Abstract:
This study was designed to examine the roles of cue utilization, phishing features and time pressure in the detection of phishing emails. During two experiments, participants completed an email sorting task containing both phishing and genuine emails. Participants were allocated to either a high or low time pressure condition. Performance was assessed via detection sensitivity and response bias. Participants were classified with either higher or lower cue utilization and completed a measure of phishing knowledge. When participants were blind to the nature of the study (N = 191), participants with higher cue utilization were better able to discriminate phishing from genuine emails. However, they also recorded a stronger bias towards classifying emails as phishing, compared to participants with lower cue utilization. When notified of phishing base rates prior to the email sorting task (N = 191), participants with higher cue utilization were better able to discriminate phishing from genuine emails without recording an increase in rate of false alarms, compared to participants with lower cue utilization. Sensitivity increased with a reduction in time pressure, while response bias was influenced by the number of phishing-related features in each email. The outcomes support the proposition that cue-based processing of critical features is associated with an increase in the capacity of individuals to discriminate phishing from genuine emails, above and beyond phishing-related knowledge. From an applied perspective, these outcomes suggest that cue-based training may be beneficial for improving detection of phishing emails.
摘要:
这项研究旨在检查线索利用的作用,网络钓鱼功能和网络钓鱼邮件检测的时间压力。在两个实验中,参与者完成了包含网络钓鱼和正版电子邮件的电子邮件分类任务。参与者被分配到高或低时间压力条件。通过检测灵敏度和响应偏差评估性能。参与者被分类为提示利用率较高或较低,并完成了网络钓鱼知识的测量。当参与者对研究的性质视而不见时(N=191),提示利用率较高的参与者能够更好地区分网络钓鱼和真实电子邮件.然而,他们还记录了将电子邮件分类为网络钓鱼的更强偏见,与线索利用率较低的参与者相比。当在电子邮件分类任务(N=191)之前通知网络钓鱼基本速率时,提示利用率较高的参与者能够更好地将网络钓鱼与真正的电子邮件区分开来,而不会记录误报率的增加,与线索利用率较低的参与者相比。灵敏度随着时间压力的降低而增加,而响应偏差受每封邮件中与网络钓鱼相关的特征数量的影响。结果支持这样的主张,即基于线索的关键特征处理与个人将网络钓鱼与真实电子邮件区分开来的能力的增加有关。超越与网络钓鱼相关的知识。从应用的角度来看,这些结果表明,基于提示的训练可能有助于提高网络钓鱼邮件的检测效果.
