Abstract
Cybersecurity vulnerability ranks among the foremost global business risks. Phishing attempts, in particular through email, persistently challenge organizations despite substantial investments in IT security and awareness training. Recognizing the limitations of unilateral technology- or human-centered approaches, this study explores how visual risk indication can support employees in detecting phishing attempts. To do so, we conducted an eye-tracking lab experiment in which participants rated the trustworthiness of emails with varying levels of credibility. Our analysis focuses on human information processing in identifying phishing attempts, indicating that the availability of a visual risk indicator can significantly influence trust and response behavior, without incapacitating implicit phishing cues (such as conspicuous senders or anonymous recipients). Our findings suggest that organizations should appropriately calibrate visual risk indicators to achieve the intended guiding effects. However, the calibration remains a trade-off and depends on the organization’s environment. We discuss implications for integrative cybersecurity approaches to mitigate phishing attempts more effectively.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
