A blog-post authored by Luiza Quinn (BSc Psychology student) and Professor Linda Kaye
As internet popularity increases so do email attacks and privacy threats for online users. Halevi et al. (2013) investigated the factors that contribute to phishing vulnerability and online privacy threats using personality traits.
The researchers questioned:
do certain personality traits correspond to higher vulnerability to phishing attacks?
do certain personality traits correspond to higher vulnerability to privacy leakage threats online?
is there a relationship between vulnerability to phishing attacks and the tendency to share too much information online?
How was this done?
100 participants were recruited of which 83 of which were male and 17 female. They were invited to take part in an online study which included the following components:
a questionnaire to collect information on age, education and work background
an online activity section where they rated, how likely they were to engage in online activities and how likely they thought bad things could happen to them online
a survey about types of information they share on Facebook, such as how many photos and posts they share, and also their privacy settings
a short personality test, which measured Openness, Conscientiousness, Extraversion, Agreeableness, and Neuroticism.
Alongside this, a phishing email was sent. It was a prize email, therefore appealing to greed (and excitement). The phishing email promised an Apple product to the first users to click the link and researchers ensured that typical characteristics of a phishing email were incorporated such as spelling mistakes and it demanding ‘immediate action’.
The participants that clicked on the link were forwarded to a screen that looked like a typical Polytechnic screen, The participants who entered a user name/password and then clicked on the login button were then considered to be "phished"
So what did they find?
17% of the participants were phished, of which 14% were men and 53% were women. In terms of personality correlates, for men, there were no identifiable personality traits associated with phishing susceptibility. However, for women, those high in neuroticism and openness and low in extraversion were found to be more likely to be phished.
Additional findings included:
those high in openness tended to have "looser" Facebook privacy settings
those who share more information on Facebook have significantly higher risk of privacy leaks
Implication of findings
The findings have important implications, as they show that certain personality traits may cause higher phishing vulnerability. This suggests that adopting more personalised or targeted cyber-security awareness and/or training might be beneficial.
References
Halevi, T., Lewis, J., & Memon, N. (2013, May). A pilot study of cyber security and privacy related behavior and personality traits. In Proceedings of the 22nd international conference on world wide web (pp. 737-744). https://doi.org/10.1145/2487788.2488034
Comentários