Employers now have a better picture of the characteristics that make people more susceptible to security breaches.
A new study that's scheduled to be presented at the upcoming International Human Factors and Ergonomics Society's annual meeting describes specific behavioral, cognitive and perceptual attributes of email users who are vulnerable to phishing attacks.
Specifically, the researchers found that people who are overconfident or introverted, and women, are less likely to accurately distinguish between legitimate and phishing emails. Phishing is the use of fraudulent email correspondence to obtain passwords and credit-card information, or to send viruses.
"The results showed a disconnect between confidence and actual skill, as the majority of participants were not only susceptible to attacks but also overconfident in their ability to protect themselves," said the study's author Kyung Wha Hong, a North Carolina State University Ph.D. candidate.
As part of the study, participants were given a personality survey and then asked to scan through both legitimate and phishing emails. They were instructed to delete suspicious or spam emails, leave legitimate emails as is and mark emails that required actions or responses as "important."
Hong found that although 89 percent of the participants indicated they were confident in their ability to identify malicious emails, 92 percent misclassified phishing emails. In addition, 52 percent of participants misclassified more than half of the phishing emails, and 54 percent deleted at least one authentic email.
The results revealed that women were less likely than men to correctly label phishing emails, and subjects who self-reported as "less trusting, introverts or less open to new experiences" were more likely to delete legitimate emails.
Hong said she plans to continue developing a user profile that can predict when and with whom phishing attacks are likely to be successful, in order to design effective tools to prevent and combat them.