Study of Student Personality Trait on Spear-Phishing Susceptibility Behavior

Spear-phishing emails are an effective cyber-attack method due to the fact that the emails sent are highly personalized to look like a regular legitimate email. Recently, it was discovered that personality traits of the victim have an impact on a person's susceptibility to spear-phishing. This study aims to identify which personality traits affect spear-phishing susceptibility besides other traits such as Information Technology background, gender, and age. In addition, measure of the effectiveness of embedded training systems and see whether message framing can further help increase its effectiveness. A personality trait survey was sent to 100 participants, followed by a real-life spear-phishing simulation to measure a certain personality trait’s influence on phishing susceptibility. After a two-week period, the second round of spear-phishing emails was sent again to measure message framing effectiveness. The personality traits analysis results show that users with higher levels of Internet anxiety are less susceptible to spear-phishing emails. While the message framing did not show any significant results, the embedded training program reduced the click rate. Findings revealed that certain people are more susceptible to spear-phishing emails than others. Thus, this work can guide an institution or organizations to identify which group of people are more vulnerable to spear-phishing.