Impact of Emotions on User Behavior Toward Phishing Emails

Abstract

Ensuring information security means not only improving the technical controls of business data confidentiality and integrity but also managing the human factor. One of the key user weaknesses is considered to be their susceptibility to emotional manipulation exploited by cybercriminals to trick their victims into taking an insecure action. Phishing emails are the easiest and most widespread form of cyberattacks. In this article, we study the correlation between the emotions users have when they receive phishing emails and their further behavior toward those emails. The research consists of two phases: self-reflection survey, when respondents assess their emotions and behavior toward presented emails (1), and field study, when respondents are sent simulated phishing email attacks, recording all actions taken after receiving such emails (2). The research has confirmed the importance of emotions as one of the key factors affecting user behavior toward phishing emails. Moreover, we have found that the range of emotions makes no difference, whereas their intensity does: the more intense the emotions are, the more likely that users will take insecure actions induced by the fraudster.