Where Did They Go Right? Understanding the Deception in Phishing Communications

• Published in: Group decision and negotiation Vol. 19; no. 4; pp. 391 - 416
• Main Authors: Wright, Ryan, Chakraborty, Suranjan, Basoglu, Asli, Marett, Kent
• Format: Journal Article
• Language: English
• Published: Dordrecht Springer Netherlands 01.07.2010; Springer Nature B.V
• Subjects: Automation; Behavioral decision theory; Biological and Physical Anthropology; Business and Management; Communication; Criminology; Cybercrime; Cybersecurity; Data analysis; Deception; Fraud; Information and communication technologies; Information systems; Internet; Interpersonal deception theory; Sensors; Social research; Studies; User training; Websites; Working groups; Online deception; Interpersonal deception theory; Phishing; Deception detection
• ISSN: 0926-2644; 1572-9907
• DOI: 10.1007/s10726-009-9167-9

Deceptive communication through phishing is becoming more pervasive with the spread of ubiquitous computing. Yet, phishing has not been widely understood or studied even when such practices cost organizations millions of dollars each year. This manuscript tests Grazioli’s Theory of Deception as an explanation for the process utilized to detect phishing attempts. In order to test the detection model, the paper phished 446 subjects for confidential information. The results consist of a structural model tested to determine experiential and dispositional characteristics of deception detectors. Subsequently, the authors interviewed the detectors and elicited a rich account of how the subjects processed and formed a correct behavioral decision upon receiving the phishing email. These interviews provided additional insight toward the specific processes of successful deception detectors used upon the receipt of a phishing email. The results from both the statistical testing and the interview data analysis confirmed and added to the Model of Deception Detection.