![Sample our Humanities journals, sign in here to start your FREE access for 14 days]({"type":"image" , "src" : "/sda/5939/TOC-Subject-Sample-2021-Humanities.jpg"})
ABSTRACT
Email phishing is a serious and potentially catastrophic threat to organisations and individuals. Understanding what factors may influence individual susceptibility to phishing attacks is essential to protecting against cybercrime. We investigated the potential interplay between conscientiousness and cue utilisation in individuals’ ability to accurately differentiate between phishing and legitimate emails. University students (N = 255) completed a phishing detection task, the Mini International Personality Item Pool, and the phishing edition of the Expert Intensive Skill Evaluation (2.0) battery. After, they were sent simulated phishing emails to their student email address. A Signal Detection Theory approach revealed that higher cue utilisation was associated with a greater ability to tell whether an e-mail was phishing or not in the detection task. For the simulated phishing emails, participants with lower conscientiousness were more likely to click an embedded link in an unsophisticated phishing email, however cue utilisation had no association with email engagement in a naturalistic setting. The findings provide insight into why some people are more susceptible to phishing scams and reveal important differences in phishing sensitivity as a function of context, which has implications to interventions.
Disclosure statement
No potential conflict of interest was reported by the author(s).
Data availability statement
The data that support the findings of this study are available on request from the corresponding author. The data are not publicly available due to privacy or ethical restrictions.