Abstract
Phishing emails provide a means to infiltrate the technical systems of organisations by encouraging employees to click on malicious links or attachments. Despite the use of awareness campaigns and phishing simulations, employees remain vulnerable to phishing emails. The present research uses a mixed methods approach to explore employee susceptibility to targeted phishing emails, known as spear phishing. In Study One, nine spear phishing simulation emails sent to 62,000 employees over a six-week period were rated according to the presence of authority and urgency influence techniques. Results demonstrated that the presence of authority cues increased the likelihood that a user would click a suspicious link contained in an email. In Study Two, six focus groups were conducted in a second organisation to explore whether additional factors within the work environment impact employee susceptibility to spear phishing. We discuss these factors in relation to current theoretical approaches and provide implications for user communities.
Original language | English |
---|---|
Pages (from-to) | 1-13 |
Number of pages | 13 |
Journal | International Journal of Human-Computer Studies |
Volume | 120 |
Early online date | 19 Jul 2018 |
DOIs | |
Publication status | Published - 31 Dec 2018 |
Keywords
- Cyber security
- Employee susceptibility
- Human factors
- Organisational behavior
- Phishing
- Social engineering
ASJC Scopus subject areas
- Software
- Human Factors and Ergonomics
- Education
- General Engineering
- Human-Computer Interaction
- Hardware and Architecture
Fingerprint
Dive into the research topics of 'Exploring Susceptibility to Phishing in the Workplace'. Together they form a unique fingerprint.Profiles
-
Adam Joinson
- Management - Professor
- Information, Decisions & Operations
- Applied Digital Behaviour Lab
- EPSRC Centre for Doctoral Training in Cyber Security
- Institute for Digital Security and Behaviour (IDSB)
Person: Research & Teaching, Core staff