The author of a paper to be presented at the upcoming 2013 International Human Factors and Ergonomics Society Annual Meeting has described behavioral, cognitive, and perceptual attributes of e-mail users who are vulnerable to phishing attacks. Phishing is the use of fraudulent e-mail correspondence to obtain passwords and credit card information, or to send viruses.
One of the topics at this year’s 2013 International Annual Meeting of the Human Factors and Ergonomics Society is the profile of e-mail phishing victims. The profile of likely e-mail phishing victims emerges in human factors/ergonomics research. The author of a paper to be presented at the upcoming 2013 International Human Factors and Ergonomics Society Annual Meeting has described behavioral, cognitive, and perceptual attributes of e-mail users who are vulnerable to phishing attacks.
In “Keeping Up With the Joneses: Assessing Phishing Susceptibility in an E-mail Task,” Kyung Wha Hong discovered that people who were overconfident, introverted, or women were less able to accurately distinguish between legitimate and phishing e-mails, according to the July 24, 2013 news release, Profile of likely e-mail phishing victims emerges in human factors/ergonomics research. She had participants complete a personality survey and then asked them to scan through both legitimate and phishing e-mails and either delete suspicious or spam e-mails, leave legitimate e-mails as is, or mark e-mails that required actions or responses as “important.”
“The results showed a disconnect between confidence and actual skill, as the majority of participants were not only susceptible to attacks but also overconfident in their ability to protect themselves,” says Hong in the news release, Profile of likely e-mail phishing victims emerges in human factors/ergonomics research. Although 89% of the participants indicted they were confident in their ability to identify malicious e-mails, 92% of them misclassified phishing e-mails. Almost 52% in the study misclassified more than half the phishing e-mails, and 54% deleted at least one authentic e-mail.
Gender, trust, and personality were correlated with phishing vulnerability
Women were less likely than men to correctly label phishing e-mails, and subjects who self-reported as “less trusting, introverts, or less open to new experiences” were more likely to delete legitimate e-mails. If you’re on the lookout for phishing, you’re more likely to refuse or delete email from people you don’t know or who aren’t on your safe sender lists.
Hong will continue to develop a user profile that can predict when and with whom phishing attacks are likely to be successful. Information gained in these studies will be used to design effective tools to prevent and combat phishing attacks.
The Human Factors and Ergonomics Society is the world’s largest nonprofit individual-member, multidisciplinary scientific association for human factors/ergonomics professionals, with more than 4,600 members globally. HFES members include psychologists and other scientists, designers, and engineers, all of who have a common interest in designing systems and equipment to be safe and effective for the people who operate and maintain them.
The Human Factors and Ergonomics Society announced today the opening of online registration 2013 International Annual Meeting, to be held at the Hilton San Diego Bayfront in San Diego, California, from September 30 to October 4, 2013. Check out the Reserve a room site at the San Diego Bayfront Hotel.