Behavioral response to phishing risk

Tools that aim to combat phishing attacks must take into account how and why people fall for them in order to be effective. This study reports a pilot survey of 232 computer users to reveal predictors of falling for phishing emails, as well as trusting legitimate emails. Previous work suggests that people may be vulnerable to phishing schemes because their awareness of the risks is not linked to perceived vulnerability or to useful strategies in identifying phishing emails. In this survey, we explore what factors are associated with falling for phishing attacks in a role-play exercise. Our data suggest that deeper understanding of the web environment, such as being able to correctly interpret URLs and understanding what a lock signifies, is associated with less vulnerability to phishing attacks. Perceived severity of the consequences does not predict behavior. These results suggest that educational efforts should aim to increase users' intuitive understanding, rather than merely warning them about risks.

• Publication year

  2007

• Venue

  APWG Symposium on Electronic Crime Research

• Publication date

  2007-10-04

• Fields of study

  Computer Science, Engineering, Psychology

• Identifiers
  DOI 10.1145/1299015.1299019
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• Phinding Phish: An Evaluation of Anti-Phishing Toolbars

  2007influential reference
• Protecting people from phishing: the design and evaluation of an embedded training email system

  2007influential reference
• Learning to detect phishing emails

  2007cited by this paper
• Anti-Phishing Phil: the design and evaluation of a game that teaches people not to fall for phish

  2007cited by this paper
• Social phishing

  2007cited by this paper
• The Emperor's New Security Indicators

  2007cited by this paper
• Do security toolbars actually prevent phishing attacks?

  2006cited by this paper
• Decision strategies and susceptibility to phishing

  2006cited by this paper
• Why phishing works

  2006cited by this paper
• Fostering E-Mail Security Awareness: The West Point Carronade

  2005cited by this paper
• If You Build It, They Will Come

  2005cited by this paper
• The Design

  1998cited by this paper

• AI-Generated Phishing: Combining Human Behavior with Post Content to Assess Susceptibility

  2026cites this paper
• Sharing passwords with strangers – A laboratory study

  2026cites this paper
• Phishing Experiments in the Wild: Lessons for Ubiquitous and Context-Aware Security

  2025cites this paper
• Human factors in phishing: Understanding susceptibility and resilience

  2025cites this paper
• Does security attitude really predict susceptibility to persuasion tactics in social engineering attempts?

  2025cites this paper
• Cost-Sensitive User Modeling for Predicting Phishing Susceptibility

  2025cites this paper
• Risk Profiles for Cybercrime Victimization: A Conjunctive Analysis of Case Configurations

  2025cites this paper
• Improving online anti-phishing training using cognitive large language models

  2025cites this paper
• Exploring User Risk Factors and Target Groups for Phishing Victimization in Pakistan

  2025cites this paper
• Does protection motivation predict self-protective online behaviour? Comparing self-reported and actual online behaviour using a population-based survey experiment.

  2025cites this paper
• Examining the factors leading to URL fact-checking behavior among internet users

  2025cites this paper
• Phishing Vulnerability and Resilience: A Workplace Study in Saudi Arabia

  2025cites this paper
• Beyond Technical Barriers: A Multidimensional Conceptual Framework for Understanding and Countering Cyber Scam Susceptibility

  2024cites this paper
• Who will take the bait? Using an embedded, experimental study to chart organization-specific phishing risk profiles and the effect of a voluntary microlearning among employees of a Dutch municipality

  2024cites this paper
• The (Relative) Impact of Email Cues on the Perceived Threat of Phishing Attacks: A User Perspective on Phishing Deceptiveness

  2024cites this paper
• A Systematic Review of Social Engineering Attacks & Techniques: The Past, Present, and Future

  2024cites this paper
• Does trainer gender make a difference when delivering phishing training? A new experimental design to capture bias

  2024cites this paper
• From Chatbots to Phishbots?: Phishing Scam Generation in Commercial Large Language Models

  2024cites this paper
• VeriSMS: A Message Verification System for Inclusive Patient Outreach against Phishing Attacks

  2024cites this paper
• CLASSIFICATION AND METHODS OF DETECTION OF PHISHING ATTACKS

  2024cites this paper
• Utilizing Large Language Models to Optimize the Detection and Explainability of Phishing Websites

  2024cites this paper
• "Are Adversarial Phishing Webpages a Threat in Reality?" Understanding the Users' Perception of Adversarial Webpages

  2024cites this paper
• SMiShing Attack Vector: Surveying End-User Behavior, Experience, and Knowledge

  2023cites this paper
• Design and Evaluation of Inclusive Email Security Indicators for People with Visual Impairments

  2023cites this paper
• How Interactions Influence Users' Security Perception of Virtual Reality Authentication?

  2023cites this paper
• Revealing the Hidden Effects of Phishing Emails: An Analysis of Eye and Mouse Movements in Email Sorting Tasks

  2023cites this paper
• Secure cloud-based mobile apps: attack taxonomy, requirements, mechanisms, tests and automation

  2023cites this paper
• Explaining cybercrime victimization using a longitudinal population-based survey experiment. Are personal characteristics, online routine activities, and actual self-protective online behavior related to future cybercrime victimization?

  2023cites this paper
• #DM-Me: Susceptibility to Direct Messaging-Based Scams

  2023cites this paper
• The Influence of Context on Response to Spear-Phishing Attacks: an In-Situ Deception Study

  2023cites this paper
• Analytical reasoning reduces internet fraud susceptibility

  2023influential citation
• Understanding the Viability of Gmail's Origin Indicator for Identifying the Sender

  2023cites this paper
• A Quantitative Study of SMS Phishing Detection

  2023cites this paper
• Social engineering and the disclosure of personal identifiable information: Examining the relationship and moderating factors using a population-based survey experiment

  2023cites this paper
• Proxy Design: A Method for Involving Proxy Users to Speak on Behalf of Vulnerable or Unreachable Users in Co-Design

  2023cites this paper
• From Chatbots to PhishBots? - Preventing Phishing scams created using ChatGPT, Google Bard and Claude

  2023cites this paper
• Which phish is captured in the net? Understanding phishing susceptibility and individual differences

  2023cites this paper
• Phishing in the Free Waters: A Study of Phishing Attacks Created using Free Website Building Services

  2023cites this paper
• Anti-phishing: A comprehensive perspective

  2023cites this paper
• Human risk factors in cybersecurity

  2023cites this paper
• "I Want the Payment Process to be Cool": Understanding How Interaction Factors into Security and Privacy Perception of Authentication in Virtual Reality

  2023cites this paper
• Which factors predict susceptibility to phishing? An empirical study

  2023cites this paper
• SoK: Human-centered Phishing Susceptibility

  2022cites this paper
• Assessing Human-AI Interaction Early through Factorial Surveys: A Study on the Guidelines for Human-AI Interaction

  2022cites this paper
• Holding Your Hand on the Danger Button

  2022cites this paper
• Presenting Suspicious Details in User-Facing E-mail Headers Does Not Improve Phishing Detection

  2022cites this paper
• Cybersecurity Awareness Based on Software and E-mail Security with Statistical Analysis

  2022cites this paper
• Phishing awareness and education – When to best remind?

  2022cites this paper
• A Large-Scale Analysis of Phishing Websites Hosted on Free Web Hosting Domains

  2022cites this paper
• Predicting individual differences to cyber attacks: Knowledge, arousal, emotional and trust responses

  2021cites this paper
• Vulnerability on collaborative networks and customer engagement: defending the online customer experience from fake reviews

  2021cites this paper
• Human Factors in Phishing Attacks: A Systematic Literature Review

  2021cites this paper
• Evolving Phishing Email Prevention Techniques: A Survey to Pin Down Effective Phishing Study Design Concepts

  2021cites this paper
• Characteristics that Predict Phishing Susceptibility: A Review

  2021influential citation
• The Online Behaviour and Victimization Study: The Development of an Experimental Research Instrument for Measuring and Explaining Online Behaviour and Cybercrime Victimization

  2021influential citation
• Field Studies on the Impact of Cryptographic Signatures and Encryption on Phishing Emails

  2021cites this paper
• Sixteen Years of Phishing User Studies: What Have We Learned?

  2021cites this paper
• Knowledge and Capabilities that Non-Expert Users Bring to Phishing Detection

  2021influential citation
• Who is targeted by email-based phishing and malware?: Measuring factors that differentiate risk

  2020cites this paper
• The Phishing Email Suspicion Test (PEST) a lab-based task for evaluating the cognitive mechanisms of phishing detection

  2020cites this paper
• if Mr

  2020cites this paper
• Deceptive Previews: A Study of the Link Preview Trustworthiness in Social Platforms

  2020cites this paper
• “So if Mr Blue Head here clicks the link...” Risk Thinking in Cyber Security Decision Making

  2020cites this paper
• Does Decision-Making Style Predict Individuals' Cybersecurity Avoidance Behaviour?

  2020cites this paper
• Exploring Factors Affecting User's Cybersecurity Behaviour by Using Mobile Augmented Reality App (CybAR)

  2020cites this paper
• Bridging the Gap Between Intent and Outcome: Knowledge, Tools & Principles for Security-Minded Decision-Making

  2020cites this paper
• A Framework to Protect Against Phishing Attacks

  2020cites this paper
• Dynamic Recognition of Phishing URLs Using Deep Learning Techniques

  2020cites this paper
• Preventive Techniques of Phishing Attacks in Networks

  2020cites this paper
• Examining the Relationship between Threat and Coping Appraisal in Phishing Detection among College Students

  2020cites this paper
• Why Johnny can't rely on anti-phishing educational interventions to protect himself against contemporary phishing attacks?

  2020cites this paper
• Are They Likely to Complain on Phish or Spam? A Prediction Model

  2020cites this paper
• Email Embeddings for Phishing Detection

  2020cites this paper
• An investigation of phishing awareness and education over time: When and how to best remind users

  2020cites this paper
• Measuring Identity Confusion with Uniform Resource Locators

  2020cites this paper
• The initial socio-technical solution for phishing attack

  2020cites this paper
• Правові аспекти протидії фішингу: досвід Європейського Союзу

  2020cites this paper
• Phishing Detection through Email Embeddings

  2020cites this paper
• The accuracy of interrater reliability estimates found using a subset of the total data sample: A bootstrap analysis

  2020cites this paper
• Eyes on URLs: Relating Visual Behavior to Safety Decisions

  2020cites this paper
• Phishing: message appraisal and the exploration of fear and self-confidence

  2019cites this paper
• Human Risk Factors in Cybersecurity

  2019cites this paper
• A new approach to modelling the effects of cognitive processing and threat detection on phishing susceptibility

  2019cites this paper
• Data Analytics: Intelligent Anti-Phishing Techniques Based on Machine Learning

  2019cites this paper
• Mouse Behavior as an Index of Phishing Awareness

  2019cites this paper
• An Empirical Approach to Phishing Countermeasures Through Smart Glasses and Validation Agents

  2019cites this paper
• The design and evaluation of a theory-based intervention to promote security behaviour against phishing

  2019cites this paper
• A Naturalistic Methodology for Assessing Susceptibility to Social Engineering Through Phishing

  2019cites this paper
• Assessing the Presence of Mindfulness within Cyber and Non-Cybersecurity groups

  2019influential citation
• Put Your Warning Where Your Link Is: Improving and Evaluating Email Phishing Warnings

  2019cites this paper
• Applying Machine Learning Techniques to Understand User Behaviors When Phishing Attacks Occur

  2019cites this paper
• Social Engineering and Organisational Dependencies in Phishing Attacks

  2019cites this paper
• An Evaluation of User Awareness for the Detection of Phishing Emails

  2019cites this paper
• Suspicious URL Detection using Dynamic Learning Model with Machine Learning

  2019cites this paper
• What Message Characteristics Make Social Engineering Successful on Facebook: The Role of Central Route, Peripheral Route, and Perceived Risk

  2019cites this paper
• On Factors That Influence User Interactions with Social Media Spam: Empirical Exploration Based on a Survey and Experiment

  2019influential citation
• Modelling Anti-Phishing Authentication Ceremonies

  2019cites this paper
• Exploring the Impact of Asymmetrical Interfaces on Presence and Group Awareness in Mixed Reality Collaborative Environments

  2018cites this paper
• Assessing the information quality of phishing-related content on financial institutions' websites

  2018cites this paper
• Examinations of email fraud susceptibility:Perspectives from academic research and industry practice

  2018cites this paper