Skip to main content

Baiting the Hook: Factors Impacting Susceptibility to Phishing Attacks

Iuga, Cristian, Nurse, Jason R. C., Erola, Arnau (2016) Baiting the Hook: Factors Impacting Susceptibility to Phishing Attacks. Journal of Human-centric Computing and Information Sciences, 6 (8). ISSN 2192-1962. (doi:10.1186/s13673-016-0065-2) (KAR id:67492)

PDF Publisher pdf
Language: English

Download (1MB)
[thumbnail of s13673-016-0065-2.pdf]
This file may not be suitable for users of assistive technology.
Request an accessible format
Official URL:


Over the last decade, substantial progress has been made in understanding and mitigating phishing attacks. Nonetheless, the percentage of successful attacks is still on the rise. In this article, we critically investigate why that is the case, and seek to contribute to the field by highlighting key factors that influence individuals’ susceptibility to phishing attacks. For our investigation, we conducted a web-based study with 382 participants which focused specifically on identifying factors that help or hinder Internet users in distinguishing phishing pages from legitimate pages. We considered relationships between demographic characteristics of individuals and their ability to correctly detect a phishing attack, as well as time-related factors. Moreover, participants’ cursor movement data was gathered and used to provide additional insight. In summary, our results suggest that: gender and the years of PC usage have a statistically significant impact on the detection rate of phishing; pop-up based attacks have a higher rate of success than the other tested strategies; and, the psychological anchoring effect can be observed in phishing as well. Given that only 25 % of our participants attained a detection score of over 75 %, we conclude that many people are still at a high risk of falling victim to phishing attacks but, that a careful combination of automated tools, training and more effective awareness campaigns, could significantly help towards preventing such attacks.

Item Type: Article
DOI/Identification number: 10.1186/s13673-016-0065-2
Uncontrolled keywords: Phishing attacks, Web security, Human factors, User studies
Subjects: Q Science
T Technology
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Engineering and Digital Arts
Depositing User: Jason Nurse
Date Deposited: 03 Jul 2018 13:21 UTC
Last Modified: 08 Dec 2022 22:02 UTC
Resource URI: (The current URI for this page, for reference purposes)
Nurse, Jason R. C.:
  • Depositors only (login required):


Downloads per month over past year