The phishing victim profile: investigating how individual differences and social influence affect phishing susceptibility

This study aimed to construct a phishing victim profile based on differences in individual susceptibility due to a combination of dispositional factors and social engineering tactics. The individual differences investigated were demographic characteristics (i.e. age, gender and income) as well as th...

Full description

Saved in:
Bibliographic Details
Main Author: Yeo, Yeo
Other Authors: Olivia Choy
Format: Final Year Project
Language:English
Published: Nanyang Technological University 2024
Subjects:
Online Access:https://hdl.handle.net/10356/177335
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
Description
Summary:This study aimed to construct a phishing victim profile based on differences in individual susceptibility due to a combination of dispositional factors and social engineering tactics. The individual differences investigated were demographic characteristics (i.e. age, gender and income) as well as the Big Five personality traits (i.e. extraversion, agreeableness, conscientiousness, neuroticism and openness). The social engineering strategies examined were the principles of authority, social proof and scarcity. A total of 140 participants completed the online questionnaire on individual traits and the phishing detection task. There were four main findings for the study. First, the results revealed that participants were able to distinguish between real and phishing emails, as measured by their trust ratings. Furthermore, a signal detection analysis assessed potential response biases for participants’ phishing detection in detail. Second, contrary to the hypothesis, no significant differences were found in the effectiveness of the three social engineering strategies. As for individual differences, multiple regression analyses showed that only risk-taking propensity was found to be a significant predictor for phishing susceptibility. Finally, the only significant associations found between individual differences and social engineering strategies was for risk-taking and scarcity. Overall, the findings indicate that there is an urgent need for more research into the factors underlying phishing victimisation.