IEEE Transactions on Professional Communication Dec 2012

Research Article Phishing Susceptibility: An Investigation Into the Processing of a Targeted Spear Phishing Email

Jingguo Wang The University of Texas at Arlington ; Tejaswini Herath Brock University ; Rui Chen Ball State University ; Arun Vishwanath New York University ; H. Raghav Rao

Abstract

Research problem: Phishing is an email-based scam where a perpetrator camouflages emails to appear as a legitimate request for personal and sensitive information. Research question: How do individuals process a phishing email, and determine whether to respond to it? Specifically, this study examines how users' attention to “visual triggers” and “phishing deception indicators” influence their decision-making processes and consequently their decisions. Literature review: This paper draws upon the theory of deception and the literature on mediated cognition and learning, including the critical role of attention and elaboration in deception detection. From this literature, we developed a research model to suggest that overall cognitive effort expended in email processing decreases with attention to visual triggers and phishing deception indicators. The likelihood to respond to phishing emails increases with attention to visceral cues, but decreases with attention to phishing deception indicators and cognitive effort. Knowledge of email-based scams increases attention to phishing deception indicators, and directly decreases response likelihood. It also moderates the impact of attention to visceral triggers and that of phishing deception indicators on likelihood to respond. Methodology: Using a real phishing email as a stimulus, a survey of 321 members of a public university community in the Northeast US, who were intended victims of a spear phishing attack that took place, was conducted. The survey used validated measures developed in prior literature for the most part and tested results using the partial least-squares regression. Results and discussion: Our research model and hypotheses were supported by the data except that we did not find that cognitive effort significantly affects response likelihood. The implication of the study is that attention to visceral triggers, attention to phishing deception indicators, and phishing knowledge play critical roles in phishing detection. The limitations of the study were that the data were drawn from students, and the study explored one phishing attack, relied on some single-item measures, cognitive effort measure, and a one-round survey. Future research would examine the impact of a varying degree of urgency and a varying level of phishing deception indicators, and actual victims of phishing attacks.

Journal
IEEE Transactions on Professional Communication
Published
2012-12-01
DOI
10.1109/tpc.2012.2208392
CompPile
Open Access
Closed
Topics
book reviews
Export
BibTeX RIS

Citation Context

Cited by in this index (1)

  1. Lowry et al. (2014)
    Partial Least Squares (PLS) Structural Equation Modeling (SEM) for Building and…
    IEEE Transactions on Professional Communication

References (86) · 4 in this index

  1. carte (2003)
    In pursuit of moderation: Nine common errors and their solutions
    MIS Quart  
  2. 10.1287/isre.14.2.189.16018
  3. pavlou (2007)
    Understanding and mitigating uncertainty in online exchange relationships: A principle-ag…
    MIS Quart  
  4. 10.1177/014920638601200408
  5. chen (1999)
    Dual-Process Theories in Social Psychology
Show all 86 →
  1. martin (0)
    Phishing for answers: Factors influencing a participant's ability to categorize email
    Comput Changing World Portland OR
  2. Vest et al. (1995)
    Relating communication training to workplace requirements: the perspective of n…
    IEEE Transactions on Professional Communication
  3. jakobsson (2012 aug 17) (2007)
    The human factor in phishing Privacy & Security of Consumer Information '07 Indiana Univ Bloomington IN
  4. Horowitz et al. (1994)
    Stylistic guidelines for e-mail
    IEEE Transactions on Professional Communication
  5. 10.1145/1290958.1290968
  6. 10.1080/08824090701624239
  7. frauenstein (0)
    Phishing: How an organization can protect itself
    Inf Security for South Africa Conf Johannesburg South Africa
  8. (0)
    How to recognize phishing e-mails or links
  9. (0)
    Consumer advice How to avoid phishing scams
  10. 10.1016/0022-1031(80)90032-3
  11. 10.1176/ajp.116.8.695
  12. 10.1016/j.dss.2009.06.012
  13. 10.1145/1124772.1124863
  14. Zhou (2005)
    An Empirical Investigation of Deception Behaviorin Instant Messaging
    IEEE Transactions on Professional Communication
  15. (0)
    Phishing A New Form of Identity Theft
  16. chin (1998)
    Issues and opinion on structural equation modeling
    MIS Quart
  17. 10.2307/3151718
  18. bagozzi (1994)
    Advanced topics in structural equation models
    Advanced Methods of Marketing Research
  19. ringle (0)
    SmartPLS 2 0 (M3) Beta
  20. 10.1037/0033-2909.92.2.382
  21. 10.1037/0021-9010.88.5.879
  22. 10.1287/mnsc.31.4.395
  23. 10.1037/0033-2909.110.2.305
  24. petter (2007)
    Specifying formative constructs in information systems research
    MIS Quart  
  25. 10.1037/0022-3514.39.5.752
  26. 10.2307/3151312
  27. nunally (1978)
    Psychometric Theory
  28. gefen (2005)
    A practical guide to factorial validity using PLS-graph: Tutorial and annotated example
    Commun Assoc Inf Syst
  29. wang (2009)
    Annals of Emerging Research in Information Assurance Security and Privacy Services
  30. 10.1016/j.dss.2005.11.004
  31. 10.1037/0022-3514.94.2.94.2.231
  32. 10.1006/obhd.1997.2717
  33. 10.1515/REVNEURO.2004.15.4.241
  34. 10.1016/0749-5978(86)90045-2
  35. wright (1974)
    The harassed decision maker: Time pressure, distraction and the use of evidence
    J Appl Psychol  
  36. 10.2307/258395
  37. johnson (1993)
    Time Pressure and Stress in Human Judgment and Decision Making
  38. 10.1086/208537
  39. 10.1145/1299015.1299019
  40. chin (1998)
    Issues and opinion on structure equation modeling
    MIS Quart
  41. 10.1037/0021-9010.88.5.879
  42. 10.2307/3150876
  43. 10.1145/217278.217286
  44. 10.1287/isre.1040.0026
  45. 10.1287/isre.13.2.205.83
  46. 10.1145/1231047.1231083
  47. 10.1145/1753326.1753383
  48. (2009)
    The psychology of scams Provoking and committing errors of judgement Prepared by the University of Exeter School of Psychology for Office of Fair Trading
  49. 10.1002/mar.1029
  50. kahneman (1973)
    Attention and Effort
  51. 10.1016/0749-5978(92)90061-B
  52. 10.1111/j.1468-2885.1996.tb00127.x
  53. 10.1023/B:GRUP.0000021839.04093.5d
  54. 10.1177/0093650203253369
  55. 10.1080/10919392.2010.516626
  56. 10.1023/B:GRUP.0000021839.04093.5d
  57. George et al. (2008)
    The Effects of Warnings, Computer-Based Media, and Probing Activity on Successf…
    IEEE Transactions on Professional Communication
  58. 10.1016/B978-0-12-526650-5.50012-5
  59. 10.1016/0001-4575(87)90022-4
  60. 10.1177/009365090017005005
  61. 10.4018/joeuc.2009010102
  62. chaiken (1989)
    Unintended Thought
  63. moore (2010)
    From phishing to advanced persistent threats: The application of cybercrime risk to the e…
    Rev Bus Inf Syst
  64. 10.1016/j.dss.2011.03.002
  65. liu (2006)
    An antiphishing strategy based on visual similarity assessment
    IEEE Internet Comput  
  66. 10.1145/1143120.1143131
  67. 10.1145/1124772.1124861
  68. fette (2006)
    10.21236/ADA456046
    Learning to Detect Phishing Emails  
  69. 10.1126/science.185.4157.1124
  70. lewis (2003)
    Sources of influence on beliefs about information technology use: An empirical study of k…
    MIS Quart  
  71. brunswik (1955)
    Representative design and probabilistic theory in functional psychology
    Psychol Rev  
  72. 10.1146/annurev.ps.45.020194.001023
  73. 10.1017/CBO9781139173933
  74. 10.2307/3172593
  75. 10.1086/209158
  76. 10.1016/0001-6918(88)90056-X
  77. 10.1086/208954
  78. 10.1086/209181
  79. 10.1037/0021-9010.81.5.575
  80. 10.1086/208520
  81. buller (1994)
    Strategic Interpersonal Communication
CrossRef global citation count: 166 View in citation network → Build reading path →

Related Articles

  1. Argumentation May 2026
    Empirical evidence for the non-persuasiveness of the straw man on its target
    Jennifer Schumann; Scott Aikin; John Casey
    book reviews
  2. Business and Professional Communication Quarterly Apr 2026
    Book Review: Environmental Preservation and the Grey Cliffs Conflict: Negotiating Common Narratives, Values, and Ethos PickeringK. (2024). Environmental Preservation and the Grey Cliffs Conflict: Negotiating Common Narratives, Values, and Ethos. Utah State University Press, 268 pp.
    Mia Twomey
    argument book reviews
  3. Journal of Business and Technical Communication Apr 2026
    Book Review: Engaging Museums: Rhetorical Education and Social Justice by Lauren E. Obermark ObermarkLauren E. (2022). Engaging Museums: Rhetorical Education and Social Justice . Southern Illinois University Press. 196 pp. $40.00. ISBN: 978-0-80933-850-4(paperback), 978-0-80933-851-1(eBook).
    Kyle P. Vealey; Jeffrey M. Gerding
    rhetorical criticism race and writing book reviews
  4. Assessing Writing Apr 2026
    Generative artificial intelligence for automated writing evaluation: A systematic review of trends, efficacy, and challenges
    Shadi I. Abudalfa; Jessie S. Barrot
    assessment artificial intelligence book reviews
  5. Journal of Business and Technical Communication Mar 2026
    Book Review: Community Is the Way: Engaged Writing and Designing for Transformative Change by Knight, Aimée KnightAimée. (2022). Community Is the Way: Engaged Writing and Designing for Transformative Change. WAC Clearinghouse, University Press of Colorado. 141 pp. Open-Access Resource. ISBN: 978-1-64215-148-0.
    Yingying Tang
    writing across the curriculum book reviews