Phishing in the Wild: An Ecologically Valid Study of the Phishing Tactics and Human Factors that Predict Susceptibility to a Phishing Attack
Abstract:
In this research, 153 employees at a National Laboratory received one of four different phishing emails. All of the emails were similar in content, but systematically varied according to the number and combination of phishing tactics in the message. Participants were unaware they would be receiving the email, which was sent during regular business hours. After receiving the emails, participants completed online questionnaires designed to measure possible predictors of phishing attack susceptibility. The significant predictors included how suspicious participants were of the email and their reported level of distress related to their work prior to completing the study.
AUTHORS
Pacific Northwest National LaboratoryHuman Centered Computing Group
Richland, Washington, United States
Dr. Corey Fallon is a human factors psychologist at PNNL. He has a M.S. in human factors psychology and a Ph.D. in experimental psychology with additional applied experience working as a cognitive systems engineer. As a psychologist Dr. Fallon employs both qualitative and quantitative methods to assess human behavior and subjective experience. He has studied a variety of constructs in human factors throughout his career, including decision making, emotion, situation awareness, personality, and stress. One of Dr. Fallon’s primary areas of research focus is trust in both human-human and human-machine interactions.
Pacific Northwest National LaboratoryHuman Centered Computing Group
Richland, Washington, United States
Jessica Baweja is a social scientist at Pacific Northwest National Laboratory (PNNL) where she supports research and operations in human factors and insider threat. She holds a Ph.D. in social-personality psychology and a master’s degree in experimental psychology. She has conducted a wide variety of research projects, from exploring the psychological indicators of insider threat to exploring the ways that data scientists work with machine learning models. Prior to joining PNNL, she spent six years as a behavioral research scientist and manager for Northrop Grumman in personnel security and insider threat research supporting the U.S. Department of Defense Personnel and Security Research Center (PERSEREC).
Pacific Northwest NationalLaboratory Foundational Data Science Group
Richland, Washington, United States
Ji Yun is a data scientist at the Pacific Northwest National Laboratory. Her projects focus on building interactive visualization dashboards using React, JavaScript, and Plotly Dash to allow users to explore various aspects of data, along with making developments to a user software in production. She is interested in finding more novel ways for users to visually interact with data.
Pacific Northwest NationalLaboratory Cyber Security Group
Richland, Washington, United States
Nicholas Thompson, MBA, is a Deputy CISO and Team Lead at Pacific Northwest National Laboratory (PNNL). He joined the Cyber Security Operations Division at PNNL in October 2016 and has remained there since. In his current role, Thompson leads a team that is focused on identifying, validating, and prioritizing cyber risk to enable decision makers to make informed risk determinations. With a goal to work towards equipping business leaders with holistic and actionable data, maturing his team’s capabilities and output have provided measurable indicators of cyber risk reduction.
Pacific Northwest National LaboratoryHuman Centered Computing Group
Richland, Washington, United States
Zhuanyi H Shaw is a user experience designer. Using her MS in Design, she focuses on human computer interaction, conducts user research to identify target users and to gather user requirements, transforms the requirements into user experience design, and brings the concept back to users for concept evaluation. She specializes in the UX of AI and data visualization.
Pacific Northwest NationalLaboratory Foundational Data, Science Group
Richland, Washington, United States
Dustin Arendt received his Ph.D. from Virginia Tech in 2012 where he researched social network analysis and modeling and simulation of complex systems. Challenges inherent to understanding complex systems led him to a career in visual analytics. Since joining PNNL, he has worked in several domains including visualization for cybersecurity, streaming data visual analytics, visual abstraction, dynamic graph visualization, visualization for natural language processing, interactive machine learning, explainable machine learning, and visualization for machine learning model validation and comparison. Currently, his interests are at the intersection of human-computer interaction, data science, and visual analytics with a focus on validating machine learning models through explanations and exploratory data analysis. His research involves rapid prototyping and empirical evaluation of tools that blend machine learning, data science, and visualization.
Published In
Journal of Information Warfare
The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.
Quick Links
Archive
