English

SoK: Human-Centered Phishing Susceptibility

Cryptography and Security 2022-02-17 v1 Computers and Society Human-Computer Interaction

Abstract

Phishing is recognised as a serious threat to organisations and individuals. While there have been significant technical advances in blocking phishing attacks, people remain the last line of defence after phishing emails reach their email client. Most of the existing literature on this subject has focused on the technical aspects related to phishing. However, the factors that cause humans to be susceptible to phishing attacks are still not well-understood. To fill this gap, we reviewed the available literature and we propose a three-stage Phishing Susceptibility Model (PSM) for explaining how humans are involved in phishing detection and prevention, and we systematically investigate the phishing susceptibility variables studied in the literature and taxonomize them using our model. This model reveals several research gaps that need to be addressed to improve users' detection performance. We also propose a practical impact assessment of the value of studying the phishing susceptibility variables, and quality of evidence criteria. These can serve as guidelines for future research to improve experiment design, result quality, and increase the reliability and generalizability of findings.

Keywords

Cite

@article{arxiv.2202.07905,
  title  = {SoK: Human-Centered Phishing Susceptibility},
  author = {Sijie Zhuo and Robert Biddle and Yun Sing Koh and Danielle Lottridge and Giovanni Russello},
  journal= {arXiv preprint arXiv:2202.07905},
  year   = {2022}
}

Comments

13 pages of content, 2 figures, 18 pages in total

R2 v1 2026-06-24T09:40:25.767Z