Phishing emails have become a prevalent cybersecurity threat for the modern email user. Research attempting to understand how users are susceptible to phishing attacks has been limited and hasn't fully explored how task factors influence accurate detection. Even further lacking are the existing training interventions that still have users falling victim to up to 90% of phishing emails following training. The present studies examined how task factors (e.g., email load, phishing prevalence) and a new form of intervention, rather than training, influence email performance. In four experiments, participants classified emails as either legitimate or not legitimate and reported on a variety of other categorizations (e.g., threat level). The first two experiments examined how email load and phishing prevalence influence phishing detection. The third experiment examined the interaction of these two factors to determine whether they have compounding effects. The last experiment investigated how performance can be improved with a novel cheat sheet intervention method. All four experiments utilized individual difference variables to examine how cognitive, behavioral, and personality factors influence detection under various task conditions and how they impact the utilization of training interventions. The results across the first three experiments indicated that both high email load and low phishing prevalence decrease email classification accuracy and sensitivity. However, performance was poor across all conditions, with phishing detection near chance performance and sensitivity values indicating that the task was very challenging. Additionally, participants demonstrated poor metacognition with over confidence, low self-reported difficulty, and low perceived threat for the emails. Experiment 4's results indicated that phishing detection could be improved by 20% with the embedded cheat sheet intervention. Overall, the present studies suggest that email load and phishing prevalence can decrease fraud detection, but that embedded phishing tips can improve performance.
If this is your thesis or dissertation, and want to learn how to access it or for more information about readership statistics, contact us at STARS@ucf.edu
Doctor of Philosophy (Ph.D.)
College of Sciences
Psychology; Human Factors Cognitive Psychology
Length of Campus-only Access
Doctoral Dissertation (Open Access)
Sarno, Dawn, "Does One Bad Phish Spoil the Whole Email Load?: Exploring Phishing Susceptibility Task Factors and Potential Interventions" (2020). Electronic Theses and Dissertations, 2020-. 452.