Predicting Phishing Victimization: Comparing Prior Victimization, Cognitive, and Emotional Styles, and Vulnerable or Protective E-mail Strategies

Stalans, Loretta; Chan-Tin, Eric; Hart, Anna; Moran, Madeline; Kennison, Shelia

doi:10.1080/15564886.2023.2218369

Predicting Phishing Victimization: Comparing Prior Victimization, Cognitive, and Emotional Styles, and Vulnerable or Protective E-mail Strategies

Phishing victimization is prevalent and results in theft of personal identifiable information (PII) or installing malware to steal PII. Drawing upon social psychological and criminological theories, we conducted a prospective study to assess three groups of predictors to being phished or not: a) pri...

Full description

Saved in:

Bibliographic Details
Authors:	Stalans, Loretta (Author) ; Chan-Tin, Eric (Author) ; Hart, Anna (Author) ; Moran, Madeline (Author) ; Kennison, Shelia (Author)
Format:	Electronic Article
Language:	English
Published:	2023
In:	Victims & offenders Year: 2023, Volume: 18, Issue: 7, Pages: 1216-1235
Online Access:	Volltext (kostenfrei)
Journals Online & Print:	Drawer...
Check availability:	HBZ Gateway
Keywords:	Victimization Lifestyle-Routine Activities Theory Phishing

Description
Summary:	Phishing victimization is prevalent and results in theft of personal identifiable information (PII) or installing malware to steal PII. Drawing upon social psychological and criminological theories, we conducted a prospective study to assess three groups of predictors to being phished or not: a) prior victimization; b) protective or vulnerable habitual strategies, and c) emotional and cognitive decision-making styles. Students (N = 236) completed a survey assessing these predictors and then about 4 weeks later received a phishing e-mail using the university’s phishing testing system. The e-mail requested that they click on a link and enter their student ID to avoid having their account blocked. About half (50.8%) clicked on the link, and 81.6% of those phished entered their PII. Individuals who had low avoidant style and high generalized anxiety were four times more likely to be phished, after controlling for the significant effects of vulnerable habitual strategies and using dating apps. Machine learning analyses also found cognitive styles and generalized anxiety are the better predictors of getting phished compared to vulnerable and protective strategies and prior victimization. These findings suggest that cybersecurity training needs to be expanded to address the emotional and cognitive processing of deceptive appeals in e-mails.
ISSN:	1556-4991
DOI:	10.1080/15564886.2023.2218369