Abstract
Phishing is an attempt to acquire sensitive information from a user by malicious means. The losses due to phishing have exceeded a trillion dollars globally. In investigating phishing susceptibility, literature has largely examined structural and individual characteristics. Very little attention has been paid to neural measures within phishing contexts. In this paper, we explore the role of cognitive responses and correlated brain responses in phishing context. Such research is useful because a deeper understanding of persuasion techniques can inform the design of effective countermeasures for detecting and blocking phishing messages.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Valecha, R., Chen, R., Herath, T., Vishwanath, A., Wang, J., & Rao, R. (2015). An exploration of phishing information sharing: A heuristic-systematic approach. In Proceedings of Workshop on Information Security and Privacy. Fort Worth, TX.
Wang, J., Xiao, N., & Rao, H. R. (2015). An exploration of risk characteristics of information security threats and related public information search behavior. Information Systems Research.
Kaspersky. (2013). http://media.kaspersky.com/pdf/kaspersky_lab_ksn_report_the_evolution_of_phishing_attacks_2011-2013.pdf.
Schwatz, M. (2016). FBI: Global business email compromise losses hit $12.5 billion. Bank Info Security. Retrieved from https://www.bankinfosecurity.com/fbi-alert-reported-ceo-fraud-losses-hit-125-billion-a-11206.
Kumaraguru, P., Rhee, Y., Acquisti, A., Cranor, L. F., Hong, J., & Nunge, E. (2007). Protecting people from phishing: the design and evaluation of an embedded training email system. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (pp. 905–914). ACM.
Wang, J., Li, Y., & Rao, H. R. (2017). Coping responses in phishing detection: an investigation of antecedents and consequences. Information Systems Research, 28(2), 378–396.
Valecha, R., Chen, R., Herath, T., Vishwanath, A., Wang, J., & Rao, H. R. (2016). Reward-based and risk-based persuasion in phishing emails. In Dewald Roode Workshop on Information Systems Security Research IFIP. Albuquerque, NM.
Valecha, R., Chen, R., Herath, T., Vishwanath, A., Wang, J., & Rao, H. R. (2017). A Multi-level model of phishing email detection. In Dewald Roode Workshop on Information Systems Security Research IFIP. Tampa, FL.
Green, D. M., & Sweets, J. A. (1966). Signal detection theory and psychophysics (Vol. 1). New York: Wiley.
Vishwanath, A., Harrison, B., & Ng, Y. J. (2016). Suspicion, cognition, and automaticity model of phishing susceptibility. Communication Research.
Wang, J., Herath, T., Chen, R., Vishwanath, A., & Rao, H. R. (2012). Research article phishing susceptibility: An investigation into the processing of a targeted spear phishing email. IEEE Transactions on Professional Communication, 55(4), 345–362.
Wang, J., Li, Y., & Rao, H. R. (2016). Overconfidence in phishing email detection. Journal of the Association for Information Systems, 17(11), 759.
Abbasi, A., Zahedi, F. M., Zeng, D., Chen, Y., Chen, H., & Nunamaker, J. F., Jr. (2015). Enhancing predictive analytics for anti-phishing by exploiting website genre information. Journal of Management Information Systems, 31(4), 109–157.
Wang, J., Chen, R., Herath, T., & Rao, H. R. (2009). An exploration of the design features of phishing attacks. Information Assurance, Security and Privacy Services, 4, 29.
Flores, W. R., Holm, H., Nohlberg, M., & Ekstedt, M. (2015). Investigating personal determinants of phishing and the effect of national culture. Information & Computer Security, 23(2), 178–199.
Kumaraguru, P., Cranshaw, J., Acquisti, A., Cranor, L., Hong, J., Blair, M. A., & Pham, T. (2009). School of phish: a real-world evaluation of anti-phishing training. In Proceedings of the 5th Symposium on Usable Privacy and Security (p. 3). ACM.
Sheng, S., Holbrook, M., Kumaraguru, P., Cranor, L. F., & Downs, J. (2010). Who falls for phish? A demographic analysis of phishing susceptibility and effectiveness of interventions. In Proceedings of the 28th International Conference on Human factors in Computing Systems (pp. 1–10).
Iuga, C., Nurse, J. R., & Erola, A. (2016). Baiting the hook: Factors impacting susceptibility to phishing attacks. Human-centric Computing and Information Sciences, 6(1), 8.
Butavicius, M., Parsons, K., Pattinson, M., McCormac, A., Calic, D., & Lillie, M. (2017). Understanding susceptibility to phishing emails: assessing the impact of individual differences and culture. In Proceedings of the Eleventh International Symposium on Human Aspects of Information Security and Assurance (pp. 12–23).
Williams, E. J., Hinds, J., & Joinson, A. N. (2018). Exploring susceptibility to phishing in the workplace. International Journal of Human-Computer Studies, 120, 1–13.
Parrish, J. L., Bailey, J. L., & Courtney, J. F. (2009). A personality based model for determining susceptibility to phishing attacks. Little Rock: University of Arkansas (pp. 285–296).
Neupane, A., Saxena, N., Maximo, J. O., & Kana, R. (2016). Neural Markers of Cybersecurity: An fMRI Study of Phishing and Malware Warnings. IEEE Transactions on Information Forensics and Security, 11(9), 1970–1983.
Neupane, A., Saxena, N., & Hirshfield, L. (2017). Neural Underpinnings of website legitimacy and familiarity detection: An fNIRS study. In Proceedings of the 26th International Conference on World Wide Web (pp. 1571–1580). International World Wide Web Conferences Steering Committee.
Downs, J. S., Holbrook, M. B., & Cranor, L. F. (2006). Decision strategies and susceptibility to phishing. In Proceedings of the 2nd Symposium on Usable Privacy and Security (pp. 79–90). Pittsburg, PA: ACM Press.
Vishwanath, A., Herath, T., Chen, R., Wang, J., & Rao, H. R. (2011). Why do people get phished? Testing individual differences in phishing vulnerability within an integrated, information processing model. Decision Support Systems, 51(3), 576–586.
Anandpara, V., Dingman, A., Jakobsson, M., & Liu, D. (2007). Phishing IQ tests measure fear, not ability. In Proceedings of the 11th International Conference on Financial cryptography (pp. 362–366).
Dhamija, R., Tygar, J. D., & Hearst, M. (2006). Why phishing works. In Proceedings of the SIGCHI conference on Human Factors in computing systems (pp. 581–590). ACM.
Furnell, S. (2007). Phishing: Can we spot the signs? Computer Fraud and Security, 2007(3), 10–15.
Adware. (2016). The Big Three Email Nuisances: Spam, Phishing and Spoofing. Adware. Retrieved from https://www.adaware.com/blog/the-big-three-email-nuisances-spam-phishing-and-spoofing.
Müller-Putz, G. R., Riedl, R., & Wriessnegger, S. C. (2015). Electroencephalography (EEG) as a research tool in the information systems discipline: Foundations, measurement, and applications. Communications of the Association for Information Systems, 37(46), 911–948.
Navarro-Cebrian, A., Knight, R. T., & Kayser, A. S. (2016). Frontal monitoring and parietal evidence: Mechanisms of error correction. Journal of Cognitive Neuroscience, 28(8), 1166–1177.
Gold, J. I., & Shadlen, M. N. (2007). The neural basis of decision making. Annual Review of Neuroscience, 30, 535–574.
Valecha, R., Chen, R., Herath, T., Vishwanath, A., Wang, J., & Rao, H. R. (2015). An exploration of language acts of persuasion in phishing emails. In Dewald Roode Workshop on Information Systems Security Research IFIP. Newark, DE.
Acknowledgements
We would like to thank the anonymous reviewers for their comments that have significantly improved the paper. We would also like to thank Sumanpreet Kaur for her help in conducting experiments. This research has been funded in part by NSF 1724725 and 1651475. The usual disclaimer applies.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Valecha, R., Gonzalez, A., Mock, J., Golob, E.J., Raghav Rao, H. (2020). Investigating Phishing Susceptibility—An Analysis of Neural Measures. In: Davis, F., Riedl, R., vom Brocke, J., Léger, PM., Randolph, A., Fischer, T. (eds) Information Systems and Neuroscience. Lecture Notes in Information Systems and Organisation, vol 32. Springer, Cham. https://doi.org/10.1007/978-3-030-28144-1_12
Download citation
DOI: https://doi.org/10.1007/978-3-030-28144-1_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-28143-4
Online ISBN: 978-3-030-28144-1
eBook Packages: Business and ManagementBusiness and Management (R0)