Exploring Susceptibility to Phishing: the Cognitive Reflection Test and Other Possible Predictors

Publication details

  • Journal: Proceedings of the Annual Hawaii International Conference on System Sciences (HICSS), vol. 57, p. 4754–4763, 2024
  • International Standard Numbers:
    • Printed: 1530-1605
    • Electronic: 2572-6862
  • Link:

The research objective of this study was to investigate factors contributing to phishing susceptibility, expanding on findings from previous studies. We report results based on five, large-scale surveys of national populations from which we collected data about cognitive strategies using the Cognitive Reflection Test (CRT), privacy attitudes, data disclosure behaviors, and demographic variables. We used binary logistic regression to analyze the relationship between these factors and susceptibility to phishing attacks. We found that willingness to share personal data and CRT scores significantly predicted phishing susceptibility. Younger people were somewhat more susceptible than older age-groups. as were males than females. Importantly, these findings suggest that phishing susceptibility is not simply a function of cognitive ability, but also of individual differences in privacy attitudes and data disclosure behaviors. Their credibility is enhanced by the use of five large-scale studies with national populations, unlike earlier studies primarily relying on smaller-scale student populations.