Why do people get phished? Testing individual differences in phishing vulnerability within an integrated, information processing model

This research presents a comprehensive model to understand phishing susceptibility, building on previous studies on information processing and interpersonal deception. The model, validated using a group targeted by a real phishing attempt, explains nearly 50% of the variation in individual susceptibility to phishing. The findings indicate that individuals typically process phishing emails superficially, basing decisions on basic cues within the email. Urgency cues stimulate more information processing, potentially distracting from cues indicating fraudulence. Regular media usage and high email volume significantly increase the likelihood of falling for a phishing scam. Confidence in computer skills influences the ability to elaborate on potential phishing threats, but this influence diminishes when faced with domain-specific knowledge.