The role of contextualization in users' vulnerability to phishing attempts

Abstract

Hackers who engage in phishing manipulate their victims into revealing confidential information by exploiting their motives, habits, and cognitive biases. Drawing on heuristicsystematic processing and the anchoring effect, this study examines how the contextualization of phishing messages, in the form of modifications to their framing and content, affects individuals' susceptibility to phishing. This study also investigates if there is a discrepancy between the way individuals believe they will react to phishing attempts and their actual reactions. Using two fake phishing campaigns and an online survey, we find that individuals are more susceptible to phishing attempts when the phishing messages they receive are specific to their context, thereby appealing to their psychological vulnerabilities. There is also a significant gap between how individuals believe they will react and their actual reactions to phishing attempts.