Abstract
Deceptive communication through phishing is becoming more pervasive with the spread of ubiquitous computing. Yet, phishing has not been widely understood or studied even when such practices cost organizations millions of dollars each year. This manuscript tests Grazioli’s Theory of Deception as an explanation for the process utilized to detect phishing attempts. In order to test the detection model, the paper phished 446 subjects for confidential information. The results consist of a structural model tested to determine experiential and dispositional characteristics of deception detectors. Subsequently, the authors interviewed the detectors and elicited a rich account of how the subjects processed and formed a correct behavioral decision upon receiving the phishing email. These interviews provided additional insight toward the specific processes of successful deception detectors used upon the receipt of a phishing email. The results from both the statistical testing and the interview data analysis confirmed and added to the Model of Deception Detection.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Anti-Phishing Working Group (2006) Phishing Activity Trends Report. Anti-Phishing Working Group, www.antiphishing.org(30 Jan 2006)
Buller D, Burgoon JK (1996) Interpersonal deception theory. Commun Theory 6(3): 203–242
Cheng P, Holoyoak K (1985) Pragmatic reasoning schemas. Cogn Psychol 17: 391–416
Chin WW (1998) Issues and opinion on structural equation modeling. Manag Inform Syst Q 22(1): vii–xvi
Compeau DR, Higgins CA (1995) Application of social cognitive theory to training for computer skills. Inform Syst Res 6(2): 118–143
Dhamija R, Tygar JD, Hearst M (2006) Why Phishing Works. Computer human interaction conference Montreal, QB, Canada, 2006, pp 581–90
Dinev T, Hart P (2006) Internet privacy concerns and social awareness as determinants of intention to transact. Int J Elec Comm 10(2): 7–29
Ekman P (1992) Telling lies: clues to deceit in the marketplace, politics and marriage. W. W. Norton and Company, New York, NY
Emm D (2006) Phishing update, and how to avoid getting hooked. Netw Sec 8: 13–15
Everard A, Galletta DF (2006) How presentation flaws affect perceived site quality, trust, and intention to purchase from an online store. J Manag Inform Syst 22(3): 55–96
Fornell C, Larcker DF (1981) Evaluating structural equations models with unobservable variables and measurement error. J Mark Res 18(1): 39–50
Gefen D, Straub D, Boudreau M (2000) Structural equation modeling and regression: guidelines for research practice. Commun Assoc Inform Syst 4(7): 1–77
George JF, Carlson JR (1999) Group support systems and deceptive communications. 32nd Hawaii international conference on system science, Hawaii, 1999, pp 1–10
Gosling SD, Rentfrow PJ, Swann WB Jr (2003) A very brief measure of the big five personality domains. J Res Pers 37: 504–528
Grazioli S (2004) Where did they go wrong? An analysis of the failure of knowledgeable internet consumers to detect deception over the internet. Gr Dec Negot 13: 149–172
Grazioli S, Jarvenpaa S (2000) Perils of internet fraud: an empirical investigation of deception and trust with experienced internet consumers. IEEE Transac Syst Man Cybern 30(4): 395–410
Grazioli S, Jarvenpaa S (2003) Decieved: under target online. Commun ACM 46(12): 196–205
Hyman R (1989) The psychology of deception. Ann Rev Psychol 40: 133–154
Jagatic TN, Johnson NA, Jakobsson M, Menczer F (2007) Social phishing. Commun ACM 50(10): 94–100
Jarvenpaa SL, Tractinsky N, Saarinen L (2000) Consumer trust in an Internet store: a cross-cultural validation. J Comp Med Commun 5(2)
Jessup L, Valacich J (2005) Information systems today, 2nd edn. Pearson Prentice Hall, Upper Saddle River, NJ
Johnson P, Grazioli S, Jamal K (1993) Fraud detection: intentionality and deception in cognition. Accoun Organ Soc 18(5): 467–488
Johnson PE, Grazioli S, Jamal K, Berryman RG (2001) Detecting deception: adversarial problem solving in a low base-rate world. Cogn Sci 25: 355–392
Kline T (2005) Psychological testing: a practical approach to design and evaluation, 1st edn. Sage Publications, London
Liu W, Deng X, Huang G, Fu AY (2006) An antiphishing strategy based on visual similarity assessment. IEEE Internet Comput 10(2): 58–65
Malhotra NK, Kim SS, Agarwal J (2004) Internet users’ information privacy concerns (IUIPC): the construct, the scale, and a causal model. Inform Syst Res 15(4): 336–355
McKnight DH, Kacmar C, Choudhury V (2003) Whoops—did i use the wrong construct to predict e-commerce trust? Modeling the risk-related effects of trust versus distrust concepts. Proceeding of the thirty-sixth Hawaii international conference on social systems, 2003
Miller GR, Stiff JB (1993) Deceptive communication. Sage Publications, London
Mitnick KD, Simon W (2005) The art of intrusion. Wiley Publishing, Inc., Indianapolis, ID
Nunnally JC, Bernstein IH (1994) Psychometric theory, 3rd edn. McGraw-Hill, Inc., New York
Sarker S, Lau F, Sahay S (2001) Using an adapted grounded theory approach for inductive theory building about virtual team development. Database Adv Inform Syst 32(1): 38
Segars AH (1997) Assessing the unidimensionality of measurement: a paradigm and illustration within the context of information systems research. Omega 25(1): 107–121
Strauss AL, Corbin JM (1990) Basics of qualitative research: grounded theory procedures and techniques. Sage, Newbury Park
Vasek ME (1986) Lying as a skill: the development of deception in children. In: Mitchell RW(eds) Deception, perspectives on human and non-human deceit. State University of New York Publishing, New York, NY
Wu M, Miller RC, Garfinkel SL (2006) Do security toolbars actually prevent phishing attacks? Computer human interaction conference Montreal, QB, Canada, 2006
Zhou L, Burgoon JK, Twitchell DP, Qin T et al (2004) A comparison of classification methods for predicting deception in computer-mediated communication. J Manag Inform Syst 20(4): 139–166
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Wright, R., Chakraborty, S., Basoglu, A. et al. Where Did They Go Right? Understanding the Deception in Phishing Communications. Group Decis Negot 19, 391–416 (2010). https://doi.org/10.1007/s10726-009-9167-9
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10726-009-9167-9