Document Type

Article

Publication Date

6-2-2023

Publication Title

Victims & Offenders

Volume

18

Issue

7

Pages

1216-1235

Publisher Name

Taylor and Francis Group

Abstract

Phishing victimization is prevalent and results in theft of personal identifiable information (PII) or installing malware to steal PII. Drawing upon social psychological and criminological theories, we conducted a prospective study to assess three groups of predictors to being phished or not: a) prior victimization; b) protective or vulnerable habitual strategies, and c) emotional and cognitive decision-making styles. Students (N = 236) completed a survey assessing these predictors and then about 4 weeks later received a phishing e-mail using the university’s phishing testing system. The e-mail requested that they click on a link and enter their student ID to avoid having their account blocked. About half (50.8%) clicked on the link, and 81.6% of those phished entered their PII. Individuals who had low avoidant style and high generalized anxiety were four times more likely to be phished, after controlling for the significant effects of vulnerable habitual strategies and using dating apps. Machine learning analyses also found cognitive styles and generalized anxiety are the better predictors of getting phished compared to vulnerable and protective strategies and prior victimization. These findings suggest that cybersecurity training needs to be expanded to address the emotional and cognitive processing of deceptive appeals in e-mails.

Comments

Author Posting © The Author(s), 2023. This article is posted here by permission of Taylor and Francis Group for personal use and redistribution. This article was published open access in Victims & Offenders, VOL.18, (June 2, 2023),https://doi.org/10.1080/15564886.2023.2218369

Creative Commons License

Creative Commons Attribution-NonCommercial 4.0 International License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License

Download

Share

COinS