Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Not All Victims Are Created Equal: Investigating Differential Phishing Susceptibility

Published

Author(s)

Matthew Canham, Shanee Dawkins, Jody Jacobs

Abstract

Repeat clickers refer to individuals who repeatedly fall prey to phishing at-tempts, posing a disproportionately higher risk to the organizations they inhabit. This study sought to explore the potential influence of three factors on repeat clicking behavior. First, building from previous research, we examined the impact of individual characteristics such as personality traits (Big 5 and Locus of Control), expertise (security and phishing knowledge), and technology usage. Second, social engineering tactics were considered as a potential factor, based on the specifications of the NIST Phish Scale. Third, the impact of contextual factors, such as world events, were investigated. Data was collected from study participants via a survey on their individual differences, followed by campaigns in which they were emailed a total of eight messages (four phishing and four controls) over a four-week period of time. Repeat clickers were found to spend less time working online, check email more often, have a more internally oriented locus of control, and a lower need for cognition, than the comparison groups. The Phish Scale resulted in difficulty scores closely corresponding to observed click-rates in phishing emails, suggesting that it is an effective metric of evaluating human phishing detection difficulty in a university environment. This research study occurred shortly after the COVID-19 shutdown of in-person classes, which likely impacted the findings of this study.
Proceedings Title
Proceedings of HCI International 2024 Conference
Conference Dates
June 29-July 4, 2024
Conference Location
Washington, DC, US
Conference Title
HCI International 2024

Keywords

Repeat Clickers, NIST Phish Scale, Phishing Susceptibility, Security Awareness, Human-centered Cybersecurity

Citation

Canham, M. , Dawkins, S. and Jacobs, J. (2024), Not All Victims Are Created Equal: Investigating Differential Phishing Susceptibility, Proceedings of HCI International 2024 Conference, Washington, DC, US, [online], https://doi.org/10.1007/978-3-031-61569-6_1, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=957275 (Accessed December 26, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created September 6, 2024