Chapter 6 Phishing Susceptibility Study

Phishing attacks, in which scammers send emails and other messages to con victims into providing their login credentials and personal information, snare millions of victims each year [43]. A variety of efforts aim to combat phishing through law enforcement, automated detection, and end-user education. Researchers have studied why people fall for phishing attacks; however, little research has been done to study demographic factors in susceptibility to phishing. By determining which groups are most susceptible to phishing, we can determine how best to focus anti-phishing education. In this paper, we present the results of our roleplay phishing study, administered to 1001 online survey respondents in order to study demographics and phishing susceptibility. The rest of the paper is organized as follows. In the next section, we present background and related work on why people fall for phishing. Then we describe the design of our experiment and present the results of our study, identifying several important demographic factors that affect phishing susceptibility and describing the effects of education in bridging these gaps. Finally we discuss the implications of our study for designing anti-phishing tools and improving public policy.