The role of cue utilization in the detection of phishing emails

The role of cue utilization in the detection of phishing emails

This study was designed to examine the roles of cue utilization, phishing features and time pressure in the detection of phishing emails. During two experiments, participants completed an email sorting task containing both phishing and genuine emails. Participants were allocated to either a high or...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Applied ergonomics 2023-01, Vol.106, p.103887-103887, Article 103887
Hauptverfasser: Sturman, Daniel, Valenzuela, Chelsea, Plate, Oliver, Tanvir, Tazin, Auton, Jaime C., Bayl-Smith, Piers, Wiggins, Mark W.
Format: Artikel
Sprache:eng
Schlagworte:
Cue utilization
Cybersecurity
Information processing
Phishing
Visual search
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:This study was designed to examine the roles of cue utilization, phishing features and time pressure in the detection of phishing emails. During two experiments, participants completed an email sorting task containing both phishing and genuine emails. Participants were allocated to either a high or low time pressure condition. Performance was assessed via detection sensitivity and response bias. Participants were classified with either higher or lower cue utilization and completed a measure of phishing knowledge. When participants were blind to the nature of the study (N = 191), participants with higher cue utilization were better able to discriminate phishing from genuine emails. However, they also recorded a stronger bias towards classifying emails as phishing, compared to participants with lower cue utilization. When notified of phishing base rates prior to the email sorting task (N = 191), participants with higher cue utilization were better able to discriminate phishing from genuine emails without recording an increase in rate of false alarms, compared to participants with lower cue utilization. Sensitivity increased with a reduction in time pressure, while response bias was influenced by the number of phishing-related features in each email. The outcomes support the proposition that cue-based processing of critical features is associated with an increase in the capacity of individuals to discriminate phishing from genuine emails, above and beyond phishing-related knowledge. From an applied perspective, these outcomes suggest that cue-based training may be beneficial for improving detection of phishing emails. •Cue utilization predicts detection of phishing emails.•Cue utilization can predict misclassification of genuine emails as phishing.•When aware of phishing emails, cue utilization does not predict misclassification.•Response bias is influenced by the number of phishing-related features in emails.•Cue utilization predicts performance controlling for phishing knowledge.
ISSN:0003-6870
1872-9126
DOI:10.1016/j.apergo.2022.103887