Understanding phishing email processing and perceived trustworthiness through eye tracking

McAlaney, J and Hills, P.J (2020) 'Understanding phishing email processing and perceived trustworthiness through eye tracking.' Frontiers in Psychology, 11. e1756. ISSN 1664-1078

15637.pdf - Published Version
CC BY 4.0.

Download (3MB) | Preview
Official URL: https://doi.org/10.3389/fpsyg.2020.01756


Social engineering attacks in the form of phishing emails represent one of the biggest risks to cybersecurity. There is a lack of research on how the common elements of phishing emails, such as the presence of misspellings and the use of urgency and threatening language, influences how the email is processed and judged by individuals. Eye tracking technology may provide insight into this. In this exploratory study a sample of 22 participants viewed a series of emails with or without indicators associated with phishing emails, whilst their eye movements were recorded using a SMI RED 500 eye-tracker. Participants were also asked to give a numerical rating of how trustworthy they deemed each email to be. Overall, it was found that participants looked more frequently at the indicators associated with phishing than would be expected by chance but spent less overall time viewing these elements than would be expected by chance. The emails that included indicators associated with phishing were rated as less trustworthy on average, with the presence of misspellings or threatening language being associated with the lowest trustworthiness ratings. In addition, it was noted that phishing indicators relating to threatening language or urgency were viewed before misspellings. However, there was no significant interaction between the trustworthiness ratings of the emails and the amount of scanning time for phishing indicators within the emails. These results suggest that there is a complex relationship between the presence of indicators associated with phishing within an email and how trustworthy that email is judged to be. This study also demonstrates that eye tracking technology is a feasible method with which to identify and record how phishing emails are processed visually by individuals, which may contribute toward the design of future mitigation approaches.

Item Type: Article
UN SDGs: Goal 16: Peace, Justice and Strong Institutions
Keywords: phishing, eye tracking, social engineering, cybersecurity, email
Divisions: School of Sciences
Identification Number: https://doi.org/10.3389/fpsyg.2020.01756
Date Deposited: 08 Aug 2023 15:54
Last Modified: 08 Aug 2023 15:54
URI / Page ID: https://researchspace.bathspa.ac.uk/id/eprint/15637
Request a change to this item or report an issue Request a change to this item or report an issue
Update item (repository staff only) Update item (repository staff only)