Abstract
Purpose - The purpose of this study is to explore how the opening phrase of a phishing email influences the action taken by the recipient. Design/methodology/approach - Two types of phishing emails were sent to 593 employees, who were asked to provide personally identifiable information (PII). A personalised spear phishing email opening was randomly used in half of the emails. Findings - Nineteen per cent of the employees provided their PII in a general phishing email, compared to 29 per cent in the spear phishing condition. Employees having a high power distance cultural background were more likely to provide their PII, compared to those with a low one. There was no effect of age on providing the PII requested when the recipient's years of service within the organisation is taken into account. Practical implications - This research shows that success is higher when the opening sentence of a phishing email is personalised. The resulting model explains victimisation by phishing emails well, and it would allow practitioners to focus awareness campaigns to maximise their effect. Originality/value - The innovative aspect relates to explaining spear phishing using four sociodemographic variables.
| Original language | English |
|---|---|
| Pages (from-to) | 593-613 |
| Number of pages | 21 |
| Journal | Information and Computer Security |
| Volume | 25 |
| Issue number | 5 |
| DOIs | |
| Publication status | Published - 2017 |
Keywords
- Age
- Culture
- Gender
- Spear phishing
- Years of service