Abstract
ABSTRACT Phishing victimization is prevalent and results in theft of personal identifiable information (PII) or installing malware to steal PII. Drawing upon social psychological and criminological theories, we conducted a prospective study to assess three groups of predictors to being phished or not: a) prior victimization; b) protective or vulnerable habitual strategies, and c) emotional and cognitive decision-making styles. Students (N = 236) completed a survey assessing these predictors and then about 4 weeks later received a phishing e-mail using the university’s phishing testing system. The e-mail requested that they click on a link and enter their student ID to avoid having their account blocked. About half (50.8%) clicked on the link, and 81.6% of those phished entered their PII. Individuals who had low avoidant style and high generalized anxiety were four times more likely to be phished, after controlling for the significant effects of vulnerable habitual strategies and using dating apps. Machine learning analyses also found cognitive styles and generalized anxiety are the better predictors of getting phished compared to vulnerable and protective strategies and prior victimization. These findings suggest that cybersecurity training needs to be expanded to address the emotional and cognitive processing of deceptive appeals in e-mails.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
