Profiling User Vulnerability to Phishing: Psychological and Behavioral Factors

arXiv CS · · 2 min read · Engineering & Technology

Read research and analysis on Profiling User Vulnerability to Phishing: Psychological and Behavioral Factors published by ICANEWS, a global research journal for emerging researchers.

Key Takeaways

  • Five latent constructs (Seniority, Expertise, Creativity, Stability, Vulnerability) influence user susceptibility to phishing.
  • Faster decision-making negatively correlates with self-reported impulsivity and distinguishes vulnerable from resilient users.
  • Two distinct user profiles, Aware User and High-Risk User, were identified based on Seniority and Creativity dimensions.
  • Technical knowledge alone is insufficient for phishing resilience; effectiveness depends on operational maturity, decision-making speed, and cognitive approach.
  • The majority of users fall into the High-Risk category, characterized by hasty evaluation and lower critical analysis.

Why This Matters

The study suggests an urgent need to replace 'one-size-fits-all' cybersecurity training with personalized, adaptive programs. These programs should specifically target cognitive biases and behavioral tendencies to improve user resilience against phishing threats.

Overview

Phishing represents a persistent cybersecurity threat, with an increasing focus on human cognitive and psychological factors rather than solely technological vulnerabilities. This research investigated the multidimensional nature of user susceptibility to phishing by analyzing data from a realistic phishing detection task.

Research Context

The study aligns with the trend in phishing research to concentrate on human aspects and the profiling of vulnerable users. It explores factors contributing to user susceptibility to phishing attacks, moving beyond a purely technical understanding of cybersecurity.

Approach

The study utilized the Spamley dataset, which included 1,086 participants who performed a realistic phishing detection task. Exploratory Factor Analysis (EFA) was applied to identify latent constructs underpinning user susceptibility. The research also involved analyzing behavioral findings, specifically the relationship between self-reported impulsivity and response times. K-Means clustering was subsequently employed to distinguish user profiles based on identified dimensions.

Identified Latent Constructs

EFA revealed five latent constructs related to user vulnerability:

  • Seniority (F1)
  • Expertise
  • Creativity (F3)
  • Stability
  • Vulnerability

Behavioral Analysis

The study found a negative correlation between self-reported impulsivity and response times. This correlation indicated that faster decision-making significantly differentiated vulnerable users from resilient users within the phishing detection task.

User Profiling

A K-Means clustering procedure, guided by the dimensions of Seniority (F1) and Creativity (F3), resulted in the identification of two distinct user profiles:

  • The Aware User
  • The High-Risk User

Findings

The research indicated that technical knowledge on its own does not guarantee resilience against phishing. Instead, effectiveness in detecting phishing was determined by the interaction among operational maturity, decision-making speed, and the cognitive approach of the user. A majority of users were categorized into the High-Risk profile, characterized by hasty evaluation processes and lower critical analysis skills.

Why This Matters

The findings underscore a need to transition from undifferentiated cybersecurity training programs to personalized, adaptive approaches. These adaptive programs should actively address cognitive biases and behavioral tendencies to enhance user resilience against phishing.

Research Information

Institution
arXiv CS
Original Study
View Publication
Source
arXiv CS

About ICANEWS

ICANEWS is a global research journal for emerging researchers, publishing student and emerging researcher work across all fields.