Root causes of falling victim to phishing : the effects of human behavior, emotions and demographics
(2021)
- Author
- Hossein Abroshan (UGent)
- Promoter
- Geert Poels (UGent) and Jan Devos (UGent)
- Organization
- Abstract
- Phishing is a social engineering scam that can result in data loss, reputational damage, identity theft, the loss of money, and many other damages to peoples and organisations. A phishing scam usually starts with an email trying to gain the potential victim's trust and convince them to take the attacker's desired actions, such as clicking on a link or opening an attachment. In the next step, the user might enter their sensitive information on a phishing website, or open an infected attachment that can compromise their account, computer, or even an organisation's network and systems. Prior studies have investigated the impacts of user traits on the success of phishing attacks and how they can increase or decrease susceptibility to phishing emails. However, little is known about the effect of users' behaviour in the different steps in a phishing attack, nor in different situations such as a pandemic, as exemplified by the COVID-19 outbreak in early 2020. Researchers and solution vendors have developed many technical anti-phishing solutions which can prevent phishing emails and websites. Nonetheless, users remain the weakest link and attackers know how to fool them by manipulating their behaviour. They always design new phishing campaigns and there are always users who fall into the scammers' traps. Knowing the behaviours and emotions of users that influence the success of phishing attacks will help us tackle this problem from its root causes. This study investigates which behaviour on the part of the users might affect the success of phishing and provides a framework that can be used to figure out the impact of more root causes. Based on the insights obtained, it also suggests a guideline to minimise phishing success by addressing human factors which might influence users' responses to phishing emails. This suggested guideline is flexible and can be enhanced by adding more predictors (i.e., behaviour and emotions) and learning from users' responses to phishing in the real world over time. However, there are some limitations which future studies can address to gain more accurate results and develop a comprehensive solution using the proposed guideline. This is a paper-based PhD dissertation consisting of six chapters. The dissertation starts with an introduction and continues with four papers (chapters 2-5). The first paper has been published in a post-conference proceeding of an international conference, the second has been published in an international peer-reviewed journal, the third paper is, at the time of writing, under revision with an international peer-reviewed journal, and the last paper is published in ACM proceeding.
- Keywords
- cyber security, phishing, human factors, online scams
Downloads
-
(...).pdf
- full text (Published version)
- |
- UGent only (changes to open access on 2026-07-08)
- |
- |
- 3.43 MB
Citation
Please use this url to cite or link to this publication: http://hdl.handle.net/1854/LU-8715750
- MLA
- Abroshan, Hossein. Root Causes of Falling Victim to Phishing : The Effects of Human Behavior, Emotions and Demographics. Ghent University. Faculty of Economics and Business Administration, 2021.
- APA
- Abroshan, H. (2021). Root causes of falling victim to phishing : the effects of human behavior, emotions and demographics. Ghent University. Faculty of Economics and Business Administration, Ghent, Belgium.
- Chicago author-date
- Abroshan, Hossein. 2021. “Root Causes of Falling Victim to Phishing : The Effects of Human Behavior, Emotions and Demographics.” Ghent, Belgium: Ghent University. Faculty of Economics and Business Administration.
- Chicago author-date (all authors)
- Abroshan, Hossein. 2021. “Root Causes of Falling Victim to Phishing : The Effects of Human Behavior, Emotions and Demographics.” Ghent, Belgium: Ghent University. Faculty of Economics and Business Administration.
- Vancouver
- 1.Abroshan H. Root causes of falling victim to phishing : the effects of human behavior, emotions and demographics. [Ghent, Belgium]: Ghent University. Faculty of Economics and Business Administration; 2021.
- IEEE
- [1]H. Abroshan, “Root causes of falling victim to phishing : the effects of human behavior, emotions and demographics,” Ghent University. Faculty of Economics and Business Administration, Ghent, Belgium, 2021.
@phdthesis{8715750, abstract = {{Phishing is a social engineering scam that can result in data loss, reputational damage, identity theft, the loss of money, and many other damages to peoples and organisations. A phishing scam usually starts with an email trying to gain the potential victim's trust and convince them to take the attacker's desired actions, such as clicking on a link or opening an attachment. In the next step, the user might enter their sensitive information on a phishing website, or open an infected attachment that can compromise their account, computer, or even an organisation's network and systems. Prior studies have investigated the impacts of user traits on the success of phishing attacks and how they can increase or decrease susceptibility to phishing emails. However, little is known about the effect of users' behaviour in the different steps in a phishing attack, nor in different situations such as a pandemic, as exemplified by the COVID-19 outbreak in early 2020. Researchers and solution vendors have developed many technical anti-phishing solutions which can prevent phishing emails and websites. Nonetheless, users remain the weakest link and attackers know how to fool them by manipulating their behaviour. They always design new phishing campaigns and there are always users who fall into the scammers' traps. Knowing the behaviours and emotions of users that influence the success of phishing attacks will help us tackle this problem from its root causes. This study investigates which behaviour on the part of the users might affect the success of phishing and provides a framework that can be used to figure out the impact of more root causes. Based on the insights obtained, it also suggests a guideline to minimise phishing success by addressing human factors which might influence users' responses to phishing emails. This suggested guideline is flexible and can be enhanced by adding more predictors (i.e., behaviour and emotions) and learning from users' responses to phishing in the real world over time. However, there are some limitations which future studies can address to gain more accurate results and develop a comprehensive solution using the proposed guideline. This is a paper-based PhD dissertation consisting of six chapters. The dissertation starts with an introduction and continues with four papers (chapters 2-5). The first paper has been published in a post-conference proceeding of an international conference, the second has been published in an international peer-reviewed journal, the third paper is, at the time of writing, under revision with an international peer-reviewed journal, and the last paper is published in ACM proceeding.}}, author = {{Abroshan, Hossein}}, keywords = {{cyber security,phishing,human factors,online scams}}, language = {{eng}}, pages = {{XIII, 146}}, publisher = {{Ghent University. Faculty of Economics and Business Administration}}, school = {{Ghent University}}, title = {{Root causes of falling victim to phishing : the effects of human behavior, emotions and demographics}}, year = {{2021}}, }