4.6 Article

Indicators of employee phishing email behaviours: Intuition, elaboration, attention, and email typology

Journal

Publisher

ACADEMIC PRESS LTD- ELSEVIER SCIENCE LTD
DOI: 10.1016/j.ijhcs.2023.102996

Keywords

Cybersecurity; Phishing; Habit; Intuition; Cognitive elaboration; Employee

Ask authors/readers for more resources

This study explores the relationship between employees' sociodemographic, cyber security training, phishing email typology, information processing factors, and email security behaviors. The findings suggest that participants who have faith in their intuition and pay more attention to the sender's email address are less likely to click on phishing email links. Participants who received the 'Undelivered package' email are more likely to click on the phishing email link compared to those who received the 'Received PDF'. Participants who engage in more elaborate processing are more likely to report phishing emails than those who engage in less elaboration.
Employees' behaviour to phishing emails can strengthen or undermine business organisations' cyber security. This phishing simulation and survey study explored the relationship between sociodemographic, cyber security training, phishing email typology and information processing factors and risky and secure email response be-haviours. Participants (N = 590) were employees of a large financial institution who received one of four types of phishing emails. Participants who engaged in risky cyber email behaviour clicked on the link in the phishing email whereas those who engaged in secure cyber email behaviour reported the email to the institutions cyber security team. Our findings show that the likelihood of clicking on a link in a phishing email was lower for participants who had greater faith in their intuition and paid more attention to the sender's email address. The likelihood of clicking on a link in a phishing email was greater for participants who received the 'Undelivered package' email relative to the 'Received PDF'. The likelihood of reporting a phishing email was greater for participants who engaged in greater elaborative processing to evaluate the email than those who used less elaboration. Theoretical and practical implications as well as future directions are discussed.

Authors

I am an author on this paper
Click your name to claim this paper and add it to your profile.

Reviews

Primary Rating

4.6
Not enough ratings

Secondary Ratings

Novelty
-
Significance
-
Scientific rigor
-
Rate this paper

Recommended

No Data Available
No Data Available