IEEE Transactions on Professional Communication Dec 2012

Research Article Phishing Susceptibility: An Investigation Into the Processing of a Targeted Spear Phishing Email

Jingguo Wang The University of Texas at Arlington ; Tejaswini Herath Brock University ; Rui Chen Ball State University ; Arun Vishwanath New York University ; H. Raghav Rao

Abstract

Research problem: Phishing is an email-based scam where a perpetrator camouflages emails to appear as a legitimate request for personal and sensitive information. Research question: How do individuals process a phishing email, and determine whether to respond to it? Specifically, this study examines how users' attention to “visual triggers” and “phishing deception indicators” influence their decision-making processes and consequently their decisions. Literature review: This paper draws upon the theory of deception and the literature on mediated cognition and learning, including the critical role of attention and elaboration in deception detection. From this literature, we developed a research model to suggest that overall cognitive effort expended in email processing decreases with attention to visual triggers and phishing deception indicators. The likelihood to respond to phishing emails increases with attention to visceral cues, but decreases with attention to phishing deception indicators and cognitive effort. Knowledge of email-based scams increases attention to phishing deception indicators, and directly decreases response likelihood. It also moderates the impact of attention to visceral triggers and that of phishing deception indicators on likelihood to respond. Methodology: Using a real phishing email as a stimulus, a survey of 321 members of a public university community in the Northeast US, who were intended victims of a spear phishing attack that took place, was conducted. The survey used validated measures developed in prior literature for the most part and tested results using the partial least-squares regression. Results and discussion: Our research model and hypotheses were supported by the data except that we did not find that cognitive effort significantly affects response likelihood. The implication of the study is that attention to visceral triggers, attention to phishing deception indicators, and phishing knowledge play critical roles in phishing detection. The limitations of the study were that the data were drawn from students, and the study explored one phishing attack, relied on some single-item measures, cognitive effort measure, and a one-round survey. Future research would examine the impact of a varying degree of urgency and a varying level of phishing deception indicators, and actual victims of phishing attacks.

Journal
IEEE Transactions on Professional Communication
Published
2012-12-01
DOI
10.1109/tpc.2012.2208392
CompPile
Search in CompPile ↗
Open Access
Closed
Topics
book reviews
Export
BibTeX RIS

Citation Context

Cited by in this index (1)

  1. Lowry et al. (2014)
    Partial Least Squares (PLS) Structural Equation Modeling (SEM) for Building and…
    IEEE Transactions on Professional Communication

Cites in this index (4)

  1. George et al. (2008)
    The Effects of Warnings, Computer-Based Media, and Probing Activity on Successf…
    IEEE Transactions on Professional Communication
  2. Zhou (2005)
    An Empirical Investigation of Deception Behaviorin Instant Messaging
    IEEE Transactions on Professional Communication
  3. Vest et al. (1995)
    Relating communication training to workplace requirements: the perspective of n…
    IEEE Transactions on Professional Communication
  4. Horowitz et al. (1994)
    Stylistic guidelines for e-mail
    IEEE Transactions on Professional Communication
Also cites 60 works outside this index ↓
  1. carte (2003)
    In pursuit of moderation: Nine common errors and their solutions
    MIS Quart  
  2. 10.1287/isre.14.2.189.16018
  3. pavlou (2007)
    Understanding and mitigating uncertainty in online exchange relationships: A principle-ag…
    MIS Quart  
  4. 10.1177/014920638601200408
  5. 10.1145/1290958.1290968
  6. 10.1080/08824090701624239
  7. 10.1016/0022-1031(80)90032-3
  8. 10.1176/ajp.116.8.695
  9. 10.1016/j.dss.2009.06.012
  10. 10.1145/1124772.1124863
  11. 10.2307/3151718
  12. 10.1037/0033-2909.92.2.382
  13. 10.1037/0021-9010.88.5.879
  14. 10.1287/mnsc.31.4.395
  15. 10.1037/0033-2909.110.2.305
  16. petter (2007)
    Specifying formative constructs in information systems research
    MIS Quart  
  17. 10.1037/0022-3514.39.5.752
  18. 10.2307/3151312
  19. 10.1016/j.dss.2005.11.004
  20. 10.1037/0022-3514.94.2.94.2.231
  21. 10.1006/obhd.1997.2717
  22. 10.1515/REVNEURO.2004.15.4.241
  23. 10.1016/0749-5978(86)90045-2
  24. wright (1974)
    The harassed decision maker: Time pressure, distraction and the use of evidence
    J Appl Psychol  
  25. 10.2307/258395
  26. 10.1086/208537
  27. 10.1145/1299015.1299019
  28. 10.2307/3150876
  29. 10.1145/217278.217286
  30. 10.1287/isre.1040.0026
  31. 10.1287/isre.13.2.205.83
  32. 10.1145/1231047.1231083
  33. 10.1145/1753326.1753383
  34. 10.1002/mar.1029
  35. 10.1016/0749-5978(92)90061-B
  36. 10.1111/j.1468-2885.1996.tb00127.x
  37. 10.1023/B:GRUP.0000021839.04093.5d
  38. 10.1177/0093650203253369
  39. 10.1080/10919392.2010.516626
  40. 10.1016/B978-0-12-526650-5.50012-5
  41. 10.1016/0001-4575(87)90022-4
  42. 10.1177/009365090017005005
  43. 10.4018/joeuc.2009010102
  44. 10.1016/j.dss.2011.03.002
  45. liu (2006)
    An antiphishing strategy based on visual similarity assessment
    IEEE Internet Comput  
  46. 10.1145/1143120.1143131
  47. 10.1145/1124772.1124861
  48. fette (2006)
    10.21236/ADA456046
    Learning to Detect Phishing Emails  
  49. 10.1126/science.185.4157.1124
  50. lewis (2003)
    Sources of influence on beliefs about information technology use: An empirical study of k…
    MIS Quart  
  51. brunswik (1955)
    Representative design and probabilistic theory in functional psychology
    Psychol Rev  
  52. 10.1146/annurev.ps.45.020194.001023
  53. 10.1017/CBO9781139173933
  54. 10.2307/3172593
  55. 10.1086/209158
  56. 10.1016/0001-6918(88)90056-X
  57. 10.1086/208954
  58. 10.1086/209181
  59. 10.1037/0021-9010.81.5.575
  60. 10.1086/208520
CrossRef global citation count: 166 View in citation network → Build reading path →

Related Articles

  1. Journal of Business and Technical Communication Apr 2026
    Book Review: <i>Engaging Museums: Rhetorical Education and Social Justice</i> by Lauren E. Obermark ObermarkLauren E. (2022). <i>Engaging Museums: Rhetorical Education and Social Justice</i> . Southern Illinois University Press. 196 pp. $40.00. ISBN: 978-0-80933-850-4(paperback), 978-0-80933-851-1(eBook).
    Kyle P. Vealey; Jeffrey M. Gerding
    rhetorical criticism race and writing book reviews
  2. Assessing Writing Apr 2026
    Generative artificial intelligence for automated writing evaluation: A systematic review of trends, efficacy, and challenges
    Shadi I. Abudalfa; Jessie S. Barrot
    assessment artificial intelligence book reviews
  3. Journal of Business and Technical Communication Mar 2026
    Book Review: <i>Community Is the Way: Engaged Writing and Designing for Transformative Change</i> by Knight, Aimée KnightAimée. (2022). Community Is the Way: Engaged Writing and Designing for Transformative Change. WAC Clearinghouse, University Press of Colorado. 141 pp. Open-Access Resource. ISBN: 978-1-64215-148-0.
    Yingying Tang
    writing across the curriculum book reviews
  4. Business and Professional Communication Quarterly Mar 2026
    Enhancing Oral Communication Skills Using VR? A Conceptual Model and Research Agenda
    Anna Krispin; Mark Pluymaekers; Dominik Mahr
    writing pedagogy book reviews
  5. Business and Professional Communication Quarterly Mar 2026
    Book Review: Negotiation and Mediation: A Communication Approach JandtF. (2024). Negotiation and Mediation: A Communication Approach. San Diego, CA: Cognella Academic Publishing, 302 pp.
    Nurling Agustiani; Arianto Muliadi Mau
    book reviews