{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,13]],"date-time":"2026-04-13T16:31:54Z","timestamp":1776097914334,"version":"3.50.1"},"publisher-location":"Cham","reference-count":48,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319702773","type":"print"},{"value":"9783319702780","type":"electronic"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-70278-0_39","type":"book-chapter","created":{"date-parts":[[2017,11,18]],"date-time":"2017-11-18T02:03:19Z","timestamp":1510970599000},"page":"610-627","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":41,"title":["Unpacking Spear Phishing Susceptibility"],"prefix":"10.1007","author":[{"given":"Zinaida","family":"Benenson","sequence":"first","affiliation":[]},{"given":"Freya","family":"Gassmann","sequence":"additional","affiliation":[]},{"given":"Robert","family":"Landwirth","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,11,19]]},"reference":[{"key":"39_CR1","doi-asserted-by":"crossref","first-page":"69","DOI":"10.1016\/j.ijhcs.2015.05.005","volume":"82","author":"M Alsharnouby","year":"2015","unstructured":"Alsharnouby, M., Alaca, F., Chiasson, S.: Why phishing still works: user strategies for combating phishing attacks. Int. J. Hum. Comput. Stud. 82, 69\u201382 (2015)","journal-title":"Int. J. Hum. Comput. Stud."},{"key":"39_CR2","unstructured":"Anti-Phishing Working Group (APWG): How to avoid phishing scams. http:\/\/www.apwg.org\/resources\/overview\/avoid-phishing-scams"},{"issue":"1","key":"39_CR3","doi-asserted-by":"crossref","first-page":"3","DOI":"10.2307\/3315487","volume":"27","author":"M Banerjee","year":"1999","unstructured":"Banerjee, M., Capozzoli, M., McSweeney, L., Sinha, D.: Beyond kappa: a review of interrater agreement measures. Can. J. Stat. 27(1), 3\u201323 (1999)","journal-title":"Can. J. Stat."},{"key":"39_CR4","doi-asserted-by":"crossref","unstructured":"Benenson, Z., Girard, A., Hintz, N., Luder, A.: Susceptibility to URL-based Internet attacks: Facebook vs. email. In: 6th IEEE International Workshop on SEcurity and SOCial Networking (SESOC), pp. 604\u2013609. IEEE (2014)","DOI":"10.1109\/PerComW.2014.6815275"},{"key":"39_CR5","doi-asserted-by":"crossref","unstructured":"Bilge, L., Strufe, T., Balzarotti, D., Kirda, E.: All your contacts are belong to us: automated identity theft attacks an online social networks. In: 18th International Conference on World Wide Web (2009)","DOI":"10.1145\/1526709.1526784"},{"key":"39_CR6","doi-asserted-by":"crossref","unstructured":"Blythe, M., Petrie, H., Clark, J.A.: F for fake: four studies on how we fall for Phish. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI 2011, pp. 3469\u20133478 (2011)","DOI":"10.1145\/1978942.1979459"},{"key":"39_CR7","doi-asserted-by":"crossref","unstructured":"Boshmaf, Y., Muslukhov, I., Beznosov, K., Ripeanu, M.: The socialbot network: when bots socialize for fame and money. In: Proceedings of the 27th Annual Computer Security Applications Conference, pp. 93\u2013102. ACM (2011)","DOI":"10.1145\/2076732.2076746"},{"key":"39_CR8","doi-asserted-by":"crossref","unstructured":"Brown, G., Howe, T., Ihbe, M., Prakash, A., Borders, K.: Social networks and context-aware spam. In: Proceedings of the 2008 ACM Conference on Computer Supported Cooperative Work, pp. 403\u2013412. ACM (2008)","DOI":"10.1145\/1460563.1460628"},{"key":"39_CR9","series-title":"IFIP Advances in Information and Communication Technology","doi-asserted-by":"publisher","first-page":"87","DOI":"10.1007\/978-3-319-18500-2_8","volume-title":"Information Security Education Across the Curriculum","author":"G Canova","year":"2015","unstructured":"Canova, G., Volkamer, M., Bergmann, C., Borza, R., Reinheimer, B., Stockhardt, S., Tenberg, R.: Learn to spot phishing URLs with the Android NoPhish App. In: Bishop, M., Miloslavskaya, N., Theocharidou, M. (eds.) WISE 2015. IAICT, vol. 453, pp. 87\u2013100. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-18500-2_8"},{"issue":"1","key":"39_CR10","doi-asserted-by":"crossref","first-page":"28","DOI":"10.1109\/MSP.2013.106","volume":"12","author":"DD Caputo","year":"2014","unstructured":"Caputo, D.D., Pfleeger, S.L., Freeman, J.D., Johnson, M.E.: Going spear phishing: exploring embedded training and awareness. IEEE Secur. Priv. 12(1), 28\u201338 (2014)","journal-title":"IEEE Secur. Priv."},{"issue":"1","key":"39_CR11","doi-asserted-by":"crossref","first-page":"36","DOI":"10.1177\/001316446002000104","volume":"20","author":"J Cohen","year":"1960","unstructured":"Cohen, J.: A coefficient of agreement for nominal scales. Educ. Psychol. Measur. 20(1), 36\u201347 (1960)","journal-title":"Educ. Psychol. Measur."},{"key":"39_CR12","doi-asserted-by":"crossref","unstructured":"Dhamija, R., Tygar, J.D., Hearst, M.: Why phishing works. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI 2006, pp. 581\u2013590 (2006)","DOI":"10.1145\/1124772.1124861"},{"key":"39_CR13","doi-asserted-by":"crossref","unstructured":"Downs, J.S., Holbrook, M.B., Cranor, L.F.: Decision strategies and susceptibility to phishing. In: Proceedings of the Second Symposium on Usable Privacy and Security, SOUPS 2006, pp. 79\u201390 (2006)","DOI":"10.1145\/1143120.1143131"},{"key":"39_CR14","doi-asserted-by":"crossref","unstructured":"Egelman, S., Cranor, L.F., Hong, J.: You\u2019ve been warned: an empirical study of the effectiveness of web browser phishing warnings. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI 2008, pp. 1065\u20131074 (2008)","DOI":"10.1145\/1357054.1357219"},{"key":"39_CR15","unstructured":"Goodin, D.: Crypto ransomware targets called by name in spear-phishing blast. Ars Technica, 4 April 2016"},{"issue":"1","key":"39_CR16","doi-asserted-by":"crossref","first-page":"74","DOI":"10.1145\/2063176.2063197","volume":"55","author":"J Hong","year":"2012","unstructured":"Hong, J.: The state of phishing attacks. Commun. ACM 55(1), 74\u201381 (2012)","journal-title":"Commun. ACM"},{"key":"39_CR17","unstructured":"Infosec Institute: Spear Phishing: Real Life Examples. http:\/\/resources.infosecinstitute.com\/spear-phishing-real-life-examples . Accessed Mar 2017"},{"key":"39_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"55","DOI":"10.1007\/978-3-642-22424-9_4","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"D Irani","year":"2011","unstructured":"Irani, D., Balduzzi, M., Balzarotti, D., Kirda, E., Pu, C.: Reverse social engineering attacks in online social networks. In: Holz, T., Bos, H. (eds.) DIMVA 2011. LNCS, vol. 6739, pp. 55\u201374. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-22424-9_4"},{"issue":"10","key":"39_CR19","doi-asserted-by":"crossref","first-page":"94","DOI":"10.1145\/1290958.1290968","volume":"50","author":"TN Jagatic","year":"2007","unstructured":"Jagatic, T.N., Johnson, N.A., Jakobsson, M., Menczer, F.: Social phishing. Commun. ACM 50(10), 94\u2013100 (2007)","journal-title":"Commun. ACM"},{"key":"39_CR20","doi-asserted-by":"crossref","unstructured":"Jakobsson, M., Ratkiewicz, J.: Designing ethical phishing experiments: a study of (ROT13) rOnl query features. In: 15th International Conference on World Wide Web (2006)","DOI":"10.1145\/1135777.1135853"},{"issue":"2","key":"39_CR21","doi-asserted-by":"crossref","first-page":"66","DOI":"10.1109\/MSP.2008.52","volume":"6","author":"M Jakobsson","year":"2008","unstructured":"Jakobsson, M., Johnson, N., Finn, P.: Why and how to perform fraud experiments. IEEE Secur. Priv. 6(2), 66\u201368 (2008)","journal-title":"IEEE Secur. Priv."},{"key":"39_CR22","volume-title":"Thinking, Fast and Slow","author":"D Kahneman","year":"2011","unstructured":"Kahneman, D.: Thinking, Fast and Slow. Macmillan, Basingstoke (2011)"},{"key":"39_CR23","unstructured":"Kaspersky Lab Exposes Facebook Phishing Attacks: 10,000 Victims in Two Days June 2016. http:\/\/www.kaspersky.com\/about\/news\/virus\/2016\/10000-Victims-in-Two-Days"},{"issue":"4","key":"39_CR24","doi-asserted-by":"crossref","first-page":"2091","DOI":"10.1109\/SURV.2013.032213.00009","volume":"15","author":"M Khonji","year":"2013","unstructured":"Khonji, M., Iraqi, Y., Jones, A.: Phishing detection: a literature survey. IEEE Commun. Surv. Tutor. 15(4), 2091\u20132121 (2013)","journal-title":"IEEE Commun. Surv. Tutor."},{"issue":"2","key":"39_CR25","doi-asserted-by":"crossref","first-page":"24","DOI":"10.1109\/MSP.2011.179","volume":"10","author":"I Kirlappos","year":"2012","unstructured":"Kirlappos, I., Sasse, M.A.: Security education against phishing: a modest proposal for a major rethink. IEEE Secur. Priv. Mag. 10(2), 24\u201332 (2012)","journal-title":"IEEE Secur. Priv. Mag."},{"key":"39_CR26","doi-asserted-by":"crossref","unstructured":"Kumaraguru, P., Cranshaw, J., Acquisti, A., Cranor, L.F., Hong, J., Blair, M.A., Pham, T.: School of Phish: a real-world evaluation of anti-phishing training. In: Symposium On Usable Privacy and Security (SOUPS) (2009)","DOI":"10.1145\/1572532.1572536"},{"key":"39_CR27","doi-asserted-by":"crossref","unstructured":"Kumaraguru, P., Sheng, S., Acquisti, A., Cranor, L., Hong, J.: Lessons from a real world evaluation of anti-phishing training. Anti-Phishing Working Group (2008)","DOI":"10.1109\/ECRIME.2008.4696970"},{"issue":"2","key":"39_CR28","doi-asserted-by":"crossref","first-page":"7","DOI":"10.1145\/1754393.1754396","volume":"10","author":"P Kumaraguru","year":"2010","unstructured":"Kumaraguru, P., Sheng, S., Acquisti, A., Cranor, L.F., Hong, J.: Teaching Johnny not to fall for phish. ACM Trans. Internet Technol. (TOIT) 10(2), 7 (2010)","journal-title":"ACM Trans. Internet Technol. (TOIT)"},{"key":"39_CR29","unstructured":"Lenz, R.: In Indiana phishing study, students take the bait. USA Today, 23 July 2007. http:\/\/usatoday30.usatoday.com\/tech\/news\/computersecurity\/2007-07-23-phishing-study_N.htm"},{"key":"39_CR30","unstructured":"Northcutt, S.: Spear Phishing (Methods of Attack Series). https:\/\/www.sans.edu\/cyber-research\/security-laboratory\/article\/spear-phish . Accessed Mar 2017"},{"key":"39_CR31","doi-asserted-by":"crossref","unstructured":"Oliveira, D., Rocha, H., Yang, H., Ellis, D., Dommaraju, S., Muradoglu, M., Weir, D., Soliman, A., Lin, T., Ebner, N.: Dissecting spear phishing emails for older vs young adults: on the interplay of weapons of influence and life domains in predicting susceptibility to phishing. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI 2017 (2017)","DOI":"10.1145\/3025453.3025831"},{"key":"39_CR32","unstructured":"Osterman Research Survey: Understanding the Depth of the Global Ransomware Problem (2016)"},{"issue":"3","key":"39_CR33","doi-asserted-by":"crossref","first-page":"80","DOI":"10.1109\/MSP.2015.65","volume":"13","author":"A Sasse","year":"2015","unstructured":"Sasse, A.: Scaring and bullying people into security won\u2019t work. IEEE Secur. Priv. 13(3), 80\u201383 (2015)","journal-title":"IEEE Secur. Priv."},{"key":"39_CR34","doi-asserted-by":"crossref","DOI":"10.4135\/9781529682571","volume-title":"Qualitative Content Analysis in Practice","author":"M Schreier","year":"2012","unstructured":"Schreier, M.: Qualitative Content Analysis in Practice. Sage Publications, Thousand Oaks (2012)"},{"key":"39_CR35","unstructured":"Seymour, J., Tully, P.: Weaponizing Data Science for Social Engineering: Automated E2E Spear Phishing on Twitter. Black Hat USA (2016)"},{"key":"39_CR36","doi-asserted-by":"crossref","unstructured":"Sheng, S., Holbrook, M., Kumaraguru, P., Cranor, L.F., Downs, J.: Who falls for phish?: a demographic analysis of phishing susceptibility and effectiveness of interventions. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 373\u2013382. ACM (2010)","DOI":"10.1145\/1753326.1753383"},{"key":"39_CR37","doi-asserted-by":"crossref","unstructured":"Sheng, S., Magnien, B., Kumaraguru, P., Acquisti, A., Cranor, L.F., Hong, J., Nunge, E.: Anti-phishing phil: the design and evaluation of a game that teaches people not to fall for phish. In: Proceedings of the 3rd Symposium on Usable Privacy and Security, SOUPS 2007, pp. 88\u201399 (2007)","DOI":"10.1145\/1280680.1280692"},{"key":"39_CR38","unstructured":"Sophos: Facebook users at risk of \u201crubber duck\u201d identity attack. https:\/\/www.sophos.com\/en-us\/press-office\/press-releases\/2009\/12\/facebook.aspx"},{"key":"39_CR39","series-title":"IFIP Advances in Information and Communication Technology","doi-asserted-by":"publisher","first-page":"135","DOI":"10.1007\/978-3-319-33630-5_10","volume-title":"ICT Systems Security and Privacy Protection","author":"S Stockhardt","year":"2016","unstructured":"Stockhardt, S., Reinheimer, B., Volkamer, M., Mayer, P., Kunz, A., Rack, P., Lehmann, D.: Teaching phishing-security: which way is best? In: Hoepman, J.-H., Katzenbeisser, S. (eds.) SEC 2016. IAICT, vol. 471, pp. 135\u2013149. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-33630-5_10"},{"key":"39_CR40","doi-asserted-by":"crossref","unstructured":"Stringhini, G., Kruegel, C., Vigna, G.: Detecting spammers on social networks. In: 26th Annual Computer Security Applications Conference (2010)","DOI":"10.1145\/1920261.1920263"},{"key":"39_CR41","doi-asserted-by":"crossref","unstructured":"Tischer, M., Durumeric, Z., Foster, S., Duan, S., Mori, A., Bursztein, E., Bailey, M.: Users really do plug in USB drives they find. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 306\u2013319. IEEE (2016)","DOI":"10.1109\/SP.2016.26"},{"key":"39_CR42","unstructured":"Vaas, L.: Beware the latest tax-season spear-phishing scam. https:\/\/nakedsecurity.sophos.com\/2017\/02\/08\/beware-the-latest-tax-season-spear-phishing-scam . Accessed Mar 2017"},{"key":"39_CR43","unstructured":"Verizon 2016 Data Breach Investigations Report (2016)"},{"key":"39_CR44","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"52","DOI":"10.1007\/978-3-642-41320-9_4","volume-title":"Financial Cryptography and Data Security","author":"T Vidas","year":"2013","unstructured":"Vidas, T., Owusu, E., Wang, S., Zeng, C., Cranor, L.F., Christin, N.: QRishing: the susceptibility of smartphone users to QR code phishing attacks. In: Adams, A.A., Brenner, M., Smith, M. (eds.) FC 2013. LNCS, vol. 7862, pp. 52\u201369. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-41320-9_4"},{"issue":"3","key":"39_CR45","doi-asserted-by":"crossref","first-page":"576","DOI":"10.1016\/j.dss.2011.03.002","volume":"51","author":"A Vishwanath","year":"2011","unstructured":"Vishwanath, A., Herath, T., Chen, R., Wang, J., Rao, H.R.: Why do people get phished? Testing individual differences in phishing vulnerability within an integrated, information processing model. Decis. Support Syst. 51(3), 576\u2013586 (2011)","journal-title":"Decis. Support Syst."},{"key":"39_CR46","doi-asserted-by":"crossref","DOI":"10.2307\/j.ctvjghvsk","volume-title":"Strangers to Ourselves","author":"TD Wilson","year":"2004","unstructured":"Wilson, T.D.: Strangers to Ourselves. Harvard University Press, Cambridge (2004)"},{"key":"39_CR47","doi-asserted-by":"crossref","unstructured":"Wu, M., Miller, R.C., Garfinkel, S.L.: Do security toolbars actually prevent phishing attacks? In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 601\u2013610. ACM (2006)","DOI":"10.1145\/1124772.1124863"},{"key":"39_CR48","unstructured":"Zhang, Y., Egelman, S., Cranor, L., Hong, J.: Phinding phish: evaluating anti-phishing tools. In: Proceedings of the 14th Annual Network and Distributed System Security Symposium (NDSS) (2007)"}],"container-title":["Lecture Notes in Computer Science","Financial Cryptography and Data Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-70278-0_39","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,6,28]],"date-time":"2024-06-28T19:30:16Z","timestamp":1719603016000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-70278-0_39"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319702773","9783319702780"],"references-count":48,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-70278-0_39","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017]]}}}