Real or bogus: Predicting susceptibility to phishing with economic experiments
Principal Investigator(s): View help for Principal Investigator(s) Yan Chen, University of Michigan, School of Information
Version: View help for Version V1
| Name | File Type | Size | Last Modified |
|---|---|---|---|
|
|
text/csv | 3 KB | 01/14/2018 10:10:AM |
|
|
text/x-stata-syntax | 11.9 KB | 01/24/2018 10:29:AM |
|
|
application/x-stata | 1.1 MB | 01/18/2018 12:05:PM |
Project Citation:
Chen, Yan. Real or bogus: Predicting susceptibility to phishing with economic experiments. Ann Arbor, MI: Inter-university Consortium for Political and Social Research [distributor], 2018-01-24. https://doi.org/10.3886/E101360V1
Project Description
Summary:
View help for Summary
We present a lab-in-the-field experiment to demonstrate how individual behavior in the lab predicts their ability to identify phishing attempts. Using the business and finance staff members from a large public university in the U.S., we find that participants who are intolerant of risk, more curious, and less trusting commit significantly more errors when evaluating interfaces. We also replicate prior results on demographic correlates of phishing vulnerability, including age, gender, and education level. Our results suggest that behavioral characteristics such as risk attitude, curiosity, and trust can be used to predict individual ability to identify phishing interfaces.
Funding Sources:
View help for Funding Sources
University of Michigan
Scope of Project
Subject Terms:
View help for Subject Terms
Controlled Field Experiment;
phishing;
economic game;
vulerability;
risk aversion;
trust
Geographic Coverage:
View help for Geographic Coverage
Ann Arbor, Michigan
Time Period(s):
View help for Time Period(s)
4/14/2016 – 5/14/2016
Collection Date(s):
View help for Collection Date(s)
4/14/2016 – 5/14/2016
Universe:
View help for Universe
Business and Finance Staff at the University of Michigan
Data Type(s):
View help for Data Type(s)
experimental data
Collection Notes:
View help for Collection Notes
The study was conducted through a website designed and developed for the purpose of the experiment. The source code is available at:
https://github.com/ImanYZ/PhishingExperiment.git
https://github.com/ImanYZ/PhishingExperiment.git
Methodology
Response Rate:
View help for Response Rate
Out of the 3,190 B&F staff members, 1,201 participate in both the security quiz designed by the researchers and the security education module designed by the IIA staff. Of these, 811 staff members also participate in our economic experiment. Participants take on average 10 minutes and 2 seconds (s.d. = 6.15 minutes) to finish all the components, with average earnings of $17.04 (s.d. = 6.04) from the economic games.
Sampling:
View help for Sampling
To conduct our study, we partner with the Office of Information Security Assurance (IIA) at the University of Michigan in their development of a phishing education module for the B&F staff. Before launching the study, the Chief Financial Officer of the university sends an email announcement to the B&F supervisors and staff, respectively, encouraging them to participate in the education module and research study.
Data Source:
View help for Data Source
All the data is collected through a website designed and developed for the purpose of the experiment. The source code is available at:
https://github.com/ImanYZ/PhishingExperiment.git
https://github.com/ImanYZ/PhishingExperiment.git
Collection Mode(s):
View help for Collection Mode(s)
web-based survey
Related Publications
Published Versions
Report a Problem
Found a serious problem with the data, such as disclosure risk or copyrighted content? Let us know.
This material is distributed exactly as it arrived from the data depositor. ICPSR has not checked or processed this material. Users should consult the investigator(s) if further information is desired.