Predicting personal susceptibility to phishing

Phishing is a con!dence trick with damaging impacts on both
individuals and society as a whole. In this paper, we examine the possible role of
thinking styles, as assessed by the Cognitive Reflection Test (CRT), and other
factors to predict personal susceptibility to phishes. We report the results of two AQ1 large-scale national studies conducted on cross-sectional populations in Norway.
Using a binary logistic regression method, we analyzed the relationship between CRT scores, willingness to share data and demographical variables, to suscep- tibility to comply with phishes. Our main !nding was that both an intuitive thinking style, as operationalized by the CRT scores, and willingness to share personal, signi!cantly predict the probability of falling for phishing. As these results are based on two large-scale studies of national populations, they can be expected to have greater validity than earlier studies. The !nding that CRT scores and other personal characteristics can predict the likelihood of falling for phishing suggests methods of pre-emptive testing of individuals as part of pri- vate and organizational strategies for encouraging improved resistance to phishing and other forms of personal data theft.