Do Users Focus on the Correct Cues to Differentiate Between Phishing and Genuine Emails?

This paper examines the cues that typically differentiate phishing emails from genuine emails. The research is conducted in two stages. In the first stage, we identify the cues that actually differentiate between phishing and genuine emails. These are the consistency and personalisation of the messa...

Full description

Saved in:
Bibliographic Details
Published inarXiv.org
Main Authors Parsons, Kathryn, Butavicius, Marcus, Pattinson, Malcolm, Calic, Dragana, Mccormac, Agata, Jerram, Cate
Format Paper
LanguageEnglish
Published Ithaca Cornell University Library, arXiv.org 16.05.2016
Subjects
Online AccessGet full text

Cover

Loading…
More Information
Summary:This paper examines the cues that typically differentiate phishing emails from genuine emails. The research is conducted in two stages. In the first stage, we identify the cues that actually differentiate between phishing and genuine emails. These are the consistency and personalisation of the message, the perceived legitimacy of links and sender, and the presence of spelling or grammatical irregularities. In the second stage, we identify the cues that participants use to differentiate between phishing and genuine emails. This revealed that participants often use cues that are not good indicators of whether an email is phishing or genuine. This includes the presence of legal disclaimers, the quality of visual presentation, and the positive consequences emphasised in the email. This study has implications for education and training and provides a basis for the design and development of targeted and more relevant training and risk communication strategies.
ISSN:2331-8422