Skip to main content
SpringerLink
Log in

Investigating Phishing Susceptibility—An Analysis of Neural Measures

  • Conference paper
  • First Online:
Information Systems and Neuroscience

Part of the book series: Lecture Notes in Information Systems and Organisation ((LNISO,volume 32))

Abstract

Phishing is an attempt to acquire sensitive information from a user by malicious means. The losses due to phishing have exceeded a trillion dollars globally. In investigating phishing susceptibility, literature has largely examined structural and individual characteristics. Very little attention has been paid to neural measures within phishing contexts. In this paper, we explore the role of cognitive responses and correlated brain responses in phishing context. Such research is useful because a deeper understanding of persuasion techniques can inform the design of effective countermeasures for detecting and blocking phishing messages.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Valecha, R., Chen, R., Herath, T., Vishwanath, A., Wang, J., & Rao, R. (2015). An exploration of phishing information sharing: A heuristic-systematic approach. In Proceedings of Workshop on Information Security and Privacy. Fort Worth, TX.

    Google Scholar 

  2. Wang, J., Xiao, N., & Rao, H. R. (2015). An exploration of risk characteristics of information security threats and related public information search behavior. Information Systems Research.

    Google Scholar 

  3. Kaspersky. (2013). http://media.kaspersky.com/pdf/kaspersky_lab_ksn_report_the_evolution_of_phishing_attacks_2011-2013.pdf.

  4. Schwatz, M. (2016). FBI: Global business email compromise losses hit $12.5 billion. Bank Info Security. Retrieved from https://www.bankinfosecurity.com/fbi-alert-reported-ceo-fraud-losses-hit-125-billion-a-11206.

  5. Kumaraguru, P., Rhee, Y., Acquisti, A., Cranor, L. F., Hong, J., & Nunge, E. (2007). Protecting people from phishing: the design and evaluation of an embedded training email system. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (pp. 905–914). ACM.

    Google Scholar 

  6. Wang, J., Li, Y., & Rao, H. R. (2017). Coping responses in phishing detection: an investigation of antecedents and consequences. Information Systems Research, 28(2), 378–396.

    Article  Google Scholar 

  7. Valecha, R., Chen, R., Herath, T., Vishwanath, A., Wang, J., & Rao, H. R. (2016). Reward-based and risk-based persuasion in phishing emails. In Dewald Roode Workshop on Information Systems Security Research IFIP. Albuquerque, NM.

    Google Scholar 

  8. Valecha, R., Chen, R., Herath, T., Vishwanath, A., Wang, J., & Rao, H. R. (2017). A Multi-level model of phishing email detection. In Dewald Roode Workshop on Information Systems Security Research IFIP. Tampa, FL.

    Google Scholar 

  9. Green, D. M., & Sweets, J. A. (1966). Signal detection theory and psychophysics (Vol. 1). New York: Wiley.

    Google Scholar 

  10. Vishwanath, A., Harrison, B., & Ng, Y. J. (2016). Suspicion, cognition, and automaticity model of phishing susceptibility. Communication Research.

    Google Scholar 

  11. Wang, J., Herath, T., Chen, R., Vishwanath, A., & Rao, H. R. (2012). Research article phishing susceptibility: An investigation into the processing of a targeted spear phishing email. IEEE Transactions on Professional Communication, 55(4), 345–362.

    Article  Google Scholar 

  12. Wang, J., Li, Y., & Rao, H. R. (2016). Overconfidence in phishing email detection. Journal of the Association for Information Systems, 17(11), 759.

    Article  Google Scholar 

  13. Abbasi, A., Zahedi, F. M., Zeng, D., Chen, Y., Chen, H., & Nunamaker, J. F., Jr. (2015). Enhancing predictive analytics for anti-phishing by exploiting website genre information. Journal of Management Information Systems, 31(4), 109–157.

    Article  Google Scholar 

  14. Wang, J., Chen, R., Herath, T., & Rao, H. R. (2009). An exploration of the design features of phishing attacks. Information Assurance, Security and Privacy Services, 4, 29.

    Article  Google Scholar 

  15. Flores, W. R., Holm, H., Nohlberg, M., & Ekstedt, M. (2015). Investigating personal determinants of phishing and the effect of national culture. Information & Computer Security, 23(2), 178–199.

    Article  Google Scholar 

  16. Kumaraguru, P., Cranshaw, J., Acquisti, A., Cranor, L., Hong, J., Blair, M. A., & Pham, T. (2009). School of phish: a real-world evaluation of anti-phishing training. In Proceedings of the 5th Symposium on Usable Privacy and Security (p. 3). ACM.

    Google Scholar 

  17. Sheng, S., Holbrook, M., Kumaraguru, P., Cranor, L. F., & Downs, J. (2010). Who falls for phish? A demographic analysis of phishing susceptibility and effectiveness of interventions. In Proceedings of the 28th International Conference on Human factors in Computing Systems (pp. 1–10).

    Google Scholar 

  18. Iuga, C., Nurse, J. R., & Erola, A. (2016). Baiting the hook: Factors impacting susceptibility to phishing attacks. Human-centric Computing and Information Sciences, 6(1), 8.

    Article  Google Scholar 

  19. Butavicius, M., Parsons, K., Pattinson, M., McCormac, A., Calic, D., & Lillie, M. (2017). Understanding susceptibility to phishing emails: assessing the impact of individual differences and culture. In Proceedings of the Eleventh International Symposium on Human Aspects of Information Security and Assurance (pp. 12–23).

    Google Scholar 

  20. Williams, E. J., Hinds, J., & Joinson, A. N. (2018). Exploring susceptibility to phishing in the workplace. International Journal of Human-Computer Studies, 120, 1–13.

    Article  Google Scholar 

  21. Parrish, J. L., Bailey, J. L., & Courtney, J. F. (2009). A personality based model for determining susceptibility to phishing attacks. Little Rock: University of Arkansas (pp. 285–296).

    Google Scholar 

  22. Neupane, A., Saxena, N., Maximo, J. O., & Kana, R. (2016). Neural Markers of Cybersecurity: An fMRI Study of Phishing and Malware Warnings. IEEE Transactions on Information Forensics and Security, 11(9), 1970–1983.

    Article  Google Scholar 

  23. Neupane, A., Saxena, N., & Hirshfield, L. (2017). Neural Underpinnings of website legitimacy and familiarity detection: An fNIRS study. In Proceedings of the 26th International Conference on World Wide Web (pp. 1571–1580). International World Wide Web Conferences Steering Committee.

    Google Scholar 

  24. Downs, J. S., Holbrook, M. B., & Cranor, L. F. (2006). Decision strategies and susceptibility to phishing. In Proceedings of the 2nd Symposium on Usable Privacy and Security (pp. 79–90). Pittsburg, PA: ACM Press.

    Google Scholar 

  25. Vishwanath, A., Herath, T., Chen, R., Wang, J., & Rao, H. R. (2011). Why do people get phished? Testing individual differences in phishing vulnerability within an integrated, information processing model. Decision Support Systems, 51(3), 576–586.

    Article  Google Scholar 

  26. Anandpara, V., Dingman, A., Jakobsson, M., & Liu, D. (2007). Phishing IQ tests measure fear, not ability. In Proceedings of the 11th International Conference on Financial cryptography (pp. 362–366).

    Google Scholar 

  27. Dhamija, R., Tygar, J. D., & Hearst, M. (2006). Why phishing works. In Proceedings of the SIGCHI conference on Human Factors in computing systems (pp. 581–590). ACM.

    Google Scholar 

  28. Furnell, S. (2007). Phishing: Can we spot the signs? Computer Fraud and Security, 2007(3), 10–15.

    Article  Google Scholar 

  29. Adware. (2016). The Big Three Email Nuisances: Spam, Phishing and Spoofing. Adware. Retrieved from https://www.adaware.com/blog/the-big-three-email-nuisances-spam-phishing-and-spoofing.

  30. Müller-Putz, G. R., Riedl, R., & Wriessnegger, S. C. (2015). Electroencephalography (EEG) as a research tool in the information systems discipline: Foundations, measurement, and applications. Communications of the Association for Information Systems, 37(46), 911–948.

    Google Scholar 

  31. Navarro-Cebrian, A., Knight, R. T., & Kayser, A. S. (2016). Frontal monitoring and parietal evidence: Mechanisms of error correction. Journal of Cognitive Neuroscience, 28(8), 1166–1177.

    Article  Google Scholar 

  32. Gold, J. I., & Shadlen, M. N. (2007). The neural basis of decision making. Annual Review of Neuroscience, 30, 535–574.

    Article  Google Scholar 

  33. Valecha, R., Chen, R., Herath, T., Vishwanath, A., Wang, J., & Rao, H. R. (2015). An exploration of language acts of persuasion in phishing emails. In Dewald Roode Workshop on Information Systems Security Research IFIP. Newark, DE.

    Google Scholar 

Download references

Acknowledgements

We would like to thank the anonymous reviewers for their comments that have significantly improved the paper. We would also like to thank Sumanpreet Kaur for her help in conducting experiments. This research has been funded in part by NSF 1724725 and 1651475. The usual disclaimer applies.

Author information

Authors and Affiliations

  1. Department of Information Systems and Cyber Security, San Antonio, USA

    Rohit Valecha, Adam Gonzalez & H. Raghav Rao

  2. Department of Psychology, University of Texas at San Antonio, San Antonio, USA

    Adam Gonzalez, Jeffrey Mock & Edward J. Golob

Authors
  1. Rohit Valecha
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Adam Gonzalez
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jeffrey Mock
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Edward J. Golob
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. H. Raghav Rao
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rohit Valecha .

Editor information

Editors and Affiliations

  1. Information Systems and Quantitative Sciences (ISQS), Texas Tech University, Lubbock, TX, USA

    Fred D. Davis

  2. University of Applied Sciences Upper Austria, Steyr, Oberösterreich, Austria

    René Riedl

  3. Department of Information Systems, University of Liechtenstein, Vaduz, Liechtenstein

    Jan vom Brocke

  4. Department of Information Technology, HEC Montréal, Montreal, QC, Canada

    Pierre-Majorique Léger

  5. Department of Information Systems, Kennesaw State University, Kennesaw, GA, USA

    Adriane Randolph

  6. Department for Digital Business, University of Applied Sciences Upper Austria, Steyr, Oberösterreich, Austria

    Thomas Fischer

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Valecha, R., Gonzalez, A., Mock, J., Golob, E.J., Raghav Rao, H. (2020). Investigating Phishing Susceptibility—An Analysis of Neural Measures. In: Davis, F., Riedl, R., vom Brocke, J., Léger, PM., Randolph, A., Fischer, T. (eds) Information Systems and Neuroscience. Lecture Notes in Information Systems and Organisation, vol 32. Springer, Cham. https://doi.org/10.1007/978-3-030-28144-1_12

Download citation

Publish with us

Policies and ethics

Search

Navigation