Abstract
Phishing, or the practice of sending deceptive electronic communications to acquire private information from victims, results in significant financial losses to individuals and businesses. The first goal of this study is to identify situational and personality factors that explain why certain individuals are susceptible to such attacks. The second goal is to test those empirically, along with previously identified factors, to explain the likelihood that an individual will fall victim to a phishing attack. We employed the Delphi method to identify seven personality factors that may influence this susceptibility (trust, distrust, curiosity, entertainment drive, boredom proneness, lack of focus, and risk propensity). Our regression model included these as well as variables examined in previous studies. We find that emails sent from a known source significantly increase user susceptibility to phishing, as does a user’s curiosity, risk propensity, general Internet usage, and Internet anxiety. In post hoc tests, we also find that trust and distrust can be significant predictors of susceptibility and that this significance is dependent on the characteristics of the message.
Special Issue Editors: Paul Benjamin Lowry, Tamara Dinev, Robert Willison
Special Issue Editors: Paul Benjamin Lowry, Tamara Dinev, Robert Willison
Additional information
Notes on contributors
Gregory D. Moody
Gregory D. Moody received his Ph.D. from the University of Pittsburgh and the University of Oulu. He has published in ISR, MISQ, JMIS, JAIS, ISJ, I&M, JASIST, and other journals. His interests include IS security and privacy, e-business (electronic markets, trust), and human–computer interaction (website browsing, entertainment).
Dennis F. Galletta
Dennis F. Galletta is an AIS Fellow, was previously President of AIS, and is a recent LEO award winner. He also serves as Director of Doctoral Programs at Katz. He obtained his Ph.D. in MIS from the University of Minnesota, and his research interests cover end-user behaviour, attitudes, and performance, as well as behavioural security.
Brian Kimball Dunn
Brian Kimball Dunn received his Ph.D. in Information Systems from the Katz Graduate School of Business at the University of Pittsburgh. Prior to entering academia, he spent 10 years in corporate practice managing e-commerce and online marketing functions for large multi-national corporations.