Amelia Wood's

Page 1

Abstract ▪ This Project investigates Email Phishing and a person's susceptibility to falling for a phishing email ▪ Looking at if an individual's personality effects their susceptibility ▪ Focusing on sociodemographic factors playing a part in a person's susceptibility. These include Age, Gender, Occupation and Education. ▪ Participants took part in two questionnaires, one testing their knowledge of phishing emails and one being a personality test. ▪ Participants were told to look out for an email about a third questionnaire, but this is when they would be sent a phishing email. ▪ Different phishing emails were sent to participants depending on their knowledge level ▪ 69.77% of people fell for the phishing email


Project aim and research question Proposed Research Question – “Investigating how Personality and sociodemographic factors relate to susceptibility of email phishing?” Project Aim – “To investigate and understand how personality, education, occupation, age and gender influence how easy it is to become a victim of phishing”


Design Questionnaire 1 design▪ The first step in the study focused on observing participants performances in the first questionnaire to see if the results show their knowledge level being higher before or after they had answered the questions. ▪ First, the participants were shown 8 pictures of phishing emails and 5 pictures of legitimate emails, they had to go through all 13 and select whether it was a phishing email or legitimate email. ▪ Secondly, they then had to answer 20 questions on the topic of phishing emails. ▪ There were 5 basic knowledge questions, 5 moderate knowledge questions and 5 advanced knowledge questions. ▪ This questionnaire was used to determine which phishing email participants would receive later on in the study. ▪ It was important that participants would be able to feel the different difficulty levels within the questions.

Questionnaire 2 design – ▪ The second questionnaire focused on personality looking at the Myers Briggs Type Indicator model. ▪ This looks at giving people a personality type out of 16 possible types after they have finished answering personality related questions. Every participant who takes part in the test will end up with 4 personality preferences out of 8. ▪ A participant will either be extraverted or introverted, thinking or feeling, Judging or perceiving, and intuition or sensing. Every person will end up leaning towards one side . ▪ For each of the pairs there were 5 questions for each polar opposite in them meaning that all together there were 40 questions all together. ▪ These questions would then contribute to finding each person’s individual personality and knowing what their core character was which is their strongest trait


Design Website design ▪ I created my own website which was used to host both questionnaires and to also hold all the data ▪ The first website was basic it had a log in form for participants, was styled using CSS and always included lots of information to the user

Legitimate email ▪ The original email domain used to send out the questionnaires to participants was wood.l.amelia@gmail.com

Phishing email design ▪ The phishing email sent was impersonating me. It informed participants that they had not completed this week's questionnaire and to click on the link in the email, there was not a questionnaire sent out that week. This was a giveaway sign that this was not a legitimate email.

▪ All the emails were designed to create a sense of urgency, they were all different in layout with obvious phishing ques for the basic knowledge email and a more difficult to spot phishing email for advance knowledge. ▪ The basic knowledge phishing email was sent using a new email domain almawoodie@gmail.com. ▪ The moderate and advance knowledge emails were sent from a new email domain wood.l.2.amelia@gmail.com.

Phishing website design ▪ The website was bare and only had the log in form, was missing CSS styling and had no information presented to the user ▪ If participants logged into the phishing website this was counted as them falling for the phishing email


Questionnaire 1 Results 51 participants took part in questionnaire 1; At the beginning of the questionnaire everyone was asked how much knowledge they thought they had around phishing emails ▪ 56.86% of participants said they had basic knowledge ▪ 35.30% of participants said they had moderate knowledge ▪ 5.88% of participants said they had advance knowledge

▪ 1.96% of participants said they had no knowledge Overall, out of the people who fell for the phishing email ▪ 76.65% had moderate knowledge

▪ 13.34% had Advance Knowledge ▪ 10.01% had basic knowledge


Questionnaire 2 results 43 participants took part in questionnaire 2; ▪ Out of the possible 16 personality types, the participants covered 15 of the personality types. ▪ Overall, 48.84% of participants had the preference introverted, 33.33% of these were male and 66.67% of these were female. ▪ 51.16% of participants had the preference extraverted, 59.10% of those were male and 40.90% of those were female.

▪ Overall, 41.86% of participants had the preference intuition, 55.56% of these were female and 44.44% were males. ▪ 58.14% of participants had the preference sensing, 60% of these were female and 40% of these were males. ▪ 59.53% of participants had the preference thinking, 23.53% of these were females and 76.47% of these were males.

▪ 60.47% of participants had the preference feeling, 76.92% of those were females and 23.08% of these were males. ▪ 46.51% of participants had the preference judging, 55% of those were female and 45% of those were male. ▪ 53.48% of participants had the preference perceiving, 56.52% of those were females and 43.48% were males.


Phishing Email Results Out of the 43 people that received the phishing email 30 (69.77%) people fell for it 36.66% were males and 63.34% were females.

▪ The age that was the most susceptible was 46-55 with 83.33% falling for the phish, 56+ with 75% and 18-25 with 63.63%. ▪ The education level that was most susceptible was college certificate with 100% along with Postgraduate and GCSE also being 100%. O-level was 66.66%, Undergraduate 42.85% was and ALevel was 64%.

▪ The Occupation that was the most susceptible was IT with 100% and Retired 100%. Public sector 66.66%, food service 66.66%, 62.5% other and university students with 60.86%. The most susceptible personality type overall was ISFJ (introverted, sensing, feeling and judging). ISFJ core characteristics are introvert and sensing. There were 5 females in this group and they all fell for the phishing email. A strength of ISFJ is that they’re observant but in this case they were not observant enough to spot all the signs of the phishing email.


Conclusion ▪ The results show that in this study that personality does have an effect on an individual’s susceptibility to email phishing. ▪ This study shows gender does influence how susceptible an individual is to the scam. ▪ These results show age does make an individual more susceptible to a phishing email. ▪ In this study I do not think that occupation had a direct effect on the persons susceptibility. This is because the most susceptible occupation was IT. The participants with this occupation were all male. Therefore, they should have been less susceptible according to my results around gender. ▪ I do not believe that in this study education level had a direct effect on a participant’s susceptibility. This can be linked to the fact that participants educational level was not centered around them having taken an IT related subject. Future research could be done focusing on participants who study IT related subjects at different educational levels. More education needs to be given at school, college, university and in workplaces around phishing and similar scams. It is important that people from all walks of life have a chance to be safe from scams. This project shows that no matter how knowledgeable someone thinks they are when it comes to phishing emails and online scams you can still become a victim


Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.