An Examination of the Relationship between Cognitive Ability and Susceptibility to Phishing Scams

Rose Shearstone. 2014

Phishing is the act of sending emails to target individuals from an illegitimate source, with the aim of gaining personal information (Furnell, 2007). Previous research has found individuals with higher intelligence to be less likely to become victims of these attacks (Lui et al, 2011). This research aimed to investigate the impact of an individual’s cognitive ability; a form of intelligence, on whether they are susceptible to phishing scams. Fifty participants performed a CRT (Cognitive Reflection Test) which assessed their reason & decision making ability. This research was the first in the literature to send mock phishing scams to students which aimed to correlate responses with performance on the CRT. Students received one of two phishing emails; either a competition for their UCAS personal statement or an opportunity to be involved in a photo shoot for a magazine, these asked for a reply and confirmation their bank name. There was no relationship between the score on the CRT and the likelihood of participants responding. Lower CRT scores were not a predictor of participants responding to the UCAS email. The type of email sent produced a significant difference in the results; a higher amount of responses were gained from those that were sent the UCAS than the magazine email. Previous research supports this finding as the source of the email was perceived as more authoritative due to UCAS being a recognised organisation by students, hence students perceiving the email to be legitimate (Stanjano & Wilson, 2011).