Are People with Cyber Security Training Worse at Checking Phishing Email Addresses? Testing the Automaticity of Verifying the Sender’s Address
- Publisher:
- Springer Nature
- Publication Type:
- Chapter
- Citation:
- Human Aspects of Information Security and Assurance, 2023, 674, pp. 310-323
- Issue Date:
- 2023-01-01
Closed Access
Filename | Description | Size | |||
---|---|---|---|---|---|
978-3-031-38530-8_25 (1).pdf | 1.08 MB |
Copyright Clearance Process
- Recently Added
- In Progress
- Closed Access
This item is closed access and not available.
Cyber security training emphasises checking the sender’s email address to identify phishing emails. Dual process theories of cognition suggest that with practice such tactics can transition from effortful, analytic processes to involuntary heuristics and become ‘automatic’. We tested the automaticity of this email habit by developing a scale for cyber security experience and then deployed an interference task where participants (n = 61) had to make a decision about text colour and ignore sender’s addresses from either legitimate or phishing emails. A surprising result emerged: the more cyber security training participants had, the less interference they exhibited in the colour selection task and the more they were able to ignore the content of the sender’s addresses. This suggests that evaluating sender’s addresses does not fulfill the criterion for ‘automatic’ processes when practiced and that more experienced people seem to be able to ignore this important cue when extraneous task goals are present.
Please use this identifier to cite or link to this item: