The Influence of Human Factors on the Intention to Report Phishing Emails

Ioana Andreea Marin; Pavlo Burda; Luca Allodi; Nicola Zannone

doi:10.1145/3544548.3580985

The Influence of Human Factors on the Intention to Report Phishing Emails

Ioana Andreea Marin, Pavlo Burda, Luca Allodi, Nicola Zannone

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

16 Citations (Scopus)

13 Downloads (Pure)

Abstract

Phishing attacks are a main threat to organizations and individuals. Current widespread defenses based on spam filters and domain blacklisting are unfortunately insufficient. Prior work identifies phishing reporting as a key, largely untapped resource to mitigate phishing threats. Yet, its practice suffers from very low reporting rates and generally too low an uptake from users. Whereas it is known that phishing reporting behavior is affected by a number of 'human factors', a comprehensive view of the different theories and their effects on (intent to) report is not yet developed. To address this gap, we evaluate theories and factors analyzed in the extant literature, build a cohesive theoretical view of their effects and constructs, and develop, model, and empirically evaluate (by means of an online questionnaire, n=284) the resulting hypothesis structure. We discuss both theoretical implications of our findings and research directions for practice at a research and organizational level.

Original language	English
Title of host publication	CHI '23
Subtitle of host publication	Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems
Editors	Albrecht Schmidt, Kaisa Väänänen, Tesh Goyal, Per Ola Kristensson, Anicia Peters, Stefanie Mueller, Julie R. Williamson, Max L. Wilson
Place of Publication	New York
Publisher	Association for Computing Machinery, Inc
Number of pages	18
ISBN (Electronic)	978-1-4503-9421-5
DOIs	https://doi.org/10.1145/3544548.3580985
Publication status	Published - 19 Apr 2023
Event	2023 Conference on Human Factors in Computing Systems, CHI 2023 - Hamburg, Germany Duration: 23 Apr 2023 → 28 Apr 2023 https://chi2023.acm.org

Conference

Conference	2023 Conference on Human Factors in Computing Systems, CHI 2023
Abbreviated title	CHI 2023
Country/Territory	Germany
City	Hamburg
Period	23/04/23 → 28/04/23
Internet address	https://chi2023.acm.org

Funding

This work is supported by the ITEA3 programme through the DEFRAUDIfy project funded by Rijksdienst voor Ondernemend Nederland (grant no. ITEA191010) and by the INTERSCT project, Grant No. NWA.1162.18.301, funded by Netherlands Organisation for Scientifc Research (NWO).

Funders	Funder number
Rijksdienst voor Ondernemend Nederland	ITEA191010
Rijksdienst voor Ondernemend Nederland
Nederlandse Organisatie voor Wetenschappelijk Onderzoek

Keywords

Cyber security behaviors
Information Security
Organizational citizenship behaviors
Personality traits

Access to Document

10.1145/3544548.3580985

pdfFinal published version, 852 KB

Cite this

Marin, I. A., Burda, P., Allodi, L., & Zannone, N. (2023). The Influence of Human Factors on the Intention to Report Phishing Emails. In A. Schmidt, K. Väänänen, T. Goyal, P. O. Kristensson, A. Peters, S. Mueller, J. R. Williamson, & M. L. Wilson (Eds.), CHI '23: Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems Article 620 Association for Computing Machinery, Inc. https://doi.org/10.1145/3544548.3580985

Marin, Ioana Andreea ; Burda, Pavlo ; Allodi, Luca et al. / The Influence of Human Factors on the Intention to Report Phishing Emails. CHI '23: Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems. editor / Albrecht Schmidt ; Kaisa Väänänen ; Tesh Goyal ; Per Ola Kristensson ; Anicia Peters ; Stefanie Mueller ; Julie R. Williamson ; Max L. Wilson. New York : Association for Computing Machinery, Inc, 2023.

@inproceedings{ea981c7f25f4464ead67085b004f8fe9,

title = "The Influence of Human Factors on the Intention to Report Phishing Emails",

abstract = "Phishing attacks are a main threat to organizations and individuals. Current widespread defenses based on spam filters and domain blacklisting are unfortunately insufficient. Prior work identifies phishing reporting as a key, largely untapped resource to mitigate phishing threats. Yet, its practice suffers from very low reporting rates and generally too low an uptake from users. Whereas it is known that phishing reporting behavior is affected by a number of 'human factors', a comprehensive view of the different theories and their effects on (intent to) report is not yet developed. To address this gap, we evaluate theories and factors analyzed in the extant literature, build a cohesive theoretical view of their effects and constructs, and develop, model, and empirically evaluate (by means of an online questionnaire, n=284) the resulting hypothesis structure. We discuss both theoretical implications of our findings and research directions for practice at a research and organizational level.",

keywords = "Cyber security behaviors, Information Security, Organizational citizenship behaviors, Personality traits",

author = "Marin, {Ioana Andreea} and Pavlo Burda and Luca Allodi and Nicola Zannone",

year = "2023",

month = apr,

day = "19",

doi = "10.1145/3544548.3580985",

language = "English",

editor = "Albrecht Schmidt and Kaisa V{\"a}{\"a}n{\"a}nen and Tesh Goyal and Kristensson, {Per Ola} and Anicia Peters and Stefanie Mueller and Williamson, {Julie R.} and Wilson, {Max L.}",

booktitle = "CHI '23",

publisher = "Association for Computing Machinery, Inc",

address = "United States",

note = "2023 Conference on Human Factors in Computing Systems, CHI 2023, CHI 2023 ; Conference date: 23-04-2023 Through 28-04-2023",

url = "https://chi2023.acm.org",

}

Marin, IA, Burda, P , Allodi, L & Zannone, N 2023, The Influence of Human Factors on the Intention to Report Phishing Emails. in A Schmidt, K Väänänen, T Goyal, PO Kristensson, A Peters, S Mueller, JR Williamson & ML Wilson (eds), CHI '23: Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems., 620, Association for Computing Machinery, Inc, New York, 2023 Conference on Human Factors in Computing Systems, CHI 2023, Hamburg, Germany, 23/04/23. https://doi.org/10.1145/3544548.3580985

The Influence of Human Factors on the Intention to Report Phishing Emails. / Marin, Ioana Andreea; Burda, Pavlo ; Allodi, Luca et al.
CHI '23: Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems. ed. / Albrecht Schmidt; Kaisa Väänänen; Tesh Goyal; Per Ola Kristensson; Anicia Peters; Stefanie Mueller; Julie R. Williamson; Max L. Wilson. New York: Association for Computing Machinery, Inc, 2023. 620.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - The Influence of Human Factors on the Intention to Report Phishing Emails

AU - Marin, Ioana Andreea

AU - Burda, Pavlo

AU - Allodi, Luca

AU - Zannone, Nicola

PY - 2023/4/19

Y1 - 2023/4/19

N2 - Phishing attacks are a main threat to organizations and individuals. Current widespread defenses based on spam filters and domain blacklisting are unfortunately insufficient. Prior work identifies phishing reporting as a key, largely untapped resource to mitigate phishing threats. Yet, its practice suffers from very low reporting rates and generally too low an uptake from users. Whereas it is known that phishing reporting behavior is affected by a number of 'human factors', a comprehensive view of the different theories and their effects on (intent to) report is not yet developed. To address this gap, we evaluate theories and factors analyzed in the extant literature, build a cohesive theoretical view of their effects and constructs, and develop, model, and empirically evaluate (by means of an online questionnaire, n=284) the resulting hypothesis structure. We discuss both theoretical implications of our findings and research directions for practice at a research and organizational level.

AB - Phishing attacks are a main threat to organizations and individuals. Current widespread defenses based on spam filters and domain blacklisting are unfortunately insufficient. Prior work identifies phishing reporting as a key, largely untapped resource to mitigate phishing threats. Yet, its practice suffers from very low reporting rates and generally too low an uptake from users. Whereas it is known that phishing reporting behavior is affected by a number of 'human factors', a comprehensive view of the different theories and their effects on (intent to) report is not yet developed. To address this gap, we evaluate theories and factors analyzed in the extant literature, build a cohesive theoretical view of their effects and constructs, and develop, model, and empirically evaluate (by means of an online questionnaire, n=284) the resulting hypothesis structure. We discuss both theoretical implications of our findings and research directions for practice at a research and organizational level.

KW - Cyber security behaviors

KW - Information Security

KW - Organizational citizenship behaviors

KW - Personality traits

UR - http://www.scopus.com/inward/record.url?scp=85160005256&partnerID=8YFLogxK

U2 - 10.1145/3544548.3580985

DO - 10.1145/3544548.3580985

M3 - Conference contribution

AN - SCOPUS:85160005256

BT - CHI '23

A2 - Schmidt, Albrecht

A2 - Väänänen, Kaisa

A2 - Goyal, Tesh

A2 - Kristensson, Per Ola

A2 - Peters, Anicia

A2 - Mueller, Stefanie

A2 - Williamson, Julie R.

A2 - Wilson, Max L.

PB - Association for Computing Machinery, Inc

CY - New York

T2 - 2023 Conference on Human Factors in Computing Systems, CHI 2023

Y2 - 23 April 2023 through 28 April 2023

ER -

Marin IA, Burda P , Allodi L , Zannone N. The Influence of Human Factors on the Intention to Report Phishing Emails. In Schmidt A, Väänänen K, Goyal T, Kristensson PO, Peters A, Mueller S, Williamson JR, Wilson ML, editors, CHI '23: Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems. New York: Association for Computing Machinery, Inc. 2023. 620 doi: 10.1145/3544548.3580985

The Influence of Human Factors on the Intention to Report Phishing Emails

Abstract

Conference

Funding

Keywords

Access to Document

Other files and links

Fingerprint

Cite this