In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).
» Openaccess proceedings » Eighth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2014)
Eighth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2014)
Title: Using Actions and Intentions to Evaluate Categorical Responses to Phishing and Genuine Emails
Author(s): Kathryn Marie Parsons, Agata McCormac, Malcolm Robert Pattinson, Marcus Antanas Butavicius, Cate Jerram
Keywords: Information security (InfoSec), Information risk, Phishing, Social engineering, Human behaviour
Abstract: While many studies have investigated people’s susceptibility to phishing emails, little attention has been paid to how behavioural responses translate into overall intent when users are not informed they are undertaking a phishing study. This paper examines how well the quantitative multiple-choice categorisation used in such studies reflects the underlying reasoning of the users. The results of a role play scenario in which 117 participants were asked to manage 50 emails are presented. The users’ multiple-choice actions were recoded based on their response to the question, “What aspect of this email influenced your decision?” using the Action-Intention Email Response Framework. According to this framework, intention incorporates the use of security-based reasoning, usefulness and phishing assessment. Results indicated that recoding did not significantly influence overall accuracy scores, which provides empirical support for the multiple-choice categorisation as a method of indirectly testing phishing susceptibility. However, closer examination revealed that combining the user’s recommended actions with their qualitative responses provided significantly more detail on user’s intent which, in many cases, changed the coding of the user’s response to the email. Implications for the analysis of user performance in similar studies are discussed.
Download count: 1680
How to get this paper:
PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.