An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Not All Victims Are Created Equal: Investigating Differential Phishing Susceptibility
Published
Author(s)
Matthew Canham, Shanee Dawkins, Jody Jacobs
Abstract
Repeat clickers refer to individuals who repeatedly fall prey to phishing at-tempts, posing a disproportionately higher risk to the organizations they inhabit. This study sought to explore the potential influence of three factors on repeat clicking behavior. First, building from previous research, we examined the impact of individual characteristics such as personality traits (Big 5 and Locus of Control), expertise (security and phishing knowledge), and technology usage. Second, social engineering tactics were considered as a potential factor, based on the specifications of the NIST Phish Scale. Third, the impact of contextual factors, such as world events, were investigated. Data was collected from study participants via a survey on their individual differences, followed by campaigns in which they were emailed a total of eight messages (four phishing and four controls) over a four-week period of time. Repeat clickers were found to spend less time working online, check email more often, have a more internally oriented locus of control, and a lower need for cognition, than the comparison groups. The Phish Scale resulted in difficulty scores closely corresponding to observed click-rates in phishing emails, suggesting that it is an effective metric of evaluating human phishing detection difficulty in a university environment. This research study occurred shortly after the COVID-19 shutdown of in-person classes, which likely impacted the findings of this study.
Canham, M.
, Dawkins, S.
and Jacobs, J.
(2024),
Not All Victims Are Created Equal: Investigating Differential Phishing Susceptibility, Proceedings of HCI International 2024 Conference, Washington, DC, US, [online], https://doi.org/10.1007/978-3-031-61569-6_1, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=957275
(Accessed January 13, 2025)