An Ordinal Approach to Modeling and Visualizing Phishing Susceptibility

摘要

Phishing is a significant, ongoing cybersecurity threat facing both individuals and organizations, and the consequences of falling victim to phishing can be dire, particularly in terms of financial loss. While much research has focused on understanding or predicting user susceptibility to phishing with the aim of preventing it, little of this research has focused on modeling the process of being phished holistically. Specifically, while the outcome of interacting with a phishing website may be thought of as binary (e.g., "Were you phished or notƒ"), the actual process typically involves a sequence of stages spanning from the choice to visit (or not visit) a link all the way to transacting with a website and giving away valuable personal or financial information. To better understand the variables that influence phishing website traversal, we conducted a controlled lab experiment with a large sample of 908 participants. In this experiment, each participant was given a task such as opening an online checking account and presented with a series of simulated search results that included both legitimate and phishing websites. By monitoring participants’ interactions with these websites and collecting additional information via surveys, we evaluated which variables were the most likely to result in behavior that could lead to greater phishing exposure using a multi-model comparison approach. The results of our analyses shed light on the key variables that can lead to a greater propensity for being phished and may prove invaluable to researchers interested in designing new interventions.