SoK: Human-centered Phishing Susceptibility-Reference-Cited by-同舟云学术

SoK: Human-centered Phishing Susceptibility

Published:2023-04-14 Issue:3 Volume:26 Page:1-27
ISSN:2471-2566
Container-title:ACM Transactions on Privacy and Security
language:en
Short-container-title:ACM Trans. Priv. Secur.

Author:

Zhuo Sijie¹^ORCID,Biddle Robert²^ORCID,Koh Yun Sing¹^ORCID,Lottridge Danielle¹^ORCID,Russello Giovanni¹^ORCID

Affiliation:

1. University of Auckland, Auckland, New Zealand

2. University of Auckland, Auckland, New Zealand and Carleton University, Ottawa, Canada

Abstract

Phishing is recognized as a serious threat to organizations and individuals. While there have been significant technical advances in blocking phishing attacks, end-users remain the last line of defence after phishing emails reach their email inboxes. Most of the existing literature on this subject has focused on the technical aspects related to phishing. The factors that cause humans to be susceptible to phishing attacks are still not well-understood. To fill this gap, we reviewed the available literature and systematically categorized the phishing susceptibility variables studied. We classify variables based on their temporal scope, which led us to propose a three-stage Phishing Susceptibility Model (PSM) for explaining how humans are vulnerable to phishing attacks. This model reveals several research gaps that need to be addressed to understand and improve protection against phishing susceptibility. Our review also systematizes existing studies by their sample size and generalizability and further suggests a practical impact assessment of the value of studying variables: Some more easily lead to improvements than others. We believe that this article can provide guidelines for future phishing susceptibility research to improve experiment design and the quality of findings.

Funder

Natural Sciences and Engineering Research Council of Canada

Publisher

Association for Computing Machinery (ACM)

Subject

Safety, Risk, Reliability and Quality,General Computer Science

Link

https://dl.acm.org/doi/pdf/10.1145/3575797

Reference108 articles.

1. Juggling on a high wire: Multitasking effects on performance

2. What Is the Influence of Users’ Characteristics on Their Ability to Detect Phishing Emails?

3. Ibrahim Alseadoon, Mohd Othman, Ernest Foo, and Taizan Chan. 2013. Typology of phishing email victims based on their behavioural response. In 19th Americas Conference on Information Systems. Association for Information Systems (AIS), http://aisel.aisnet.org/, 3716–3724. Retrieved fromhttps://eprints.qut.edu.au/68373/.

4. Pierre-Emmanuel Arduin. 2020. To click or not to click? Deciding to trust or distrust phishing emails. In International Conference on Decision Support System Technology. Springer, 73–85.

5. Analysis of student vulnerabilities to phishing;Bailey Janet L.;AMCIS 2008 Proc.,2008

Cited by 3 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Investigation of Phishing Susceptibility with Explainable Artificial Intelligence;Future Internet;2024-01-17

2. South Africans’ susceptibility to phishing attacks;Southern African Journal of Accountability and Auditing Research;2023-11

3. Human-centered Behavioral and Physiological Security;New Security Paradigms Workshop;2023-09-18