Falling for phishing attempts: An investigation of individual differences that are associated with behavior in a naturalistic phishing simulation
preprint
OA: closed
Abstract
Social engineering cyber-attacks such as phishing emails pose a serious threat to the safety of many organizations. Given that the effectiveness of these attacks heavily relies on poor human decision making, an improved understanding of the individual characteristics that increase cybersecurity vulnerability could inform more targeted training. The current study aimed to identify whether several factors, including phishing email detection ability, confidence in one’s phishing identification decisions, attitudes toward one’s level of responsibility and efficacy, and employee satisfaction and loyalty to the organization, can predict behavior in a naturalistic phishing simulation in an employment setting. We followed up employees of a large organization who had been recently targeted by a phishing simulation and asked them to complete a survey that included a phishing detection task. The employee’s behavior in the phishing simulation was ranked according to its safety: reporting the suspicious email, neither reporting nor clicking on the embedded link, and clicking on the link. We found that fewer years of employment at the organization and lower employee satisfaction and loyalty predicted increasingly unsafe behavior in the simulation. This suggests that newer and unsatisfied employees are most vulnerable to phishing attempts and might benefit most from targeted cybersecurity training.
My notes (saved in your browser only)
Citation neighborhood (no data yet)
We don't have any in-corpus citations linked to this paper yet. The paper's references may be in our DB but unresolved to ``paper_id`` (resolution happens at ingest when the cited DOI matches a row we already have). Run the cross-source citation reconcile pass to retry.
Source provenance
- europepmc
- last seen: 2026-05-19T01:45:01.086888+00:00