Abstract

Phishing emails provide a means to infiltrate the technical systems of organisations by encouraging employees to click on malicious links or attachments. Despite the use of awareness campaigns and phishing simulations, employees remain vulnerable to phishing emails. The present research uses a mixed methods approach to explore employee susceptibility to targeted phishing emails, known as spear phishing. In Study One, nine spear phishing simulation emails sent to 62,000 employees over a six-week period were rated according to the presence of authority and urgency influence techniques. Results demonstrated that the presence of authority cues increased the likelihood that a user would click a suspicious link contained in an email. In Study Two, six focus groups were conducted in a second organisation to explore whether additional factors within the work environment impact employee susceptibility to spear phishing. We discuss these factors in relation to current theoretical approaches and provide implications for user communities.
LanguageEnglish
Pages1-13
JournalInternational Journal of Human-Computer Studies
Volume120
Early online date19 Jul 2018
DOIs
StatusE-pub ahead of print - 19 Jul 2018

Fingerprint

Electronic mail
workplace
employee
Personnel
simulation
work environment
Telecommunication links
campaign
community
Group

Cite this

Exploring Susceptibility to Phishing in the Workplace. / Williams, Emma J.; Hinds, Joanne; Joinson, Adam N.

In: International Journal of Human-Computer Studies, Vol. 120, 01.12.2018, p. 1-13.

Research output: Contribution to journalArticle

@article{c52b059074a645d8ba980c8fd0bd6e2d,
title = "Exploring Susceptibility to Phishing in the Workplace",
abstract = "Phishing emails provide a means to infiltrate the technical systems of organisations by encouraging employees to click on malicious links or attachments. Despite the use of awareness campaigns and phishing simulations, employees remain vulnerable to phishing emails. The present research uses a mixed methods approach to explore employee susceptibility to targeted phishing emails, known as spear phishing. In Study One, nine spear phishing simulation emails sent to 62,000 employees over a six-week period were rated according to the presence of authority and urgency influence techniques. Results demonstrated that the presence of authority cues increased the likelihood that a user would click a suspicious link contained in an email. In Study Two, six focus groups were conducted in a second organisation to explore whether additional factors within the work environment impact employee susceptibility to spear phishing. We discuss these factors in relation to current theoretical approaches and provide implications for user communities.",
author = "Williams, {Emma J.} and Joanne Hinds and Joinson, {Adam N.}",
year = "2018",
month = "7",
day = "19",
doi = "/10.1016/j.ijhcs.2018.06.004",
language = "English",
volume = "120",
pages = "1--13",
journal = "International Journal of Human-Computer Studies",
issn = "1071-5819",
publisher = "Academic Press",

}

TY - JOUR

T1 - Exploring Susceptibility to Phishing in the Workplace

AU - Williams, Emma J.

AU - Hinds, Joanne

AU - Joinson, Adam N.

PY - 2018/7/19

Y1 - 2018/7/19

N2 - Phishing emails provide a means to infiltrate the technical systems of organisations by encouraging employees to click on malicious links or attachments. Despite the use of awareness campaigns and phishing simulations, employees remain vulnerable to phishing emails. The present research uses a mixed methods approach to explore employee susceptibility to targeted phishing emails, known as spear phishing. In Study One, nine spear phishing simulation emails sent to 62,000 employees over a six-week period were rated according to the presence of authority and urgency influence techniques. Results demonstrated that the presence of authority cues increased the likelihood that a user would click a suspicious link contained in an email. In Study Two, six focus groups were conducted in a second organisation to explore whether additional factors within the work environment impact employee susceptibility to spear phishing. We discuss these factors in relation to current theoretical approaches and provide implications for user communities.

AB - Phishing emails provide a means to infiltrate the technical systems of organisations by encouraging employees to click on malicious links or attachments. Despite the use of awareness campaigns and phishing simulations, employees remain vulnerable to phishing emails. The present research uses a mixed methods approach to explore employee susceptibility to targeted phishing emails, known as spear phishing. In Study One, nine spear phishing simulation emails sent to 62,000 employees over a six-week period were rated according to the presence of authority and urgency influence techniques. Results demonstrated that the presence of authority cues increased the likelihood that a user would click a suspicious link contained in an email. In Study Two, six focus groups were conducted in a second organisation to explore whether additional factors within the work environment impact employee susceptibility to spear phishing. We discuss these factors in relation to current theoretical approaches and provide implications for user communities.

U2 - /10.1016/j.ijhcs.2018.06.004

DO - /10.1016/j.ijhcs.2018.06.004

M3 - Article

VL - 120

SP - 1

EP - 13

JO - International Journal of Human-Computer Studies

T2 - International Journal of Human-Computer Studies

JF - International Journal of Human-Computer Studies

SN - 1071-5819

ER -