Do Users Focus on the Correct Cues to Differentiate Between Phishing and Genuine Emails?
This research addresses the problem of improving email security training for users by identifying mismatches between actual and perceived phishing cues.
The study investigated the cues that distinguish phishing from genuine emails, finding that participants often rely on ineffective indicators like legal disclaimers and visual quality, while effective cues include message consistency and sender legitimacy.
This paper examines the cues that typically differentiate phishing emails from genuine emails. The research is conducted in two stages. In the first stage, we identify the cues that actually differentiate between phishing and genuine emails. These are the consistency and personalisation of the message, the perceived legitimacy of links and sender, and the presence of spelling or grammatical irregularities. In the second stage, we identify the cues that participants use to differentiate between phishing and genuine emails. This revealed that participants often use cues that are not good indicators of whether an email is phishing or genuine. This includes the presence of legal disclaimers, the quality of visual presentation, and the positive consequences emphasised in the email. This study has implications for education and training and provides a basis for the design and development of targeted and more relevant training and risk communication strategies.