Biblio

This paper investigates what cues people use to spot a phishing email when the email is spoken back to them by the Alexa voice assistant, instead of read on a screen. We configured Alexa to read there emails to a sample of 52 participants and ask for their phishing evaluations. We also asked a control group of another 52 participants to evaluate these emails on a regular screen to compare the plausibility of phishing pretexting in voice assistant environments. The results suggest that Alexa can be used for pretexting users that lack phishing awareness to receive and act upon a relatively urgent email from an authoritative sender. Inspecting the sender (authority cue”) and relying on their personal experiences helped participants with higher phishing awareness to use Alexa towards a preliminary email screening to flag an email as potentially “phishing.”

The COVID19 pandemic situation has opened a wide range of opportunities for cyber-criminals, who take advantage of the anxiety generated and the time spent on the Internet, to undertake massive phishing campaigns. Although companies are adopting protective measures, the psychological traits of the victims are still considered from a very generic perspective. In particular, current literature determines that the model proposed in the Big-Five personality traits (i.e., Openness, Conscientiousness, Extraversion, Agreeableness, and Neuroticism) might play an important role in human behaviour to counter cybercrime. However, results do not provide unanimity regarding the correlation between phishing susceptibility and neuroticism. With the aim to understand this lack of consensus, this article provides a comprehensive literature review of papers extracted from relevant databases (IEEE Xplore, Scopus, ACM Digital Library, and Web of Science). Our results show that there is not a well-established psychological theory explaining the role of neuroticism in the phishing context. We sustain that non-representative samples and the lack of homogeneity amongst the studies might be the culprits behind this lack of consensus on the role of neuroticism on phishing susceptibility.

Phishing is one of the most dangerous information security threats present in the world today, with losses toping 5.9 billion dollars in 2013. Evolving from the original concept of phishing, spear phishing also attempts to scam individuals online, however it uses personalized mail to yield a far higher success rate. This paper suggests an increased threat of spear phishing success due to the presence of social media. Assessing this new threat is important not only to the individuals, but also to companies whose employees may specifically be targeted through their social media accounts. The paper presents the design and implementation of an architecture to determine phishing susceptibility of a user through their social media accounts, and methods to reduce the threat. Preliminary testing shows that social media provides a publicly accessible resource to assess targeted individuals for phishing attacks through their accounts.