'Protect and Fight Back': A Case Study on User Motivations to Report Phishing Emails

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

Abstract

Phishing reporting is emerging as a key defense mechanism against phishing attacks. Whereas large enough organizations have specific policies in place for phishing reporting, user uptake is still limited, and a clear picture of what motivates users to report and which types of emails is still to be drawn. Yet, this is critical to devising better policies and procedures and stimulating awareness and a cyber-security culture within organizations. In this work, we sample and interview n = 49 employees from the pool of phishing reporters at a medium-sized European technical university. We sample interviewees based on how sophisticated the emails they report are over contextual and technical dimensions and cluster reporters in terms of their (emerging) reporting behavior. We conduct semi-structured interviews up to thematic saturation and derive 13 main themes driving reporting motivations. We discuss the identified themes in the broader theoretical context, as well as the practical implications of our findings.

Original languageEnglish
Title of host publicationEuroUSEC '24
Subtitle of host publicationProceedings of the 2024 European Symposium on Usable Security
EditorsFarzaneh Karegar, Ali Farooq
Place of PublicationNew York
PublisherAssociation for Computing Machinery, Inc
Pages30-43
Number of pages14
ISBN (Electronic)979-8-4007-1796-3
DOIs
Publication statusPublished - 20 Nov 2024
Event2024 European Symposium on Usable Security, EuroUSEC 2024 - Karlstad, Sweden
Duration: 30 Sept 20241 Oct 2024

Conference

Conference2024 European Symposium on Usable Security, EuroUSEC 2024
Country/TerritorySweden
CityKarlstad
Period30/09/241/10/24

Keywords

  • Phishing
  • Reporting

Fingerprint

Dive into the research topics of ''Protect and Fight Back': A Case Study on User Motivations to Report Phishing Emails'. Together they form a unique fingerprint.

Cite this