This paper examines online users’ perceived susceptibility to phishing attacks. We posit that an individual’s phishing susceptibility may be shaped by recent phishing encounters and, more importantly, that the effect of new experience on susceptibility will be heterogeneous among users. To facilitate our investigation, we focus on both the process and outcome of phishing detection. Survey data from college students confirms that one’s susceptibility is affected by detection process difficulty and detection outcome failures in the recent phishing encounter. Results also reveal the importance of personal attributes, such as past success in phishing detection and phishing desensitization, in regulating the effects of a recent phishing encounter. Finally, results show the relationship between detection process difficulty and outcome failures, in addition to confirming antecedents to the two detection components. Our research generates new knowledge that contributes to the phishing literature and it also sheds new insights that inform practitioners, although the use of college students limits the generalizability of the current findings.
The Impact of Workload on Phishing Susceptibility: An Experiment
Phishing is when social engineering is used to deceive a person into sharing sensitive information or downloading...