Select Page
Conference proceedings | Research library
| 08/02/2024

The Impact of Workload on Phishing Susceptibility: An Experiment

Sijie Zhuo | Robert Biddle | Lucas Betts | Nalin Asanka Gamagedara Arachchilage | Yun Sing Koh | Giovanni Russello | Danielle Lottridge

Phishing is when social engineering is used to deceive a person into sharing sensitive information or downloading
malware. Research on phishing susceptibility has focused on personality traits, demographics, and design factors related to the presentation of phishing. There is very little research on
how a person’s state of mind might impact outcomes of phishing attacks. We conducted a scenario-based in-lab experiment with 26 participants to examine whether workload affects risky cybersecurity behaviours. Participants were tasked to manage 45 emails for 30 minutes, which included 4 phishing emails.
We found that, under high workload, participants had higher
physiological arousal and longer fixations, and spent half as much
time reading email compared to low workload. There was no main effect for workload on phishing clicking, however a post-hoc analysis revealed that participants were more likely to click on
task-relevant phishing emails compared to non-relevant phishing emails during high workload whereas there was no difference during low workload. We discuss the implications of state of mind and attention related to risky cybersecurity behaviour

You May Also Like