Search Icon
Register

The Impact of Workload on Phishing Susceptibility: An Experiment

Sijie Zhuo (University of Auckland), Robert Biddle (University of Auckland and Carleton University, Ottawa), Lucas Betts, Nalin Asanka Gamagedara Arachchilage, Yun Sing Koh, Danielle Lottridge, Giovanni Russello (University of Auckland)

Phishing is when social engineering is used to deceive a person into sharing sensitive information or downloading malware. Research on phishing susceptibility has focused on personality traits, demographics, and design factors related to the presentation of phishing. There is very little research on how a person’s state of mind might impact outcomes of phishing attacks. We conducted a scenario-based in-lab experiment with 26 participants to examine whether workload affects risky cybersecurity behaviours. Participants were tasked to manage 45 emails for 30 minutes, which included 4 phishing emails. We found that, under high workload, participants had higher physiological arousal and longer fixations, and spent half as much time reading email compared to low workload. There was no main effect for workload on phishing clicking, however a post-hoc analysis revealed that participants were more likely to click on task-relevant phishing emails compared to non-relevant phishing emails during high workload whereas there was no difference during low workload. We discuss the implications of state of mind and attention related to risky cybersecurity behaviour.

Paper

View More Papers

coucouArray ( [post_type] => ndss-paper [post_status] => publish [posts_per_page] => 4 [orderby] => rand [tax_query] => Array ( [0] => Array ( [taxonomy] => category [field] => id [terms] => Array ( [0] => 104 [1] => 32 ) ) ) [post__not_in] => Array ( [0] => 17588 ) )

Compromising Industrial Processes using Web-Based Programmable Logic Controller Malware

Ryan Pickren (Georgia Institute of Technology), Tohid Shekari (Georgia Institute of Technology), Saman Zonouz (Georgia Institute of Technology), Raheem Beyah (Georgia Institute of Technology)

Read More

EyeSeeIdentity: Exploring Natural Gaze Behaviour for Implicit User Identification...

L Yasmeen Abdrabou (Lancaster University), Mariam Hassib (Fortiss Research Institute of the Free State of Bavaria), Shuqin Hu (LMU Munich), Ken Pfeuffer (Aarhus University), Mohamed Khamis (University of Glasgow), Andreas Bulling (University of Stuttgart), Florian Alt (University of the Bundeswehr Munich)

Read More

VPN Awareness and Misconceptions: A Comparative Study in Canadian...

Lachlan Moore, Tatsuya Mori (Waseda University, NICT)

Read More

Pisces: Private and Compliable Cryptocurrency Exchange

Ya-Nan Li (The University of Sydney), Tian Qiu (The University of Sydney), Qiang Tang (The University of Sydney)

Read More

Privacy Starts with UI: Privacy Patterns and Designer Perspectives in UI/UX Practice

Anxhela Maloku (Technical University of Munich), Alexandra Klymenko (Technical University of Munich), Stephen Meisenbacher (Technical University of Munich), Florian Matthes (Technical University of Munich)

Vision: Profiling Human Attackers: Personality and Behavioral Patterns in Deceptive Multi-Stage CTF Challenges

Khalid Alasiri (School of Computing and Augmented Intelligence Arizona State University), Rakibul Hasan (School of Computing and Augmented Intelligence Arizona State University)

From Underground to Mainstream Marketplaces: Measuring AI-Enabled NSFW Deepfakes on Fiverr

Mohamed Moustafa Dawoud (University of California, Santa Cruz), Alejandro Cuevas (Princeton University), Ram Sundara Raman (University of California, Santa Cruz)