Phishing is recognised as a serious threat to organisations and individuals. While there have been significant technical advances in blocking phishing attacks, people remain the last line of defence after phishing emails reach their email client. Most of the existing literature on this subject has focused on the technical aspects related to phishing. However, the factors that cause humans to be susceptible to phishing attacks are still not well-understood. To fill this gap, we reviewed the available literature and we propose a three-stage Phishing Susceptibility Model (PSM) for explaining how humans are involved in phishing detection and prevention, and we systematically investigate the phishing susceptibility variables studied in the literature and taxonomize them using our model. This model reveals several research gaps that need to be addressed to improve users' detection performance. We also propose a practical impact assessment of the value of studying the phishing susceptibility variables, and quality of evidence criteria. These can serve as guidelines for future research to improve experiment design, result quality, and increase the reliability and generalizability of findings.
翻译:虽然在阻止钓鱼攻击方面已经取得了显著的技术进步,但人们在钓鱼电子邮件到达其电子邮件客户后仍然是最后的防线。关于这个主题的现有文献大多侧重于与钓鱼有关的技术方面。然而,导致人类容易钓鱼攻击的因素仍然不十分清楚。为了填补这一空白,我们审查了现有文献,并提议了一个三阶段钓鱼可感知性模型(PSM),用于解释人类如何参与钓鱼探测和预防,我们系统地调查文献中研究的钓鱼易变变量,并利用我们的模型对其进行分类。这一模型揭示了需要解决的若干研究差距,以改善用户的探测性能。我们还提议对研究钓鱼易变变量的价值和证据标准的质量进行实际影响评估。这些可以作为未来研究的指导方针,以改进实验设计、结果质量以及提高调查结果的可靠性和普遍性。
相关内容
微信扫码咨询专知VIP会员