RT Article
T1 Being phished and reporting phishing emails: emotional and knowledge antecedents and training gaps
JF Journal of crime and justice
VO 48
IS 4
SP 533
OP 551
A1 Stalans, Loretta J.
A1 Chan-Tin, Eric
A1 Moran, Madeline
A1 Hart, Anna
A1 Pardonek, James
A2 Chan-Tin, Eric
A2 Moran, Madeline
A2 Hart, Anna
A2 Pardonek, James
LA English
YR 2025
UL https://krimdok.uni-tuebingen.de/Record/1937673553
AB Research on phishing, a prevalent cybercrime, has not addressed which dispositional and knowledge antecedents are related to reporting suspicious emails to their organizations and has provided limited attention to emotions as a predictor of being phished. Our prospective design involved two phases where employees and students at a university (N = 538) first completed a survey and then, after 1 month, were sent three phishing emails spaced weeks apart without their knowledge. Trained members were more likely to have knowledge about safe URLs and this accurate knowledge was associated with a lower rate of being phished and a higher rate of reporting phishing emails. Untrained members had a higher rate of clicking on links and a lower rate of reporting suspicious emails than recently trained members, though training efficacy dissipates over time. Members with high generalized anxiety were more likely to click on links and less likely to report phishing emails, suggesting a gap in training curriculum. High avoidant cognitive styles were less likely to report phishing emails, and these styles are more prevalent among those with high anxiety. Policies and training curriculum need to address anxiety to create a stronger defense against phishing and hacking attacks.
K1 Cybervictimization
K1 Emotions
K1 Cybersecurity training
DO 10.1080/0735648X.2024.2415321