Phishing Susceptibility in Context: A Multilevel Information Processing Perspective on Deception Detection

In stock

Publication History

Received: December 14, 2019
Revised: August 19, 2020; August 16, 2021; May 11, 2022
Accepted: May 24, 2022
Published Online as Articles in Advance: May 22, 2023
Published Online in Issue: Forthcoming

Downloadable File
Despite widespread awareness of risks, significant investments in cybersecurity protection, and substantial economic incentives to avoid security breaches, organizations remain vulnerable to phishing attacks. Phishing research has informed effective practical interventions to address phishing susceptibility that emphasize the importance of broadly applicable IT security knowledge. Yet employees still frequently fall victim to phishing attempts. To help understand why, we conceptualize phishing susceptibility as the failure to differentiate between deceptive and legitimate information processing requests that occur within the context of an employee’s typical job responsibilities. We apply this contextual lens to identify characteristics of knowledge workers’ organizational task and social context that may enhance or diminish performance in detecting deception in phishing email attempts. To test our hypotheses, we conducted a study in which employees of the finance division of a large university encountered simulated email-based phishing attempts as part of their normal work routine. We found evidence supporting our hypotheses that an individual’s susceptibility to phishing attacks is influenced by their position in the knowledge flows of the organization and by the impact of workgroup responsibilities on their cognitive processing. We contend that phishing susceptibility is not merely a matter of IT security knowledge but is also influenced by contextualized, multilevel influences on information processing. As phishing attacks are increasingly targeted to specific organizational settings, it is even more important to incorporate this contextualized information processing view of phishing susceptibility.
Additional Details
Author Ryan T. Wright, Steven L. Johnson, and Brent Kitchens
Year 2023
Volume 47
Issue 2
Keywords Cybersecurity, phishing, phishing susceptibility, contextual theory, social network analysis, multilevel model
Page Numbers 803-832
Copyright © 2023 MISQ. All rights reserved.