TY - JOUR
T1 - Phishing suspiciousness in older and younger adults
T2 - The role of executive functioning
AU - Gavett, Brandon E.
AU - Zhao, Rui
AU - John, Samantha E.
AU - Bussell, Cara A.
AU - Roberts, Jennifer R.
AU - Yue, Chuan
N1 - Publisher Copyright:
© 2017 Gavett et al. This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.
PY - 2017/2
Y1 - 2017/2
N2 - Phishing is the spoofing of Internet websites or emails aimed at tricking users into entering sensitive information, with such goals as financial or identity theft. The current study sought to determine whether age is associated with increased susceptibility to phishing and whether tests of executive functioning can predict phishing susceptibility. A total of 193 cognitively intact participants, 91 younger adults and 102 older adults, were primarily recruited through a Psychology department undergraduate subject pool and a gerontology research registry, respectively. The Executive Functions Module from the Neuropsychological Assessment Battery and the Iowa Gambling Task were the primary cognitive predictors of reported phishing suspiciousness. Other predictors included age group (older vs. younger), sex, education, race, ethnicity, prior knowledge of phishing, prior susceptibility to phishing, and whether or not browsing behaviors were reportedly different in the laboratory setting versus at home. A logistic regression, which accounted for a 22.7% reduction in error variance compared to the null model and predicted phishing suspiciousness with 73.1% (95% CI [66.0, 80.3]) accuracy, revealed three statistically significant predictors: the main effect of education (b = 0.58, SE = 0.27) and the interactions of age group with prior awareness of phishing (b = 2.31, SE = 1.12) and performance on the Neuropsychological Assessment Battery Mazes test (b = 0.16, SE = 0.07). Whether or not older adults reported being suspicious of the phishing attacks used in this study was partially explained by educational history and prior phishing knowledge. This suggests that simple educational interventions may be effective in reducing phishing vulnerability. Although one test of executive functioning was found useful for identifying those at risk of phishing susceptibility, four tests were not found to be useful; these results speak to the need for more ecologically valid tools in clinical neuropsychology.
AB - Phishing is the spoofing of Internet websites or emails aimed at tricking users into entering sensitive information, with such goals as financial or identity theft. The current study sought to determine whether age is associated with increased susceptibility to phishing and whether tests of executive functioning can predict phishing susceptibility. A total of 193 cognitively intact participants, 91 younger adults and 102 older adults, were primarily recruited through a Psychology department undergraduate subject pool and a gerontology research registry, respectively. The Executive Functions Module from the Neuropsychological Assessment Battery and the Iowa Gambling Task were the primary cognitive predictors of reported phishing suspiciousness. Other predictors included age group (older vs. younger), sex, education, race, ethnicity, prior knowledge of phishing, prior susceptibility to phishing, and whether or not browsing behaviors were reportedly different in the laboratory setting versus at home. A logistic regression, which accounted for a 22.7% reduction in error variance compared to the null model and predicted phishing suspiciousness with 73.1% (95% CI [66.0, 80.3]) accuracy, revealed three statistically significant predictors: the main effect of education (b = 0.58, SE = 0.27) and the interactions of age group with prior awareness of phishing (b = 2.31, SE = 1.12) and performance on the Neuropsychological Assessment Battery Mazes test (b = 0.16, SE = 0.07). Whether or not older adults reported being suspicious of the phishing attacks used in this study was partially explained by educational history and prior phishing knowledge. This suggests that simple educational interventions may be effective in reducing phishing vulnerability. Although one test of executive functioning was found useful for identifying those at risk of phishing susceptibility, four tests were not found to be useful; these results speak to the need for more ecologically valid tools in clinical neuropsychology.
UR - http://www.scopus.com/inward/record.url?scp=85011357410&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85011357410&partnerID=8YFLogxK
U2 - 10.1371/journal.pone.0171620
DO - 10.1371/journal.pone.0171620
M3 - Article
C2 - 28158316
AN - SCOPUS:85011357410
VL - 12
JO - PLoS One
JF - PLoS One
SN - 1932-6203
IS - 2
M1 - e0171620
ER -