Advanced search
1 file | 119.02 KB Add to list

Effects of email users' behaviour and demographics on respond to each step of a phishing attack

Hossein Abroshan (UGent) , Jan Devos (UGent) , Geert Poels (UGent) and Eric Laermans (UGent)
Author
Organization
Abstract
Phishing is a process in which attackers send emails to Internet users and try to convince them to click on a link to steal their sensitive information or open an attachment to compromise their account, computer, organisation systems, etc. Users' behaviour, such as their risk-taking preference and decision-making style, can influence a phishing attempt's success. However, studies did not profoundly investigate the effects of the behaviours on each step of a phishing process (e.g., opening the email, clicking on the link, and submitting sensitive information on the phishing webpage). This study demonstrated the effects of risk-taking level and decision-making style, gender, age, and education level on the users' respond to each selected step of a phishing attempt. In this real-world study, we measured the behaviours of 135 participants from academia using psychological scales and tests. We then tested their phishability level by sending them simulated phishing emails. The regression analysis results showed that the general risk-taking preference and gender of the users could predict their phishability in the second step, i.e., clicking on the phishing link (p<0.05). We could not find any significant relation between their decision-making style and other demographic factors with the users' phishability level in the second step of the phishing. We also could not find any relations between the measured behaviours, age, gender, and education level of the users and their phishability level in the first and second steps (i.e., opening the phishing email and submitting sensitive data to the phishing website). The results of this study can help us develop proper mitigation actions to minimise phishing success in different steps. Organisations can use this approach to identify risky users and focus on decreasing their phishability level, for instance by providing more training to them or changing the behaviour (if possible). The developed model can be used as a comprehensive framework to investigate other behaviours’ effects in each step of phishing.
Keywords
Cyber security, Phishing, Human behaviour, Individual differences, Online scams

Downloads

  • ICCITS-2021.pdf
    • full text (Accepted manuscript)
    • |
    • open access
    • |
    • PDF
    • |
    • 119.02 KB

Citation

Please use this url to cite or link to this publication:

MLA
Abroshan, Hossein, et al. “Effects of Email Users’ Behaviour and Demographics on Respond to Each Step of a Phishing Attack.” ICCITS 2021, 15th International Conference on Communications and Information Technology Security, Abstracts, 2021.
APA
Abroshan, H., Devos, J., Poels, G., & Laermans, E. (2021). Effects of email users’ behaviour and demographics on respond to each step of a phishing attack. In ICCITS 2021, 15th International Conference on Communications and Information Technology Security, Abstracts. Rome, Italy.
Chicago author-date
Abroshan, Hossein, Jan Devos, Geert Poels, and Eric Laermans. 2021. “Effects of Email Users’ Behaviour and Demographics on Respond to Each Step of a Phishing Attack.” In ICCITS 2021, 15th International Conference on Communications and Information Technology Security, Abstracts.
Chicago author-date (all authors)
Abroshan, Hossein, Jan Devos, Geert Poels, and Eric Laermans. 2021. “Effects of Email Users’ Behaviour and Demographics on Respond to Each Step of a Phishing Attack.” In ICCITS 2021, 15th International Conference on Communications and Information Technology Security, Abstracts.
Vancouver
1.
Abroshan H, Devos J, Poels G, Laermans E. Effects of email users’ behaviour and demographics on respond to each step of a phishing attack. In: ICCITS 2021, 15th International Conference on Communications and Information Technology Security, Abstracts. 2021.
IEEE
[1]
H. Abroshan, J. Devos, G. Poels, and E. Laermans, “Effects of email users’ behaviour and demographics on respond to each step of a phishing attack,” in ICCITS 2021, 15th International Conference on Communications and Information Technology Security, Abstracts, Rome, Italy, 2021.
@inproceedings{8705329,
  abstract     = {{Phishing is a process in which attackers send emails to Internet users and try to convince them to click on a link to steal their sensitive information or open an attachment to compromise their account, computer, organisation systems, etc. Users' behaviour, such as their risk-taking preference and decision-making style, can influence a phishing attempt's success. However, studies did not profoundly investigate the effects of the behaviours on each step of a phishing process (e.g., opening the email, clicking on the link, and submitting sensitive information on the phishing webpage). This study demonstrated the effects of risk-taking level and decision-making style, gender, age, and education level on the users' respond to each selected step of a phishing attempt.
In this real-world study, we measured the behaviours of 135 participants from academia using psychological scales and tests. We then tested their phishability level by sending them simulated phishing emails. The regression analysis results showed that the general risk-taking preference and gender of the users could predict their phishability in the second step, i.e., clicking on the phishing link (p<0.05). We could not find any significant relation between their decision-making style and other demographic factors with the users' phishability level in the second step of the phishing. We also could not find any relations between the measured behaviours, age, gender, and education level of the users and their phishability level in the first and second steps (i.e., opening the phishing email and submitting sensitive data to the phishing website).
The results of this study can help us develop proper mitigation actions to minimise phishing success in different steps. Organisations can use this approach to identify risky users and focus on decreasing their phishability level, for instance by providing more training to them or changing the behaviour (if possible). The developed model can be used as a comprehensive framework to investigate other behaviours’ effects in each step of phishing.}},
  author       = {{Abroshan, Hossein and Devos, Jan and Poels, Geert and Laermans, Eric}},
  booktitle    = {{ICCITS 2021, 15th International Conference on Communications and Information Technology Security, Abstracts}},
  keywords     = {{Cyber security,Phishing,Human behaviour,Individual differences,Online scams}},
  language     = {{eng}},
  location     = {{Rome, Italy}},
  pages        = {{1}},
  title        = {{Effects of email users' behaviour and demographics on respond to each step of a phishing attack}},
  year         = {{2021}},
}