Which phish get caught? An exploratory study of individuals' susceptibility to phishing

Phishing, or the practice of sending deceptive electronic communications to acquire private information from victims, results in significant financial losses to individuals and businesses. The first goal of this study is to identify situational and personality factors that explain why certain individuals are susceptible to such attacks. The second goal is to test those empirically, along with previously identified factors, to explain the likelihood that an individual will fall victim to a phishing attack. We employed the Delphi method to identify seven personality factors that may influence this susceptibility (trust, distrust, curiosity, entertainment drive, boredom proneness, lack of focus, and risk propensity). Our regression model included these as well as variables examined in previous studies. We find that emails sent from a known source significantly increase user susceptibility to phishing, as does a user's curiosity, risk propensity, general Internet usage, and Internet anxiety. In post hoc tests, we also find that trust and distrust can be significant predictors of susceptibility and that this significance is dependent on the characteristics of the message.