Abstract
Purpose - The purpose of this study is to explore how the opening phrase of a phishing email influences the action taken by the recipient.
Design/methodology/approach - Two types of phishing emails were sent to 593 employees, who were asked to provide personally identifiable information (PII). A personalised spear phishing email opening was randomly used in half of the emails.
Findings - Nineteen per cent of the employees provided their PII in a general phishing email, compared to 29 per cent in the spear phishing condition. Employees having a high power distance cultural background were more likely to provide their PII, compared to those with a low one. There was no effect of age on providing the PII requested when the recipient's years of service within the organisation is taken into account.
Practical implications - This research shows that success is higher when the opening sentence of a phishing email is personalised. The resulting model explains victimisation by phishing emails well, and it would allow practitioners to focus awareness campaigns to maximise their effect.
Originality/value - The innovative aspect relates to explaining spear phishing using four sociodemographic variables.
Original language | English |
---|---|
Pages (from-to) | 593-613 |
Number of pages | 21 |
Journal | Information and Computer Security |
Volume | 25 |
Issue number | 5 |
DOIs | |
Publication status | Published - Jul 2017 |
Keywords
- Age
- Culture
- Gender
- Spear phishing
- Years of service
- 22/4 OA procedure