The phishing victim profile: investigating how individual differences and social influence affect phishing susceptibility
This study aimed to construct a phishing victim profile based on differences in individual susceptibility due to a combination of dispositional factors and social engineering tactics. The individual differences investigated were demographic characteristics (i.e. age, gender and income) as well as th...
Saved in:
Main Author: | |
---|---|
Other Authors: | |
Format: | Final Year Project |
Language: | English |
Published: |
Nanyang Technological University
2024
|
Subjects: | |
Online Access: | https://hdl.handle.net/10356/177335 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Nanyang Technological University |
Language: | English |
Summary: | This study aimed to construct a phishing victim profile based on differences in individual susceptibility due to a combination of dispositional factors and social engineering tactics. The individual differences investigated were demographic characteristics (i.e. age, gender and income) as well as the Big Five personality traits (i.e. extraversion, agreeableness, conscientiousness, neuroticism and openness). The social engineering strategies examined were the principles of authority, social proof and scarcity. A total of 140 participants completed the online questionnaire on individual traits and the phishing detection task. There were four main findings for the study. First, the results revealed that participants were able to distinguish between real and phishing emails, as measured by their trust ratings. Furthermore, a signal detection analysis assessed potential response biases for participants’ phishing detection in detail. Second, contrary to the hypothesis, no significant differences were found in the effectiveness of the three social engineering strategies. As for individual differences, multiple regression analyses showed that only risk-taking propensity was found to be a significant predictor for phishing susceptibility. Finally, the only significant associations found between individual differences and social engineering strategies was for risk-taking and scarcity. Overall, the findings indicate that there is an urgent need for more research into the factors underlying phishing victimisation. |
---|