Who falls for phish? A demographic analysis of phishing susceptibility and effectiveness of interventions

In this paper we present the results of a roleplay survey instrument administered to 1001 online survey respondents to study both the relationship between demographics and phishing susceptibility and the effectiveness of several anti- phishing educational materials. Our results suggest that women are more susceptible than men to phishing and participants between the ages of 18 and 25 are more susceptible to phishing than other age groups. We explain these demographic factors through a mediation analysis. Educational materials reduced users’ tendency to enter information into phishing webpages by 40% percent; however, some of the educational materials we tested also slightly decreased participants’ tendency to click on legitimate links.