Skip to main content
SpringerLink
Log in

To Click or Not to Click? Deciding to Trust or Distrust Phishing Emails

  • Conference paper
  • First Online:
Book cover Decision Support Systems X: Cognitive Decision Support Systems and Technologies (ICDSST 2020)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 384))

Included in the following conference series:

Abstract

While the email traffic is growing around the world, such questions often arise to recipients: to click or not to click? Should I trust or should I distrust? When interacting with computers or digital artefacts, individuals try to replicate interpersonal trust and distrust mechanisms in order to calibrate their trust. Such mechanisms rely on the ways individuals interpret and understand information.

Technical information systems security solutions may reduce external and technical threats; yet the academic literature as well as industrial professionals warn on the risks associated with insider threats, those coming from inside the organization and induced by legitimate users.

This article focuses on phishing emails as an unintentional insider threat. After a literature review on interpretation and knowledge management, insider threats and security, trust and distrust, we present a methodology and experimental protocol used to conduct a study with 250 participants and understand the ways they interpret, decide to trust or to distrust phishing emails. In this article, we discuss the preliminary results of this study and outline future works and directions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Aberer, K., Despotovic, Z.: Managing trust in a peer-2-peer information system. In: Proceedings of the Tenth International Conference on Information and Knowledge Management, pp. 310–317. ACM (2001)

    Google Scholar 

  2. Anderson, B., Bjornn, D., Jenkins, J., Kirwan, B., Vance, A.: Improving security message adherence through improved comprehension: neural and behavioral insights. In: 2018 Americas Conference on Information Systems (AMCIS). AIS (2018)

    Google Scholar 

  3. Arduin, P.-E.: On the use of cognitive maps to identify meaning variance. In: Zaraté, P., Kersten, G.E., Hernández, J.E. (eds.) GDN 2014. LNBIP, vol. 180, pp. 73–80. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-07179-4_8

    Chapter  Google Scholar 

  4. Arduin, P.E.: On the measurement of cooperative compatibility to predict meaning variance. In: Proceedings of IEEE International Conference on Computer Supported Cooperative Work in Design (CSCWD), Calabria, Italy, 6–8 May, pp. 42–47 (2015)

    Google Scholar 

  5. Arduin, P.E.: Insider Threats. Wiley, New York (2018)

    Book  Google Scholar 

  6. Barber, B.: The Logic and Limits of Trust. Rutgers University Press, New Brunswick (1983)

    Google Scholar 

  7. Barnhoorn, J.S., Haasnoot, E., Bocanegra, B.R., van Steenbergen, H.: QRTEngine: an easy solution for running online reaction time experiments using qualtrics. Behav. Res. Methods 47(4), 918–929 (2015). https://doi.org/10.3758/s13428-014-0530-7

    Article  Google Scholar 

  8. Bojko, A.A.: Informative or misleading? Heatmaps deconstructed. In: Jacko, J.A. (ed.) HCI 2009. LNCS, vol. 5610, pp. 30–39. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-02574-7_4

    Chapter  Google Scholar 

  9. Canohoto, A., Dibb, S., Simkin, L., Quinn, L., Analogbei, M.: Preparing for the future - how managers perceive, interpret and assess the impact of digital technologies for business. In: Proceedings of the 48th Hawaii International Conference on System Sciences, Kauai, HI (2015)

    Google Scholar 

  10. Castelfranchi, C., Falcone, R.: Trust is much more than subjective probability: mental components and sources of trust. In: Proceedings of the 33th Hawaii International Conference on System Sciences, Piscataway, NJ (2000)

    Google Scholar 

  11. Costé, B., Ray, C., Coatrieux, G.: Trust assessment for the security of information systems. In: Pinaud, B., Guillet, F., Gandon, F., Largeron, C. (eds.) Advances in Knowledge Discovery and Management. SCI, vol. 834, pp. 159–181. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-18129-1_8

    Chapter  Google Scholar 

  12. Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M., Baskerville, R.: Future directions for behavioral information security research. Comput. Secur. 32, 90–101 (2013)

    Article  Google Scholar 

  13. Deutsch, M.: Trust and suspicion. J. Conflict Resolut. 2(4), 265–279 (1958)

    Article  Google Scholar 

  14. Felt, A.P., et al.: Improving SSL warnings: comprehension and adherence. In: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, pp. 2893–2902. ACM (2015)

    Google Scholar 

  15. Guo, K., Yuan, Y., Archer, N., Connely, C.: Understanding nonmalicious security violations in the workplace: a composite behavior model. J. Manag. Inf. Syst. 28(2), 203–236 (2011)

    Article  Google Scholar 

  16. Hancock, P.A., Billings, D.R., Schaefer, K.E., Chen, J.Y., De Visser, E.J., Parasuraman, R.: A meta-analysis of factors affecting trust in human-robot interaction. Hum. Factors 53(5), 517–527 (2011)

    Article  Google Scholar 

  17. Hansen, J.V., Lowry, P.B., Meservy, R.D., McDonald, D.M.: Genetic programming for prevention of cyberterrorism through dynamic and evolving intrusion detection. Decis. Support Syst. 43(4), 1362–1374 (2007)

    Article  Google Scholar 

  18. Hasselbring, W., Reussner, R.: Toward trustworthy software systems. Computer 39(4), 91–92 (2006)

    Article  Google Scholar 

  19. Hornung, B.: Constructing sociology from first order cybernetics: basic concepts for a sociocybernetic analysis of information society. In: Proceedings of the 4th Conference of Sociocybernetics, Corfu, Greece (2009)

    Google Scholar 

  20. Hu, Q., Dinev, T., Hart, P., Cooke, D.: Managing employee compliance with information security policies: the critical role of top management and organizational culture. Decis. Sci. 43(4), 615–660 (2012)

    Article  Google Scholar 

  21. Hurley, R.: The decision to trust. Harvard Bus. Rev. 84, 55–62 (2006)

    Google Scholar 

  22. ISO/IEC: ISO/IEC 27001, information security management. Technical report (2013)

    Google Scholar 

  23. Jones, N., Ross, H., Lynam, T., Perez, P., Leitch, A.: Mental models: an interdisciplinary synthesis of theory and methods. Ecol. Soc. 16(1), 46 (2011)

    Article  Google Scholar 

  24. Kramer, R.M.: Trust and distrust in organizations: emerging perspectives, enduring questions. Annu. Rev. Psychol. 50(1), 569–598 (1999)

    Article  Google Scholar 

  25. Kuhn, T.: Reflections on my critics. In: Criticism and the Growth of Knowledge. Cambridge University Press (1970)

    Google Scholar 

  26. Lamsal, P.: Understanding trust and security. Department of Computer Science, University of Helsinki, Finland (2001)

    Google Scholar 

  27. Lane, C., Bachmann, R., Bachmann, L.: Trust Within and Between Organizations: Conceptual Issues and Empirical Applications. Oxford University Press, Oxford (1998)

    Google Scholar 

  28. Lavion, D.: PwC’s global economic crime and fraud survey 2018. Technical report (2018)

    Google Scholar 

  29. Leach, J.: Improving user security behaviour. Comput. Secur. 22(8), 685–692 (2003)

    Article  Google Scholar 

  30. Lee, J.D., See, K.A.: Trust in automation: designing for appropriate reliance. Hum. Factors 46(1), 50–80 (2004)

    Article  Google Scholar 

  31. Lewicki, R.J., Bunker, B.B.: Developing and maintaining trust in work relationships. In: Trust in Organizations: Frontiers of Theory and Research, pp. 114–139 (1996)

    Google Scholar 

  32. Lewicki, R.J., Mc Allister, D.J., Bies, R.J.: Trust and distrust: new relationships and realities. Acad. Manag. Rev. 23(3), 438–458 (1998)

    Article  Google Scholar 

  33. Lewis, J.D., Weigert, A.: Trust as a social reality. Soc. Forces 63(4), 967–985 (1985)

    Article  Google Scholar 

  34. Li, X., Hess, T.J., Valacich, J.S.: Why do we trust new technology? A study of initial trust formation with organizational information systems. J. Strateg. Inf. Syst. 17(1), 39–71 (2008)

    Article  Google Scholar 

  35. Loch, K.D., Carr, H.H., Warkentin, M.E.: Threats to information systems: today’s reality, yesterday’s understanding. MIS Q. 16, 173–186 (1992)

    Article  Google Scholar 

  36. Luhmann, N.: Trust and Power. Wiley, Chichester (1979)

    Google Scholar 

  37. Luhmann, N.: Familiarity, confidence, trust: problems and alternatives. Trust: Making Breaking Coop. Relat. 6, 94–107 (2000)

    Google Scholar 

  38. Mayer, R.C., Davis, J.H., Schoorman, F.D.: An integrative model of organizational trust. Acad. Manag. Rev. 20(3), 709–734 (1995)

    Article  Google Scholar 

  39. Mc Knight, D.H., Carter, M., Thatcher, J.B., Clay, P.F.: Trust in a specific technology: an investigation of its components and measures. ACM Trans. Manag. Inf. Syst. (TMIS) 2(2), 12 (2011)

    Google Scholar 

  40. McKnight, D.H., Chervany, N.L.: Trust and distrust definitions: one bite at a time. In: Falcone, R., Singh, M., Tan, Y.-H. (eds.) Trust in Cyber-societies. LNCS (LNAI), vol. 2246, pp. 27–54. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45547-7_3

  41. McKnight, D.H., Chervany, N.L.: Handbook of Trust Research, pp. 29–51 (2006)

    Google Scholar 

  42. Mitnick, K., Simon, W.: The Art of Deception: Controlling the Human Element of Security. Wiley, New York (2003)

    Google Scholar 

  43. Morgan, S.: Cybercrime damages \$ 6 trillion by 2021. Technical report (2016)

    Google Scholar 

  44. Muir, B.M.: Trust between humans and machines, and the design of decision aids. Int. J. Man Mach. Stud. 27(5–6), 527–539 (1987)

    Article  Google Scholar 

  45. Muir, B.M.: Trust in automation: part i. Theoretical issues in the study of trust and human intervention in automated systems. Ergonomics 37(11), 1905–1922 (1994)

    Article  Google Scholar 

  46. Ayuso, P.N., Gasca, R.M., Lefevre, L.: FT-FW: a cluster-based fault-tolerant architecture for stateful firewalls. Comput. Secur. 31, 524–539 (2012)

    Article  Google Scholar 

  47. Numan, J.: Knowledge-based systems as companions. Trust, human computer interaction and complex systems. Ph.D. thesis, Groningen, NL (1998)

    Google Scholar 

  48. Offor, P.I.: Managing risk in secure system: antecedents to system engineers’ trust assumptions decisions. In: 2013 International Conference on Social Computing (SocialCom), pp. 478–485. IEEE (2013)

    Google Scholar 

  49. Polanyi, M.: Personal Knowledge: Towards a Post Critical Philosophy. Routledge, London (1958)

    Google Scholar 

  50. Polanyi, M.: Sense-giving and sense-reading. Philos.: J. Roy. Inst. Philos. 42(162), 301–323 (1967)

    Google Scholar 

  51. Rajaonah, B.: A view of trust and information system security under the perspective of critical infrastructure protection. Ingénierie des Systèmes d’Information 22(1), 109 (2017)

    Article  Google Scholar 

  52. Rath, J., Ischi, M., Perkins, D.: Evolution of different dual-use concepts in international and national law and its implications on research ethics and governance. Sci. Eng. Ethics 20(3), 769–790 (2014)

    Article  Google Scholar 

  53. Ruotsalainen, P., Nykänen, P., Seppälä, A., Blobel, B.: Trust-based information system architecture for personal wellness. In: MIE, pp. 136–140 (2014)

    Google Scholar 

  54. Sasse, M.A., Brostoff, S., Weirich, D.: Transforming the ‘weakest link’—a human/computer interaction approach to usable and effective security. BT Technol. J. 19(3), 122–131 (2001)

    Article  Google Scholar 

  55. Schaefer, K.E., Chen, J.Y., Szalma, J.L., Hancock, P.A.: A meta-analysis of factors influencing the development of trust in automation: implications for understanding autonomy in future systems. Hum. Factors 58(3), 377–400 (2016)

    Article  Google Scholar 

  56. Schneier, B.: The process of security. Inf. Secur. 3(4), 32 (2000)

    Google Scholar 

  57. Schoorman, F.D., Mayer, R.C., Davis, J.H.: An integrative model of organizational trust: past, present, and future. Acad. Manag. Rev. 32(2), 344–354 (2007)

    Article  Google Scholar 

  58. Shropshire, J.: A canonical analysis of intentional information security breaches by insiders. Inf. Manag. Comput. Secur. 17(4), 221–234 (2009)

    Article  Google Scholar 

  59. Stanton, J., Stam, K., Mastrangelo, P., Jolton, J.: Analysis of end user security behaviors. Comput. Secur. 24(2), 124–133 (2005)

    Article  Google Scholar 

  60. Swamynathan, G., Zhao, B.Y., Almeroth, K.C.: Decoupling service and feedback trust in a peer-to-peer reputation system. In: Chen, G., Pan, Y., Guo, M., Lu, J. (eds.) ISPA 2005. LNCS, vol. 3759, pp. 82–90. Springer, Heidelberg (2005). https://doi.org/10.1007/11576259_10

    Chapter  Google Scholar 

  61. Sztompka, P.: Trust: A Sociological Theory. Cambridge Cultural Social Studies. Cambridge University Press, Cambridge (1999)

    Google Scholar 

  62. Truong, N.B., Um, T.W., Lee, G.M.: A reputation and knowledge based trust service platform for trustworthy social internet of things. In: Innovations in Clouds, Internet and Networks (ICIN), Paris, France (2016)

    Google Scholar 

  63. Tsuchiya, S.: Improving knowledge creation ability through organizational learning. In: ISMICK 1993: Proceedings of the International Symposium on the Management of Industrial and Corporate Knowledge, pp. 87–95 (1993)

    Google Scholar 

  64. Vroom, C., Von Solms, R.: Towards information security behavioural compliance. Comput. Secur. 23(3), 191–198 (2004)

    Article  Google Scholar 

  65. Warkentin, M., Willison, R.: Behavioral and policy issues in information systems security: the insider threat. Eur. J. Inf. Syst. 18(2), 101–105 (2009)

    Article  Google Scholar 

  66. Willison, R., Warkentin, M.: Beyond deterrence: an expanded view of employee computer abuse. MIS Q. 37(1), 1–20 (2013)

    Article  Google Scholar 

  67. Yamakawa, Y., Naito, E.: From physical brain to social brain. In: Cognitive Maps. InTech (2010)

    Google Scholar 

  68. Zhi-Jun, W., Hai-Tao, Z., Ming-Hua, W., Bao-Song, P.: MSABMS-based approach of detecting LDoS attack. Comput. Secur. 31(4), 402–417 (2012)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Université Paris-Dauphine, PSL, DRM UMR CNRS 7088, Place du Maréchal de Lattre de Tassigny, 75775, Paris Cedex 16, France

    Pierre-Emmanuel Arduin

Authors
  1. Pierre-Emmanuel Arduin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Pierre-Emmanuel Arduin .

Editor information

Editors and Affiliations

  1. University of Zaragoza, Zaragoza, Spain

    José María Moreno-Jiménez

  2. University of Namur, Namur, Belgium

    Isabelle Linden

  3. SimTech Simulation Technology, Graz, Austria

    Fatima Dargam

  4. Loughborough University, Loughborough, UK

    Uchitha Jayawickrama

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Arduin, PE. (2020). To Click or Not to Click? Deciding to Trust or Distrust Phishing Emails. In: Moreno-Jiménez, J., Linden, I., Dargam, F., Jayawickrama, U. (eds) Decision Support Systems X: Cognitive Decision Support Systems and Technologies. ICDSST 2020. Lecture Notes in Business Information Processing, vol 384. Springer, Cham. https://doi.org/10.1007/978-3-030-46224-6_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-46224-6_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-46223-9

  • Online ISBN: 978-3-030-46224-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation