phishing are becoming increasingly problematic and common. Phishing is a technology-based, social engineering tactic where attackers attempt to appear as authorized sources to target individuals and obtain personal and/or sensitive information. The current research aims to explore how individuals differ in phishing susceptibility within the context of a real world email-related decision making task.

[1]  Swapan Purkait,et al.  Information Management & Computer Security Phishing counter measures and their effectiveness – literature review , 2016 .

[2]  T. Wickens Elementary Signal Detection Theory , 2001 .

[3]  W. B. Harvey,et al.  The Weakest Link , 2008 .

[4]  Steven Furnell It's a jungle out there: Predators, prey and protection in the online wilderness , 2008 .

[5]  M. Eysenck,et al.  Personality and Individual Differences: A Natural Science Approach , 1985 .

[6]  Ponnurangam Kumaraguru,et al.  Who falls for phish?: a demographic analysis of phishing susceptibility and effectiveness of interventions , 2010, CHI.

[7]  Hironori Washizaki,et al.  A survey on security patterns , 2008 .

[8]  Christopher B. Mayhorn,et al.  Something Smells Phishy: Exploring Definitions, Consequences, and Reactions to Phishing , 2012 .

[9]  Min Wu,et al.  Do security toolbars actually prevent phishing attacks? , 2006, CHI.

[10]  S. Whiteside,et al.  The Five Factor Model and impulsivity: using a structural model of personality to understand impulsivity , 2001 .

[11]  Gavriel Salvendy,et al.  Usability and Security An Appraisal of Usability Issues in Information Security Methods , 2001, Comput. Secur..

[12]  Patrick G. Nyeste,et al.  Training Users to Counteract Phishing , 2010, Work.

[13]  Lorrie Faith Cranor,et al.  Anti-Phishing Phil: the design and evaluation of a game that teaches people not to fall for phish , 2007, SOUPS '07.

[14]  Eugene Y. Kukshinov,et al.  The Virtual Self and Possible Immersive Consequences of Uncharacteristic Self-Presentation in the Virtual Environment , 2015, Int. J. Cyber Behav. Psychol. Learn..

[15]  M. Zuckerman,et al.  A comparison of three structural models for personality: the big three , 1993 .

[16]  Christopher B. Mayhorn,et al.  To download or not to download: an examination of computer security decision making , 2006, INTR.

[17]  Christopher B. Mayhorn,et al.  Phishing in international waters: exploring cross-national differences in phishing conceptualizations between Chinese, Indian and American samples , 2014, HotSoS '14.

[18]  S. Gosling,et al.  A very brief measure of the Big-Five personality domains , 2003 .

[19]  Kathryn Parsons,et al.  Information Management & Computer Security Why do some people manage phishing e-mails better than others ? , 2016 .

[20]  Ryan T. Wright,et al.  The Influence of Experiential and Dispositional Factors in Phishing: An Empirical Investigation of the Deceived , 2010, J. Manag. Inf. Syst..

[21]  William P. Eveland,et al.  A Panel Study of Motivations, Information Processing, and Learning During Campaign 2000 , 2003 .

[22]  Daniel R. Ilgen,et al.  Not All Trust Is Created Equal: Dispositional and History-Based Trust in Human-Automation Interactions , 2008, Hum. Factors.

[23]  C. R. Cloninger,et al.  A psychobiological model of temperament and character. , 1993, Archives of general psychiatry.

[24]  C M Rutter,et al.  A hierarchical regression approach to meta‐analysis of diagnostic test accuracy evaluations , 2001, Statistics in medicine.

[25]  Jefferson B. Hardee,et al.  The Weakest Link: A Psychological Perspective on Why Users Make Poor Security Decisions , 2009 .

[26]  Ebrima N. Ceesay Mitigating phishing attacks: a detection, response and evaluation framework , 2008 .