@article{lawson_pearson_crowson_mayhorn_2020, title={Email phishing and signal detection: How persuasion principles and personality influence response patterns and accuracy}, volume={86}, ISSN={["1872-9126"]}, DOI={10.1016/j.apergo.2020.103084}, abstractNote={Phishing is a social engineering tactic where a malicious actor impersonates a trustworthy third party with the intention of tricking the user into divulging sensitive information. Previous social engineering research in a real-world setting has shown an interaction between the personality of the target and the persuasion principle used. This study investigated whether this interaction is present in the realm of email phishing. Additionally, a signal detection theory framework was used to evaluate how the various persuasion principles influence accuracy, sensitivity (d'), and response criterion placement. A personality inventory and an email identification task (phishing or legitimate) were used. These data support previous findings that high extroversion is predictive of increased susceptibility to phishing attacks. The various persuasions principles elicited diverse response criterions and sensitivities, though all investigated persuasion principles resulted in a liberal decision criterion, except one. These findings are interpreted and discussed.}, journal={APPLIED ERGONOMICS}, publisher={Elsevier BV}, author={Lawson, Patrick and Pearson, Carl J. and Crowson, Aaron and Mayhorn, Christopher B.}, year={2020}, month={Jul} } @article{lawson_crowson_mayhorn_2019, title={Baiting the Hook: Exploring the Interaction of Personality and Persuasion Tactics in Email Phishing Attacks}, volume={822}, ISBN={["978-3-319-96076-0"]}, ISSN={["2194-5365"]}, DOI={10.1007/978-3-319-96077-7_42}, abstractNote={Phishing is a social engineering tactic where a malicious actor impersonates a trustworthy third party with the intention of tricking the user into divulging sensitive information. Previous social engineering research has shown an interaction between personality and the persuasion principle used to generate non-electronic messages. This study investigates whether this interaction is present in the realm of email phishing. To investigate this, we used a personality inventory and an email identification task (phishing or legitimate). Our data confirms previous findings that high extroversion is predictive of increased susceptibility to phishing attacks. However, extraversion was also found to be associated with increased susceptibility to phishing emails that utilize specific persuasion principles such as liking. Findings are discussed in terms of potential approaches to anti-phishing interventions within organizations.}, journal={PROCEEDINGS OF THE 20TH CONGRESS OF THE INTERNATIONAL ERGONOMICS ASSOCIATION (IEA 2018), VOL V: HUMAN SIMULATION AND VIRTUAL ENVIRONMENTS, WORK WITH COMPUTING SYSTEMS (WWCS), PROCESS CONTROL}, author={Lawson, Patrick A. and Crowson, Aaron D. and Mayhorn, Christopher B.}, year={2019}, pages={401–406} }