Phishing attempts among the dark triad: Patterns of attack and vulnerability

Citation metadata

Publisher: Elsevier B.V.
Document Type: Report
Length: 322 words

Document controls

Main content

Abstract :

Keywords Phishing; Deception; Human behavior; Personality; Dark triad Highlights * We investigate the relationship between personality, phishing effort, and success. * Three traits are: Machiavellianism, narcissism, and psychopathy (dark triad). * Attackers high in Machiavellianism were more likely to put more phishing effort. * High end-user narcissism was related to greater susceptibility to phishing emails. * End-user narcissists were susceptible to emails from narcissist attackers. Abstract Phishing attacks are more common and more sophisticated than other forms of social engineering attacks. This study presents an investigation of the relationships between three personality traits--Machiavellianism, narcissism, and psychopathy (i.e., the Dark Triad)--and phishing effort, attack success, and end-user susceptibility to phishing emails. Participants were recruited in two stages. The first set of participants acted as attackers, creating phishing emails. The second set of participants acted as end-users, reading both benevolent and phishing emails and indicating their likely behavioral response to each email. Our findings suggest that attackers' Dark Triad scores relate to the effort that they put in writing a phishing email, but do not predict phishing success. Instead, it is the end-users' Dark Triad scores that predict the success of phishing emails. We found that higher levels of attacker Machiavellianism were linked to increased phishing effort, while end-user narcissism was associated to greater vulnerability when receiving phishing emails. Furthermore, our findings suggest that narcissistic end-users were marginally more susceptible to phishing emails that originated from narcissistic attackers. These results have important practical implications for training, anti-phishing tool development, and policy in organizations. Author Affiliation: (a) University of Texas at El Paso, El Paso, USA (b) Carnegie Mellon University, Pittsburgh, PA, 15213, USA * Corresponding author. Social and Decision Sciences Department Carnegie Mellon University, 5000 Forbes Ave. Porter Hall 208 Pittsburgh, PA, 15213 USA.. Article History: Received 29 March 2018; Revised 23 May 2018; Accepted 28 May 2018 Byline: Shelby R. Curtis (a), Prashanth Rajivan (b), Daniel N. Jones (a), Cleotilde Gonzalez [https://www.cmu.edu/ddmlab] (b,*)

Source Citation

Source Citation   

Gale Document Number: GALE|A547050738