The effects of cue utilization and cognitive load in the detection of phishing emails

George Nasser, Ben Morrison, Piers Bayl-Smith, Ronnie Taib, Michael Gayed, Mark Wiggins

Research output: Book chapter/Published conference paperConference paperpeer-review

Abstract

Phishing emails represent a major threat to online information security. While the prevailing research is focused on users’ susceptibility, few studies have considered the decision making strategies that account for skilled detection. One relevant facet of decision making is cue utilization, where users retrieve featureevent associations stored in long-term memory. High degrees of cue utilization help reduce the demands placed on working memory (i.e., cognitive load), and invariably improve decision performance (i.e., the information-reduction hypothesis in expert performance). The current study explored the effect of cue utilization and cognitive load when detecting phishing emails. A total of 50 undergraduate students completed: (1) a rail control task and; (2) a phishing detection task. A cue utilization assessment battery (EXPERTise 2.0) then classified participants with either higher or lower cue utilization. As expected, higher cue utilization was associated with a greater likelihood of detecting phishing emails. However, variation in cognitive load had no effect on phishing detection, nor was there an interaction between cue utilization and cognitive load. These findings have implications for our understanding of cognitive mechanisms that underpin the detection of phishing emails and the role of factors beyond the information-reduction hypothesis.
Original languageEnglish
Title of host publicationFinancial cryptography and data security
Subtitle of host publicationInternational Conference on Financial Cryptography and Data Security
EditorsMatthew Bernhard, Andrea Bracciali, L. Jean Camp, Shin'ichiro Matsuo, Alana Maurushat, Peter B. Rønne, Masimiliano Sala
Place of PublicationCham, Switzerland
PublisherSpringer
Pages47-55
Number of pages9
Volume12063
ISBN (Electronic)9783030544553
ISBN (Print)9783030544546
DOIs
Publication statusPublished - 2020
EventAsiaUSEC 2020: 1st Asia USEC - Shangri-La Tanjung Aru Resort & Spa, Sabah, Malaysia
Duration: 13 Feb 202015 Feb 2020
http://www.usablesecurity.net/USEC/asiausec20/
https://easychair.org/cfp/AsiaUSEC20

Publication series

NameLecture Notes in Computer Science
PublisherSpringer
Volume12063

Conference

ConferenceAsiaUSEC 2020
Abbreviated titleWorkshop on Usable Security
CountryMalaysia
CitySabah
Period13/02/2015/02/20
OtherIt is the aim of USEC to contribute to an increase of the scientific quality of research in human factors in security and privacy. To this end, we encourage replication studies to validate previous research findings. Papers in these categories should be clearly marked as such and will not be judged against regular submissions on novelty. Rather, they will be judged based on scientific quality and value to the community. We also encourage reports of faded experiments, since their publication will serve to highlight the lessons learned and prevent others falling into the same traps.
Internet address

Fingerprint Dive into the research topics of 'The effects of cue utilization and cognitive load in the detection of phishing emails'. Together they form a unique fingerprint.

Cite this