Abstract
Phishing emails represent a major threat to online information security. While the prevailing research is focused on users’ susceptibility, few studies have considered the decision making strategies that account for skilled detection. One relevant facet of decision making is cue utilization, where users retrieve featureevent associations stored in long-term memory. High degrees of cue utilization help reduce the demands placed on working memory (i.e., cognitive load), and invariably improve decision performance (i.e., the information-reduction hypothesis in expert performance). The current study explored the effect of cue utilization and cognitive load when detecting phishing emails. A total of 50 undergraduate students completed: (1) a rail control task and; (2) a phishing detection task. A cue utilization assessment battery (EXPERTise 2.0) then classified participants with either higher or lower cue utilization. As expected, higher cue utilization was associated with a greater likelihood of detecting phishing emails. However, variation in cognitive load had no effect on phishing detection, nor was there an interaction between cue utilization and cognitive load. These findings have implications for our understanding of cognitive mechanisms that underpin the detection of phishing emails and the role of factors beyond the information-reduction hypothesis.
Original language | English |
---|---|
Title of host publication | Financial cryptography and data security |
Subtitle of host publication | International Conference on Financial Cryptography and Data Security |
Editors | Matthew Bernhard, Andrea Bracciali, L. Jean Camp, Shin'ichiro Matsuo, Alana Maurushat, Peter B. Rønne, Masimiliano Sala |
Place of Publication | Cham, Switzerland |
Publisher | Springer |
Pages | 47-55 |
Number of pages | 9 |
Volume | 12063 |
ISBN (Electronic) | 9783030544553 |
ISBN (Print) | 9783030544546 |
DOIs | |
Publication status | Published - 2020 |
Event | AsiaUSEC 2020: The 1st Asian Workshop on Usable Security - Shangri-La Tanjung Aru Resort & Spa, Sabah, Malaysia Duration: 13 Feb 2020 → 15 Feb 2020 http://www.usablesecurity.net/USEC/asiausec20/ https://easychair.org/cfp/AsiaUSEC20 |
Publication series
Name | Lecture Notes in Computer Science |
---|---|
Publisher | Springer |
Volume | 12063 |
Conference
Conference | AsiaUSEC 2020 |
---|---|
Abbreviated title | Workshop on Usable Security |
Country/Territory | Malaysia |
City | Sabah |
Period | 13/02/20 → 15/02/20 |
Other | It is the aim of USEC to contribute to an increase of the scientific quality of research in human factors in security and privacy. To this end, we encourage replication studies to validate previous research findings. Papers in these categories should be clearly marked as such and will not be judged against regular submissions on novelty. Rather, they will be judged based on scientific quality and value to the community. We also encourage reports of faded experiments, since their publication will serve to highlight the lessons learned and prevent others falling into the same traps. |
Internet address |