Eric Chan-Tin
ABSTRACT
Phishing is a common vector for cybercrime and hacking. This research examines participants' personality styles (e.g. decision-making styles, self-control) and the likelihood of falling victim to phishing attacks. Over 300 participants completed an online survey assessing protective and vulnerable strategies, personality styles, trust in people, prior victimization from catphishing or identity theft, and demographics information. Unbeknownst to the participants, 2 to 4 weeks after completing the survey they received a phishing e-mail asking them to click on a link. Individuals with a stronger systematic decision-making style were more likely to have a greater number of protective strategies, and those with greater protective strategies were less likely to be a victim of catphishing and identity theft. Individuals with low avoidant decision-making styles and prior vulnerable strategies were more likely to be phished. These findings suggest that learning protective strategies and not using vulnerable strategies are insufficient to lower substantially the risk of being phished. Training might be improved through considering the match between decision-making styles and the content of the training.
- A. Alnajim and M. Munro. 2008. An evaluation of users' tips effectiveness for Phishing websites detection. In 2008 Third International Conference on Digital Information Management. 63--68. https://doi.org/10.1109/ICDIM.2008.4746717Google Scholar
- Z. Alqarni, A. Algarni, and Y. Xu. 2016. Toward Predicting Susceptibility to Phishing Victimization on Facebook. In 2016 IEEE International Conference on Services Computing (SCC). 419--426. https://doi.org/10.1109/SCC.2016.61Google ScholarCross Ref
- A. J. Burns, M. Johnson, and D. Caputo. 2019. Spear phishing in a barrel: Insights from a targeted phishing campaign. Journal of Organizational Computing and Electronic Commerce, Vol. 29, 1 (2019), 24--39.Google ScholarCross Ref
- C. Dewberry, M. Juanchich, and S. Narendran. 2013a. Decision-making competence in everyday life: The roles of general cognitive styles, decision-making styles and personality. Personality and Individual Differences, Vol. 55, 7 (2013), 783--788.Google ScholarCross Ref
- C. Dewberry, M. Juanchich, and S. Narendran. 2013b. The latent structure of decision styles. Personality and Individual Differences, Vol. 54, 5 (2013), 566--571.Google ScholarCross Ref
- J. S. Downs, B. Donato, and A. Alessandro. 2015. Predictors of risky decisions: Improving judgment and decision making based on evidence from phishing attacks. Neuroeconomics, judgment, and decision making (2015), 239--253.Google Scholar
- Serge Egelman, Lorrie Faith Cranor, and Jason Hong. 2008. You've Been Warned: An Empirical Study of the Effectiveness of Web Browser Phishing Warnings. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Florence, Italy) (CHI '08). ACM, New York, NY, USA, 1065--1074. https://doi.org/10.1145/1357054.1357219Google ScholarDigital Library
- Roderick Graham and Ruth Triplett. 2017. Capable Guardians in the Digital Environment: The Role of Digital Literacy in Reducing Phishing Victimization. Deviant Behavior, Vol. 38, 12 (2017), 1371--1382.Google ScholarCross Ref
- Harold G Grasmick, Charles R Tittle, Robert J Bursik Jr, and Bruce J Arneklev. 1993. Testing the core empirical implications of Gottfredson and Hirschi's general theory of crime. Journal of research in crime and delinquency, Vol. 30, 1 (1993), 5--29.Google ScholarCross Ref
- Katherine Hamilton, Shin-I Shih, and Susan Mohammed. 2016. The development and validation of the rational and intuitive decision styles scale. Journal of personality assessment, Vol. 98, 5 (2016), 523--535.Google ScholarCross Ref
- B. Harrison, A. Vishwanath, Y. J. Ng, and R. Rao. 2015. Examining the Impact of Presence on Individual Phishing Victimization. In 2015 48th Hawaii International Conference on System Sciences. 3483--3489.Google Scholar
- FBI IC3. 2021. https://pdf.ic3.gov/2021_IC3Report.pdf.Google Scholar
- J. Jansen and R. Leukfeldt. 2016. Phishing and malware attacks on online banking customers in the Netherlands: A qualitative analysis of factors leading to victimization. International Journal of Cyber Criminology, Vol. 10, 1 (2016), 79.Google Scholar
- Ponnurangam Kumaraguru, Justin Cranshaw, Alessandro Acquisti, Lorrie Cranor, Jason Hong, Mary Ann Blair, and Theodore Pham. 2009. School of Phish: A Real-World Evaluation of Anti-Phishing Training. In Proceedings of the 5th Symposium on Usable Privacy and Security (SOUPS '09). ACM, New York, NY, USA, Article 3, 12 pages. https://doi.org/10.1145/1572532.1572536Google ScholarDigital Library
- Ponnurangam Kumaraguru, Yong Rhee, Alessandro Acquisti, Lorrie Faith Cranor, Jason Hong, and Elizabeth Nunge. 2007. Protecting People from Phishing: The Design and Evaluation of an Embedded Training Email System. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '07). ACM, New York, NY, USA, 905--914. https://doi.org/10.1145/1240624.1240760Google ScholarDigital Library
- P. Kumaraguru, S. Sheng, A. Acquisti, L. F. Cranor, and J. Hong. 2008. Lessons from a real world evaluation of anti-phishing training. In 2008 eCrime Researchers Summit. 1--12. https://doi.org/10.1109/ECRIME.2008.4696970Google Scholar
- E. R. Leukfeldt. 2014. Phishing for Suitable Targets in The Netherlands: Routine Activity Theory and Phishing Victimization. Cyberpsychology, Behavior, and Social Networking, Vol. 17, 8 (2014), 551--555. https://doi.org/10.1089/cyber.2014.0008Google ScholarCross Ref
- Moez Limayem and Christy MK Cheung. 2011. Predicting the continued use of Internet-based learning technologies: the role of habit. Behaviour & Information Technology, Vol. 30, 1 (2011), 91--99.Google ScholarCross Ref
- Eric R Louderback and Olena Antonaccio. 2017. Exploring cognitive decision-making processes, computer-focused cyber deviance involvement and victimization: The role of thoughtfully reflective decision-making. Journal of research in crime and delinquency, Vol. 54, 5 (2017), 639--679.Google ScholarCross Ref
- Xin (Robert) Luo, Wei Zhang, Stephen Burd, and Alessandro Seazzu. 2013. Investigating phishing victimization with the Heuristic--Systematic Model: A theoretical framework and an exploration. Computers & Security, Vol. 38 (2013), 28--38. https://doi.org/10.1016/j.cose.2012.12.003 Cybercrime in the Digital Economy.Google ScholarDigital Library
- Kalana Malimage. 2013. The role of habit in information security behaviors. Mississippi State University.Google Scholar
- P. Miksza. 2007. Effective practice: An investigation of observed practice behaviors, self-reported practice habits, and the performance achievement of high school wind players. Journal of Research in Music Education, Vol. 55, 4 (2007), 359--375.Google ScholarCross Ref
- Seung Yeop Paek and Mahesh K. Nalla. 2015. The relationship between receiving phishing attempt and identity theft victimization in South Korea. International Journal of Law, Crime and Justice, Vol. 43, 4 (2015), 626--642. https://doi.org/10.1016/j.ijlcj.2015.02.003Google ScholarCross Ref
- Wendy J Phillips, Jennifer M Fletcher, Anthony DG Marks, and Donald W Hine. 2016. Thinking styles and decision making: A meta-analysis. Psychological Bulletin, Vol. 142, 3 (2016), 260.Google ScholarCross Ref
- A. Piquero and A. Rosay. 1998. The reliability and validity of Grasmick et al.'s self-control scale: A comment on Longshore et al. Criminology, Vol. 36 (1998), 157.Google ScholarCross Ref
- Travis C Pratt, Jillian J Turanovic, Kathleen A Fox, and Kevin A Wright. 2014. Self-control and victimization: A meta-analysis. Criminology, Vol. 52, 1 (2014), 87--116.Google ScholarCross Ref
- Stephanie A Prince, Luca Cardilli, Jennifer L Reed, Travis J Saunders, Chris Kite, Kevin Douillette, Karine Fournier, and John P Buckley. 2020. A comparison of self-reported and device measured sedentary behaviour in adults: a systematic review and meta-analysis. International Journal of Behavioral Nutrition and Physical Activity, Vol. 17, 1 (2020), 1--17.Google ScholarCross Ref
- Swapan Purkait. 2012. Phishing counter measures and their effectiveness--literature review. Information Management & Computer Security (2012).Google Scholar
- Susanne G Scott and Reginald A Bruce. 1995. Decision-making style: The development and assessment of a new measure. Educational and psychological measurement, Vol. 55, 5 (1995), 818--831.Google Scholar
- Steve Sheng, Mandy Holbrook, Ponnurangam Kumaraguru, Lorrie Faith Cranor, and Julie Downs. 2010. Who Falls for Phish? A Demographic Analysis of Phishing Susceptibility and Effectiveness of Interventions. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '10). ACM, New York, NY, USA, 373--382. https://doi.org/10.1145/1753326.1753383Google ScholarDigital Library
- Hossein Siadati, S. Palka, A. Siegel, and D. McCoy. 2017. Measuring the Effectiveness of Embedded Phishing Exercises. In 10th Workshop on Cyber Security Experimentation and Test (CSET 17). USENIX Association, Vancouver, BC.Google Scholar
- Emma Soane, Iljana Schubert, Rebecca Lunn, and Simon Pollard. 2015. The relationship between information processing style and information seeking, and its moderation by affect and perceived usefulness: Analysis vs. procrastination. Personality and Individual Differences, Vol. 72 (2015), 72--78.Google ScholarCross Ref
- Bas Verplanken and Henk Aarts. 1999. Habit, Attitude, and Planned Behaviour: Is Habit an Empty Construct or an Interesting Case of Goal-directed Automaticity? European Review of Social Psychology, Vol. 10, 1 (1999), 101--134. https://doi.org/10.1080/14792779943000035Google ScholarCross Ref
- A. Vishwanath. 2015. Habitual Facebook use and its impact on getting deceived on social media. Journal of Computer-Mediated Communication, Vol. 20, 1 (2015), 83--98.Google ScholarCross Ref
- Arun Vishwanath. 2016. Mobile device affordance: Explicating how smartphones influence the outcome of phishing attacks. Computers in Human Behavior, Vol. 63 (2016), 198--207.Google ScholarDigital Library
- Arun Vishwanath, Brynne Harrison, and Yu Jie Ng. 2018. Suspicion, cognition, and automaticity model of phishing susceptibility. Communication Research, Vol. 45, 8 (2018), 1146--1166.Google ScholarCross Ref
- Arun Vishwanath, Tejaswini Herath, Rui Chen, Jingguo Wang, and H Raghav Rao. 2011. Why do people get phished? Testing individual differences in phishing vulnerability within an integrated, information processing model. Decision Support Systems, Vol. 51, 3 (2011), 576--586.Google ScholarDigital Library
Index Terms
- Predicting Phishing Victimization: Roles of Protective and Vulnerable Strategies and Decision-Making Styles
Recommendations
Loneliness, parent-child communication and cyberbullying victimization among Spanish youths
Cyberbullying has been recognized as an important risk factor for mental health. Few studies have analyzed relationships between family variables and cyberbullying victimization. This ex post facto study analyze the relationships between loneliness, ...
Cyber-harassment victimization in Portugal
Cyber-harassment is one of today's problems in adolescent health. This study aimed to determine the prevalence of cyber-victimization among Portuguese adolescents. It also explored its nature, patterns and victim's reactions of fear and help-seeking. A ...
Cyberbullying perpetration and victimization among children and adolescents: A systematic review of longitudinal studies
Highlights- A growing number of longitudinal studies have investigated factors related to cyberbullying in youth.
AbstractIn this systematic review of exclusively longitudinal studies on cyberbullying perpetration and victimization among adolescents, we identified 76 original longitudinal studies published between 2007 and 2017. The majority of them ...
Comments