{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,13]],"date-time":"2026-04-13T12:57:34Z","timestamp":1776085054927,"version":"3.50.1"},"reference-count":108,"publisher":"Association for Computing Machinery (ACM)","issue":"3","license":[{"start":{"date-parts":[[2023,4,14]],"date-time":"2023-04-14T00:00:00Z","timestamp":1681430400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100000038","name":"Natural Sciences and Engineering Research Council of Canada","doi-asserted-by":"crossref","award":["RGPIN-2015-05629"],"award-info":[{"award-number":["RGPIN-2015-05629"]}],"id":[{"id":"10.13039\/501100000038","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Priv. Secur."],"published-print":{"date-parts":[[2023,8,30]]},"abstract":"<jats:p>Phishing is recognized as a serious threat to organizations and individuals. While there have been significant technical advances in blocking phishing attacks, end-users remain the last line of defence after phishing emails reach their email inboxes. Most of the existing literature on this subject has focused on the technical aspects related to phishing. The factors that cause humans to be susceptible to phishing attacks are still not well-understood. To fill this gap, we reviewed the available literature and systematically categorized the phishing susceptibility variables studied. We classify variables based on their temporal scope, which led us to propose a three-stage Phishing Susceptibility Model (PSM) for explaining how humans are vulnerable to phishing attacks. This model reveals several research gaps that need to be addressed to understand and improve protection against phishing susceptibility. Our review also systematizes existing studies by their sample size and generalizability and further suggests a practical impact assessment of the value of studying variables: Some more easily lead to improvements than others. We believe that this article can provide guidelines for future phishing susceptibility research to improve experiment design and the quality of findings.<\/jats:p>","DOI":"10.1145\/3575797","type":"journal-article","created":{"date-parts":[[2022,12,9]],"date-time":"2022-12-09T12:12:04Z","timestamp":1670587924000},"page":"1-27","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":43,"title":["SoK: Human-centered Phishing Susceptibility"],"prefix":"10.1145","volume":"26","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-7741-0022","authenticated-orcid":false,"given":"Sijie","family":"Zhuo","sequence":"first","affiliation":[{"name":"University of Auckland, Auckland, New Zealand"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5971-2705","authenticated-orcid":false,"given":"Robert","family":"Biddle","sequence":"additional","affiliation":[{"name":"University of Auckland, Auckland, New Zealand and Carleton University, Ottawa, Canada"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7256-4049","authenticated-orcid":false,"given":"Yun Sing","family":"Koh","sequence":"additional","affiliation":[{"name":"University of Auckland, Auckland, New Zealand"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5541-4425","authenticated-orcid":false,"given":"Danielle","family":"Lottridge","sequence":"additional","affiliation":[{"name":"University of Auckland, Auckland, New Zealand"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6987-0803","authenticated-orcid":false,"given":"Giovanni","family":"Russello","sequence":"additional","affiliation":[{"name":"University of Auckland, Auckland, New Zealand"}]}],"member":"320","published-online":{"date-parts":[[2023,4,14]]},"reference":[{"key":"e_1_3_2_2_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijhcs.2011.10.003"},{"key":"e_1_3_2_3_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-07674-4_89"},{"key":"e_1_3_2_4_2","first-page":"3716","volume-title":"19th Americas Conference on Information Systems","author":"Alseadoon Ibrahim","year":"2013","unstructured":"Ibrahim Alseadoon, Mohd Othman, Ernest Foo, and Taizan Chan. 2013. Typology of phishing email victims based on their behavioural response. In 19th Americas Conference on Information Systems. Association for Information Systems (AIS), http:\/\/aisel.aisnet.org\/, 3716\u20133724. Retrieved fromhttps:\/\/eprints.qut.edu.au\/68373\/."},{"key":"e_1_3_2_5_2","first-page":"73","volume-title":"International Conference on Decision Support System Technology","author":"Arduin Pierre-Emmanuel","year":"2020","unstructured":"Pierre-Emmanuel Arduin. 2020. To click or not to click? Deciding to trust or distrust phishing emails. In International Conference on Decision Support System Technology. Springer, 73\u201385."},{"key":"e_1_3_2_6_2","first-page":"271","article-title":"Analysis of student vulnerabilities to phishing","author":"Bailey Janet L.","year":"2008","unstructured":"Janet L. Bailey, Robert B. Mitchell, and Bradley K. Jensen. 2008. Analysis of student vulnerabilities to phishing. AMCIS 2008 Proc. (2008), 271.","journal-title":"AMCIS 2008 Proc."},{"key":"e_1_3_2_7_2","doi-asserted-by":"publisher","DOI":"10.1371\/journal.pone.0224216"},{"key":"e_1_3_2_8_2","doi-asserted-by":"crossref","first-page":"3469","DOI":"10.1145\/1978942.1979459","volume-title":"SIGCHI Conference on Human Factors in Computing Systems","author":"Blythe Mark","year":"2011","unstructured":"Mark Blythe, Helen Petrie, and John A. Clark. 2011. F for fake: Four studies on how we fall for phish. In SIGCHI Conference on Human Factors in Computing Systems. 3469\u20133478."},{"key":"e_1_3_2_9_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cogbrainres.2005.04.011"},{"key":"e_1_3_2_10_2","doi-asserted-by":"publisher","DOI":"10.1057\/ejis.2015.21"},{"key":"e_1_3_2_11_2","doi-asserted-by":"publisher","DOI":"10.1145\/3407023.3409178"},{"issue":"1","key":"e_1_3_2_12_2","doi-asserted-by":"crossref","first-page":"26","DOI":"10.3758\/BF03210724","article-title":"Accounts of the confidence-accuracy relation in recognition memory","volume":"7","author":"Busey Thomas A.","year":"2000","unstructured":"Thomas A. Busey, Jennifer Tunnicliff, Geoffrey R. Loftus, and Elizabeth F. Loftus. 2000. Accounts of the confidence-accuracy relation in recognition memory. Psychon. Bull. Rev. 7, 1 (2000), 26\u201348.","journal-title":"Psychon. Bull. Rev."},{"key":"e_1_3_2_13_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijhcs.2011.05.003"},{"key":"e_1_3_2_14_2","doi-asserted-by":"publisher","DOI":"10.1177\/0018720816665025"},{"key":"e_1_3_2_15_2","doi-asserted-by":"publisher","DOI":"10.1007\/s11409-019-09197-5"},{"issue":"1","key":"e_1_3_2_16_2","first-page":"247","article-title":"Phishing attacks and defenses","volume":"10","author":"Chaudhry Junaid Ahsenali","year":"2016","unstructured":"Junaid Ahsenali Chaudhry, Shafique Ahmad Chaudhry, and Robert G. Rittenhouse. 2016. Phishing attacks and defenses. Int. J. Secur. Applic. 10, 1 (2016), 247\u2013256.","journal-title":"Int. J. Secur. Applic."},{"issue":"4","key":"e_1_3_2_17_2","doi-asserted-by":"crossref","first-page":"1651","DOI":"10.3390\/su13041651","article-title":"Mindless response or mindful interpretation: Examining the effect of message influence on phishing susceptibility","volume":"13","author":"Chou Frank Kun-Yueh","year":"2021","unstructured":"Frank Kun-Yueh Chou, Abbott Po-Shun Chen, and Vincent Cheng-Lung Lo. 2021. Mindless response or mindful interpretation: Examining the effect of message influence on phishing susceptibility. Sustainability 13, 4 (2021), 1651.","journal-title":"Sustainability"},{"issue":"2","key":"e_1_3_2_18_2","first-page":"322","article-title":"Relationship between phishing techniques and user personality model of Bangkok internet users","volume":"36","author":"Chuchuen Chat","year":"2015","unstructured":"Chat Chuchuen and Pisit Chanvarasuth. 2015. Relationship between phishing techniques and user personality model of Bangkok internet users. Kasetsart J. Soc. Sci. 36, 2 (2015), 322\u2013334.","journal-title":"Kasetsart J. Soc. Sci."},{"key":"e_1_3_2_19_2","volume-title":"Influence: Science and Practice","author":"Cialdini Robert B.","year":"2009","unstructured":"Robert B. Cialdini. 2009. Influence: Science and Practice. Vol. 4. Pearson Education Boston, MA."},{"key":"e_1_3_2_20_2","volume-title":"International Conference on Financial Cryptography and Data Security","author":"Clark Jeremy","year":"2021","unstructured":"Jeremy Clark, Paul C. van Oorschot, Scott Ruoti, Kent Seamons, and Daniel Zappala. 2021. SoK: Securing email\u2014a stakeholder-based analysis. In International Conference on Financial Cryptography and Data Security. Springer, Berlin."},{"key":"e_1_3_2_21_2","volume-title":"2021 Ransomware Victims Report","year":"2020","unstructured":"Cloudian. 2020. 2021 Ransomware Victims Report. Technical Report. Cloudian."},{"key":"e_1_3_2_22_2","doi-asserted-by":"publisher","DOI":"10.4324\/9780203771587"},{"key":"e_1_3_2_23_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.chb.2018.05.037"},{"key":"e_1_3_2_24_2","volume-title":"Conference on Digital Forensics, Security and Law","author":"Datar Tejashree D.","year":"2014","unstructured":"Tejashree D. Datar, Kelly A Cole, and Marcus K. Rogers. 2014. Awareness of scam e-mails: An exploratory research study. In Conference on Digital Forensics, Security and Law. Association of Digital Forensics Security and Law."},{"key":"e_1_3_2_25_2","doi-asserted-by":"publisher","DOI":"10.1080\/01611194.2019.1623343"},{"key":"e_1_3_2_26_2","doi-asserted-by":"crossref","first-page":"37","DOI":"10.1145\/1299015.1299019","volume-title":"Anti-phishing Working Groups 2nd Annual Ecrime Researchers Summit","author":"Downs Julie S.","year":"2007","unstructured":"Julie S. Downs, Mandy Holbrook, and Lorrie Faith Cranor. 2007. Behavioral response to phishing risk. In Anti-phishing Working Groups 2nd Annual Ecrime Researchers Summit. 37\u201344."},{"key":"e_1_3_2_27_2","unstructured":"Empatica. 2022. Emparica E4. Retrieved from https:\/\/www.empatica.com\/research\/e4\/."},{"key":"e_1_3_2_28_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2017.09.007"},{"key":"e_1_3_2_29_2","doi-asserted-by":"publisher","DOI":"10.1007\/PL00005481"},{"key":"e_1_3_2_30_2","first-page":"36","volume-title":"International Conference on Human Aspects of Information Security, Privacy, and Trust","author":"Ferreira Ana","year":"2015","unstructured":"Ana Ferreira, Lynne Coventry, and Gabriele Lenzini. 2015. Principles of persuasion in social engineering and their use in phishing. In International Conference on Human Aspects of Information Security, Privacy, and Trust. Springer, 36\u201347."},{"key":"e_1_3_2_31_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jesp.2008.04.010"},{"key":"e_1_3_2_32_2","volume-title":"Who Bites the Hook? Investigating Employees\u2019 Susceptibility to Phishing: A Randomized Field Experiment","author":"Franz Anjuli","year":"2021","unstructured":"Anjuli Franz, Evgheni Croitor, et\u00a0al. 2021. Who Bites the Hook? Investigating Employees\u2019 Susceptibility to Phishing: A Randomized Field Experiment. Technical Report. Darmstadt Technical University, Department of Business Administration."},{"key":"e_1_3_2_33_2","first-page":"339","volume-title":"17th Symposium on Usable Privacy and Security (SOUPS\u201921)","author":"Franz Anjuli","year":"2021","unstructured":"Anjuli Franz, Verena Zimmermann, Gregor Albrecht, Katrin Hartwig, Christian Reuter, Alexander Benlian, and Joachim Vogt. 2021. SoK: Still plenty of phish in the sea\u2014A taxonomy of user-oriented phishing interventions and avenues for future research. In 17th Symposium on Usable Privacy and Security (SOUPS\u201921). 339\u2013358."},{"issue":"1","key":"e_1_3_2_34_2","first-page":"2","article-title":"Got phished? Internet security and human vulnerability","volume":"18","author":"Goel Sanjay","year":"2017","unstructured":"Sanjay Goel, Kevin Williams, and Ersin Dincelli. 2017. Got phished? Internet security and human vulnerability. J. Assoc. Inf. Syst. 18, 1 (2017), 2.","journal-title":"J. Assoc. Inf. Syst."},{"issue":"3","key":"e_1_3_2_35_2","first-page":"e190393\u2013e190393","article-title":"Assessment of employee susceptibility to phishing attacks at US health care institutions","volume":"2","author":"Gordon William J.","year":"2019","unstructured":"William J. Gordon, Adam Wright, Ranjit Aiyagari, Leslie Corbo, Robert J. Glynn, Jigar Kadakia, Jack Kufahl, Christina Mazzone, James Noga, Mark Parkulo, et\u00a0al. 2019. Assessment of employee susceptibility to phishing attacks at US health care institutions. JAMA Netw. Open 2, 3 (2019), e190393\u2013e190393.","journal-title":"JAMA Netw. Open"},{"key":"e_1_3_2_36_2","first-page":"1","article-title":"A multi-level defense against social engineering","volume":"13","author":"Gragg David","year":"2003","unstructured":"David Gragg. 2003. A multi-level defense against social engineering. SANS Read. Room 13 (2003), 1\u201321.","journal-title":"SANS Read. Room"},{"issue":"12","key":"e_1_3_2_37_2","doi-asserted-by":"crossref","first-page":"1371","DOI":"10.1080\/01639625.2016.1254980","article-title":"Capable guardians in the digital environment: The role of digital literacy in reducing phishing victimization","volume":"38","author":"Graham Roderick","year":"2017","unstructured":"Roderick Graham and Ruth Triplett. 2017. Capable guardians in the digital environment: The role of digital literacy in reducing phishing victimization. Dev. Behav. 38, 12 (2017), 1371\u20131382.","journal-title":"Dev. Behav."},{"key":"e_1_3_2_38_2","doi-asserted-by":"publisher","DOI":"10.1145\/3461672"},{"key":"e_1_3_2_39_2","doi-asserted-by":"publisher","DOI":"10.1093\/geronb\/gbaa228"},{"key":"e_1_3_2_40_2","doi-asserted-by":"publisher","DOI":"10.3758\/s13428-020-01495-0"},{"key":"e_1_3_2_41_2","doi-asserted-by":"crossref","DOI":"10.1108\/17410401011052869","article-title":"The effect of stress and satisfaction on productivity","author":"Halkos George","year":"2010","unstructured":"George Halkos and Dimitrios Bousinakis. 2010. The effect of stress and satisfaction on productivity. Int. J. Product. Perform. Manag. (2010).","journal-title":"Int. J. Product. Perform. Manag."},{"key":"e_1_3_2_42_2","doi-asserted-by":"crossref","DOI":"10.1108\/OIR-04-2015-0106","article-title":"Individual processing of phishing emails","author":"Harrison Brynne","year":"2016","unstructured":"Brynne Harrison, Elena Svetieva, and Arun Vishwanath. 2016. Individual processing of phishing emails. Online Inf. Rev. (2016).","journal-title":"Online Inf. Rev."},{"key":"e_1_3_2_43_2","first-page":"3483","volume-title":"48th Hawaii International Conference on System Sciences","author":"Harrison Brynne","year":"2015","unstructured":"Brynne Harrison, Arun Vishwanath, Yu Jie Ng, and Raghav Rao. 2015. Examining the impact of presence on individual phishing victimization. In 48th Hawaii International Conference on System Sciences. IEEE, 3483\u20133489."},{"key":"e_1_3_2_44_2","first-page":"357","volume-title":"IEEE 18th International Enterprise Distributed Object Computing Conference Workshops and Demonstrations","author":"Holm Hannes","year":"2014","unstructured":"Hannes Holm, Waldo Rocha Flores, Marcus Nohlberg, and Mathias Ekstedt. 2014. An empirical investigation of the effect of target-related information in phishing attacks. In IEEE 18th International Enterprise Distributed Object Computing Conference Workshops and Demonstrations. IEEE, 357\u2013363."},{"key":"e_1_3_2_45_2","first-page":"1","article-title":"Phishing: Message appraisal and the exploration of fear and self-confidence","author":"House Deanna","year":"2019","unstructured":"Deanna House and M. K. Raja. 2019. Phishing: Message appraisal and the exploration of fear and self-confidence. Behav. Inf. Technol. (2019), 1\u201321.","journal-title":"Behav. Inf. Technol."},{"issue":"3","key":"e_1_3_2_46_2","doi-asserted-by":"crossref","first-page":"291","DOI":"10.1006\/jevp.2001.0222","article-title":"Effects of noise, heat and indoor lighting on cognitive performance and self-reported affect","volume":"21","author":"Hygge Staffan","year":"2001","unstructured":"Staffan Hygge and Igor Knez. 2001. Effects of noise, heat and indoor lighting on cognitive performance and self-reported affect. J. Environ. Psychol. 21, 3 (2001), 291\u2013299.","journal-title":"J. Environ. Psychol."},{"issue":"4","key":"e_1_3_2_47_2","first-page":"468","article-title":"Impact of stress on employee productivity, performance and turnover; an important managerial issue","volume":"5","author":"Imtiaz Subha","year":"2009","unstructured":"Subha Imtiaz and Shakil Ahmad. 2009. Impact of stress on employee productivity, performance and turnover; an important managerial issue. Int. Rev. Bus. Res. Pap. 5, 4 (2009), 468\u2013477.","journal-title":"Int. Rev. Bus. Res. Pap."},{"key":"e_1_3_2_48_2","doi-asserted-by":"publisher","DOI":"10.2196\/16775"},{"issue":"1","key":"e_1_3_2_49_2","first-page":"1","article-title":"Don\u2019t click: Towards an effective anti-phishing training. A comparative literature review","volume":"10","author":"Jampen Daniel","year":"2020","unstructured":"Daniel Jampen, G\u00fcrkan G\u00fcr, Thomas Sutter, and Bernhard Tellenbach. 2020. Don\u2019t click: Towards an effective anti-phishing training. A comparative literature review. Hum.-centr. Comput. Inf. Sci. 10, 1 (2020), 1\u201341.","journal-title":"Hum.-centr. Comput. Inf. Sci."},{"key":"e_1_3_2_50_2","doi-asserted-by":"crossref","DOI":"10.1108\/ICS-03-2018-0038","article-title":"Persuading end-users to act cautiously online: A fear appeals study on phishing","author":"Jansen Jurjen","year":"2018","unstructured":"Jurjen Jansen and Paul Van Schaik. 2018. Persuading end-users to act cautiously online: A fear appeals study on phishing. Inf. Comput. Secur. (2018).","journal-title":"Inf. Comput. Secur."},{"key":"e_1_3_2_51_2","article-title":"Falling for phishing: An empirical investigation into people\u2019s email response behaviors","author":"Jayatilaka Asangi","year":"2021","unstructured":"Asangi Jayatilaka, Nalin Asanka Gamagedara Arachchilage, and Muhammad Ali Babar. 2021. Falling for phishing: An empirical investigation into people\u2019s email response behaviors. arXiv preprint arXiv:2108.04766 (2021).","journal-title":"arXiv preprint arXiv:2108.04766"},{"issue":"1999","key":"e_1_3_2_52_2","first-page":"102","article-title":"The big five trait taxonomy: History, measurement, and theoretical perspectives","volume":"2","author":"John Oliver P.","year":"1999","unstructured":"Oliver P. John, Sanjay Srivastava, et\u00a0al. 1999. The big five trait taxonomy: History, measurement, and theoretical perspectives. Handb. Personal. Theor. Res. 2, 1999 (1999), 102\u2013138.","journal-title":"Handb. Personal. Theor. Res."},{"key":"e_1_3_2_53_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.chb.2012.06.031"},{"key":"e_1_3_2_54_2","volume-title":"Thinking, Fast and Slow","author":"Kahneman Daniel","year":"2011","unstructured":"Daniel Kahneman. 2011. Thinking, Fast and Slow. Farrar, Straus and Giroux, New York."},{"key":"e_1_3_2_55_2","doi-asserted-by":"publisher","DOI":"10.1111\/j.1467-9280.2007.01948.x"},{"key":"e_1_3_2_56_2","doi-asserted-by":"publisher","DOI":"10.2308\/jis.2010.24.2.79"},{"issue":"2","key":"e_1_3_2_57_2","first-page":"179","article-title":"The eustress concept: Problems and outlooks","volume":"11","author":"Kupriyanov Roman","year":"2014","unstructured":"Roman Kupriyanov and Renad Zhdanov. 2014. The eustress concept: Problems and outlooks. World J. Med. Sci. 11, 2 (2014), 179\u2013185.","journal-title":"World J. Med. Sci."},{"key":"e_1_3_2_58_2","article-title":"Phishing in organizations: Findings from a large-scale and long-term study","author":"Lain Daniele","year":"2021","unstructured":"Daniele Lain, Kari Kostiainen, and Srdjan Capkun. 2021. Phishing in organizations: Findings from a large-scale and long-term study. arXiv preprint arXiv:2112.07498 (2021).","journal-title":"arXiv preprint arXiv:2112.07498"},{"key":"e_1_3_2_59_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.apergo.2020.103084"},{"key":"e_1_3_2_60_2","article-title":"Eustress, distress, and interpretation in occupational stress","author":"Fevre Mark Le","year":"2003","unstructured":"Mark Le Fevre, Jonathan Matheny, and Gregory S. Kolt. 2003. Eustress, distress, and interpretation in occupational stress. J. Manager. Psychol. (2003).","journal-title":"J. Manager. Psychol."},{"key":"e_1_3_2_61_2","doi-asserted-by":"publisher","DOI":"10.1145\/3336141"},{"key":"e_1_3_2_62_2","doi-asserted-by":"publisher","DOI":"10.1111\/1469-8986.3750614"},{"key":"e_1_3_2_63_2","doi-asserted-by":"publisher","DOI":"10.1177\/1557234X11410385"},{"key":"e_1_3_2_64_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2012.12.003"},{"key":"e_1_3_2_65_2","first-page":"1","volume-title":"1st International Conference on Anti-cybercrime (ICACC)","author":"Manasrah Ahmed","year":"2015","unstructured":"Ahmed Manasrah, Mohammed Akour, and Emad Alsukhni. 2015. Toward improving university students awareness of spam email and cybercrime: Case study of Jordan. In 1st International Conference on Anti-cybercrime (ICACC). IEEE, 1\u20136."},{"issue":"2","key":"e_1_3_2_66_2","article-title":"Does mind wandering reflect executive function or executive failure? Comment on Smallwood and Schooler (2006) and Watkins (2008).","volume":"136","author":"McVay Jennifer C.","year":"2010","unstructured":"Jennifer C. McVay and Michael J. Kane. 2010. Does mind wandering reflect executive function or executive failure? Comment on Smallwood and Schooler (2006) and Watkins (2008). Psychol. Bull. 136, 2 (2010).","journal-title":"Psychol. Bull."},{"key":"e_1_3_2_67_2","first-page":"249","volume-title":"International Conference on Innovations in Information Technology (IIT)","author":"Mohebzada Jamshaid G.","year":"2012","unstructured":"Jamshaid G. Mohebzada, Ahmed El Zarka, Arsalan H. B. Hojani, and Ali Darwish. 2012. Phishing in a university community: Two large scale phishing experiments. In International Conference on Innovations in Information Technology (IIT). IEEE, 249\u2013254."},{"key":"e_1_3_2_68_2","first-page":"173","volume-title":"Proceedings of the Human Factors and Ergonomics Society Annual Meeting","volume":"63","author":"Molinaro Kylie A.","year":"2019","unstructured":"Kylie A. Molinaro and Matthew L. Bolton. 2019. Using the lens model and cognitive continuum theory to understand the effects of cognition on phishing victimization. In Proceedings of the Human Factors and Ergonomics Society Annual Meeting, Vol. 63. SAGE Publications Sage CA, Los Angeles, CA, 173\u2013177."},{"key":"e_1_3_2_69_2","doi-asserted-by":"publisher","DOI":"10.1016\/S1364-6613(03)00028-7"},{"key":"e_1_3_2_70_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.chb.2018.12.036"},{"issue":"3","key":"e_1_3_2_71_2","doi-asserted-by":"crossref","first-page":"231","DOI":"10.1007\/s11896-019-09334-5","article-title":"The psychology of internet fraud victimisation: A systematic review","volume":"34","author":"Norris Gareth","year":"2019","unstructured":"Gareth Norris, Alexandra Brookes, and David Dowell. 2019. The psychology of internet fraud victimisation: A systematic review. J. Police Crimin. Psychol. 34, 3 (2019), 231\u2013245.","journal-title":"J. Police Crimin. Psychol."},{"key":"e_1_3_2_72_2","first-page":"361","volume-title":"29th USENIX Security Symposium","author":"Oest Adam","year":"2020","unstructured":"Adam Oest, Penghui Zhang, Brad Wardman, Eric Nunes, Jakub Burgis, Ali Zand, Kurt Thomas, Adam Doup\u00e9, and Gail-Joon Ahn. 2020. Sunrise to sunset: Analyzing the end-to-end life cycle and effectiveness of phishing attacks at scale. In 29th USENIX Security Symposium. 361\u2013377."},{"key":"e_1_3_2_73_2","article-title":"Do users focus on the correct cues to differentiate between phishing and genuine emails?","author":"Parsons Kathryn","year":"2016","unstructured":"Kathryn Parsons, Marcus Butavicius, Malcolm Pattinson, Dragana Calic, Agata Mccormac, and Cate Jerram. 2016. Do users focus on the correct cues to differentiate between phishing and genuine emails? arXiv preprint arXiv:1605.04717 (2016).","journal-title":"arXiv preprint arXiv:1605.04717"},{"key":"e_1_3_2_74_2","first-page":"366","volume-title":"IFIP International Information Security Conference","author":"Parsons Kathryn","year":"2013","unstructured":"Kathryn Parsons, Agata McCormac, Malcolm Pattinson, Marcus Butavicius, and Cate Jerram. 2013. Phishing for the truth: A scenario-based experiment of users\u2019 behavioural response to emails. In IFIP International Information Security Conference. Springer, 366\u2013378."},{"key":"e_1_3_2_75_2","doi-asserted-by":"publisher","DOI":"10.1108\/09685221211219173"},{"key":"e_1_3_2_76_2","first-page":"659","volume-title":"IEEE International Conference on Systems, Man, and Cybernetics (SMC)","author":"Pearson Ed","year":"2017","unstructured":"Ed Pearson, Cindy L. Bethel, Andrew F. Jarosz, and Mitchell E. Berman. 2017. \u201cTo click or not to click is the question\u201d: Fraudulent URL identification accuracy in a community sample. In IEEE International Conference on Systems, Man, and Cybernetics (SMC). IEEE, 659\u2013664."},{"key":"e_1_3_2_77_2","doi-asserted-by":"publisher","DOI":"10.1177\/0735633117699232"},{"key":"e_1_3_2_78_2","first-page":"1","volume-title":"CHI Conference on Human Factors in Computing Systems","author":"Petelka Justin","year":"2019","unstructured":"Justin Petelka, Yixin Zou, and Florian Schaub. 2019. Put your warning where your link is: Improving and evaluating email phishing warnings. In CHI Conference on Human Factors in Computing Systems. 1\u201315."},{"key":"e_1_3_2_79_2","first-page":"101766","article-title":"The impact of formal and informal organizational norms on susceptibility to phishing: Combining survey and field experiment data","author":"Petri\u010d Gregor","year":"2021","unstructured":"Gregor Petri\u010d and Kai Roer. 2021. The impact of formal and informal organizational norms on susceptibility to phishing: Combining survey and field experiment data. Telem. Inform. (2021), 101766.","journal-title":"Telem. Inform."},{"key":"e_1_3_2_80_2","first-page":"277","volume-title":"International Conference on Human-Computer Interaction","author":"Pfeffel Kevin","year":"2019","unstructured":"Kevin Pfeffel, Philipp Ulsamer, and Nicholas H. M\u00fcller. 2019. Where the user does look when reading phishing mails\u2013an eye-tracking study. In International Conference on Human-Computer Interaction. Springer, 277\u2013287."},{"key":"e_1_3_2_81_2","unstructured":"Polar. 2022. Polar OH1 - Optical Heart Rate Sensor. Retrieved from https:\/\/www.polar.com\/au-en\/products\/accessories\/oh1-optical-heart-rate-sensor."},{"key":"e_1_3_2_82_2","first-page":"1","volume-title":"CHI Conference on Human Factors in Computing Systems","author":"Redmiles Elissa M.","year":"2018","unstructured":"Elissa M. Redmiles, Neha Chachra, and Brian Waismeyer. 2018. Examining the demand for spam: Who clicks? In CHI Conference on Human Factors in Computing Systems. 1\u201310."},{"key":"e_1_3_2_83_2","unstructured":"Emils Rozentals. 2021. Email load and stress impact on susceptibility to phishing and scam emails."},{"issue":"5","key":"e_1_3_2_84_2","doi-asserted-by":"crossref","first-page":"704","DOI":"10.1177\/0018720819855570","article-title":"Which phish is on the hook? Phishing vulnerability for older versus younger adults","volume":"62","author":"Sarno Dawn M.","year":"2020","unstructured":"Dawn M. Sarno, Joanna E. Lewis, Corey J. Bohil, and Mark B. Neider. 2020. Which phish is on the hook? Phishing vulnerability for older versus younger adults. Hum. Fact. 62, 5 (2020), 704\u2013717.","journal-title":"Hum. Fact."},{"key":"e_1_3_2_85_2","first-page":"1735","volume-title":"Proceedings of the Human Factors and Ergonomics Society Annual Meeting","volume":"61","author":"Sarno Dawn M.","year":"2017","unstructured":"Dawn M. Sarno, Joanna E. Lewis, Corey J. Bohil, Mindy K. Shoss, and Mark B. Neider. 2017. Who are phishers luring?: A demographic analysis of those susceptible to fake emails. In Proceedings of the Human Factors and Ergonomics Society Annual Meeting, Vol. 61. SAGE Publications Sage CA, Los Angeles, CA, 1735\u20131739."},{"key":"e_1_3_2_86_2","article-title":"So many phish, so little time: Exploring email task factors and phishing susceptibility","author":"Sarno Dawn M.","year":"2021","unstructured":"Dawn M. Sarno and Mark B. Neider. 2021. So many phish, so little time: Exploring email task factors and phishing susceptibility. Hum. Fact. (2021).","journal-title":"Hum. Fact."},{"key":"e_1_3_2_87_2","doi-asserted-by":"crossref","first-page":"373","DOI":"10.1145\/1753326.1753383","volume-title":"SIGCHI Conference on Human Factors in Computing Systems","author":"Sheng Steve","year":"2010","unstructured":"Steve Sheng, Mandy Holbrook, Ponnurangam Kumaraguru, Lorrie Faith Cranor, and Julie Downs. 2010. Who falls for phish? A demographic analysis of phishing susceptibility and effectiveness of interventions. In SIGCHI Conference on Human Factors in Computing Systems. 373\u2013382."},{"issue":"2","key":"e_1_3_2_88_2","doi-asserted-by":"crossref","first-page":"271","DOI":"10.1037\/a0014855","article-title":"Shifting moods, wandering minds: Negative moods lead the mind to wander.","volume":"9","author":"Smallwood Jonathan","year":"2009","unstructured":"Jonathan Smallwood, Annamay Fitzgerald, Lynden K. Miles, and Louise H. Phillips. 2009. Shifting moods, wandering minds: Negative moods lead the mind to wander. Emotion 9, 2 (2009), 271.","journal-title":"Emotion"},{"key":"e_1_3_2_89_2","first-page":"1","volume-title":"APWG Symposium on Electronic Crime Research (eCrime)","author":"Sommestad Teodor","year":"2019","unstructured":"Teodor Sommestad and Henrik Karlz\u00e9n. 2019. A meta-analysis of field experiments on phishing susceptibility. In APWG Symposium on Electronic Crime Research (eCrime). IEEE, 1\u201314."},{"key":"e_1_3_2_90_2","doi-asserted-by":"publisher","DOI":"10.1145\/1897852.1897872"},{"key":"e_1_3_2_91_2","doi-asserted-by":"publisher","DOI":"10.4300\/JGME-D-12-00156.1"},{"key":"e_1_3_2_92_2","first-page":"564","volume-title":"IFIP Conference on Human-computer Interaction","author":"Taib Ronnie","year":"2019","unstructured":"Ronnie Taib, Kun Yu, Shlomo Berkovsky, Mark Wiggins, and Piers Bayl-Smith. 2019. Social engineering and organisational dependencies in phishing attacks. In IFIP Conference on Human-computer Interaction. Springer, 564\u2013584."},{"issue":"1","key":"e_1_3_2_93_2","first-page":"1","article-title":"Effects of sad and happy music on mind-wandering and the default mode network","volume":"7","author":"Taruffi Liila","year":"2017","unstructured":"Liila Taruffi, Corinna Pehrs, Stavros Skouras, and Stefan Koelsch. 2017. Effects of sad and happy music on mind-wandering and the default mode network. Sci. Rep. 7, 1 (2017), 1\u201310.","journal-title":"Sci. Rep."},{"key":"e_1_3_2_94_2","volume-title":"14th Pre-ICIS Workshop on Information Security and Privacy","author":"Tian Chuan Annie","year":"2019","unstructured":"Chuan Annie Tian and Matthew L. Jensen. 2019. Effects of emotional appeals on phishing susceptibility. In 14th Pre-ICIS Workshop on Information Security and Privacy."},{"key":"e_1_3_2_95_2","doi-asserted-by":"crossref","first-page":"564","DOI":"10.1007\/978-3-030-40690-5_54","volume-title":"International Conference on Information Technology & Systems","author":"Tjostheim Ingvar","year":"2020","unstructured":"Ingvar Tjostheim and John A. Waterworth. 2020. Predicting personal susceptibility to phishing. In International Conference on Information Technology & Systems. Springer, 564\u2013575."},{"key":"e_1_3_2_96_2","volume-title":"The Individual Differences in Cue Utilisation, Decision Making, and Time Pressure on Phishing Susceptibility","author":"Valenzuela Chelsea","year":"2021","unstructured":"Chelsea Valenzuela. 2021. The Individual Differences in Cue Utilisation, Decision Making, and Time Pressure on Phishing Susceptibility. Ph. D. Dissertation."},{"issue":"8","key":"e_1_3_2_97_2","doi-asserted-by":"crossref","first-page":"1569","DOI":"10.1007\/s40279-016-0672-0","article-title":"The effects of mental fatigue on physical performance: A systematic review","volume":"47","author":"Cutsem Jeroen Van","year":"2017","unstructured":"Jeroen Van Cutsem, Samuele Marcora, Kevin De Pauw, Stephen Bailey, Romain Meeusen, and Bart Roelands. 2017. The effects of mental fatigue on physical performance: A systematic review. Sports Med. 47, 8 (2017), 1569\u20131588.","journal-title":"Sports Med."},{"issue":"8","key":"e_1_3_2_98_2","doi-asserted-by":"crossref","first-page":"1146","DOI":"10.1177\/0093650215627483","article-title":"Suspicion, cognition, and automaticity model of phishing susceptibility","volume":"45","author":"Vishwanath Arun","year":"2018","unstructured":"Arun Vishwanath, Brynne Harrison, and Yu Jie Ng. 2018. Suspicion, cognition, and automaticity model of phishing susceptibility. Commun. Res. 45, 8 (2018), 1146\u20131166.","journal-title":"Commun. Res."},{"key":"e_1_3_2_99_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2011.03.002"},{"issue":"11","key":"e_1_3_2_100_2","first-page":"1","article-title":"Overconfidence in phishing email detection","volume":"17","author":"Wang Jingguo","year":"2016","unstructured":"Jingguo Wang, Yuan Li, and H. Raghav Rao. 2016. Overconfidence in phishing email detection. J. Assoc. Inf. Syst. 17, 11 (2016), 1.","journal-title":"J. Assoc. Inf. Syst."},{"key":"e_1_3_2_101_2","doi-asserted-by":"publisher","DOI":"10.1287\/isre.2016.0680"},{"key":"e_1_3_2_102_2","doi-asserted-by":"publisher","DOI":"10.1145\/3415231"},{"key":"e_1_3_2_103_2","doi-asserted-by":"publisher","DOI":"10.4018\/IJCBPL.2015100101"},{"key":"e_1_3_2_104_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijhcs.2018.06.004"},{"key":"e_1_3_2_105_2","doi-asserted-by":"publisher","DOI":"10.1080\/0144929X.2018.1519599"},{"key":"e_1_3_2_106_2","doi-asserted-by":"publisher","DOI":"10.1080\/03637759209376276"},{"issue":"2","key":"e_1_3_2_107_2","doi-asserted-by":"crossref","first-page":"385","DOI":"10.1287\/isre.2014.0522","article-title":"Research note-influence techniques in phishing attacks: An examination of vulnerability and resistance","volume":"25","author":"Wright Ryan T.","year":"2014","unstructured":"Ryan T. Wright, Matthew L. Jensen, Jason Bennett Thatcher, Michael Dinger, and Kent Marett. 2014. Research note-influence techniques in phishing attacks: An examination of vulnerability and resistance. Inf. Syst. Res. 25, 2 (2014), 385\u2013400.","journal-title":"Inf. Syst. Res."},{"key":"e_1_3_2_108_2","first-page":"765","volume-title":"Human Factors and Ergonomics Society Annual Meeting","author":"Zielinska Olga A.","year":"2016","unstructured":"Olga A. Zielinska, Allaire K. Welk, Christopher B. Mayhorn, and Emerson Murphy-Hill. 2016. A temporal analysis of persuasion principles in phishing emails. In Human Factors and Ergonomics Society Annual Meeting. 765\u2013769."},{"key":"e_1_3_2_109_2","volume-title":"Human Behavior and the Principle of Least Effort: An Introduction to Human Ecology","author":"Zipf George Kingsley","year":"2016","unstructured":"George Kingsley Zipf. 2016. Human Behavior and the Principle of Least Effort: An Introduction to Human Ecology. Ravenio Books."}],"container-title":["ACM Transactions on Privacy and Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3575797","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3575797","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T17:51:21Z","timestamp":1750182681000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3575797"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,4,14]]},"references-count":108,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2023,8,30]]}},"alternative-id":["10.1145\/3575797"],"URL":"https:\/\/doi.org\/10.1145\/3575797","relation":{},"ISSN":["2471-2566","2471-2574"],"issn-type":[{"value":"2471-2566","type":"print"},{"value":"2471-2574","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,4,14]]},"assertion":[{"value":"2022-03-27","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2022-11-28","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2023-04-14","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}