Suspicion, cognition, and automaticity model of phishing susceptibility

Social-psychological research on phishing has implicated ineffective cognitive processing as the key reason for individual victimization. Interventions have consequently focused on training individuals to better detect deceptive emails. Evidence, however, points to individuals sinking into patterns of email usage that within a short period of time results in an attenuation of the training effects. Thus, individual email habits appear to be another predictor of their phishing susceptibility. To comprehensively account for all these influences, we built a model that accounts for the cognitive, preconscious, and automatic processes that potentially leads to phishing-based deception. The resultant suspicion, cognition, and automaticity model (SCAM) was tested using two experimental studies in which participants were subjected to different types of email-based phishing attacks.