Abstract:Despite technical and non-technical countermeasures, humans continue to be tricked by phishing emails. How users make email response decisions is a missing piece in the puzzle to identifying why people still fall for phishing emails. We conducted an empirical study using a think-aloud method to investigate how people make 'response decisions' while reading emails. The grounded theory analysis of the in-depth qualitative data has enabled us to identify different elements of email users' decision-making that influence their email response decisions. Furthermore, we developed a theoretical model that explains how people could be driven to respond to emails based on the identified elements of users' email decision-making processes and the relationships uncovered from the data. The findings provide deeper insights into phishing email susceptibility due to people's email response decision-making behavior. We also discuss the implications of our findings for designers and researchers working in anti-phishing training, education, and awareness interventions

What problem does this paper attempt to address?

The problem that this paper attempts to solve is: **Why are people still vulnerable to phishing emails?** Specifically, the author aims to deeply explore how users make response decisions when receiving emails, in order to reveal the psychological and behavioral mechanisms that lead people to be deceived. ### Problem Background Although technical and non - technical means have been adopted to prevent phishing emails, people are still easily deceived by these attacks. Most of the current research focuses on analyzing the personal characteristics of victims (such as demographic characteristics or personality traits) and the characteristics of phishing emails themselves, while ignoring the specific thinking process of users when deciding how to respond to emails. ### Research Objectives This paper conducts empirical research, using the "think - aloud" method and follow - up interviews to investigate how users make response decisions when reading emails. The main contributions of the research include: 1. **Identifying factors influencing users' email response decisions**: Based on empirical data and grounded theory analysis, the research has discovered various factors considered by users when making email response decisions, such as emotions, personal habits, etc. 2. **Developing a theoretical model**: The research proposes a theoretical model to explain why users are driven to click on links, reply to emails or download attachments. This model reveals how different elements in the user's email response decision - making process and their relationships affect their behavior. ### Research Significance By understanding the decision - making process of users when facing phishing emails, the research provides a scientific basis for designing more effective anti - phishing tools and educational intervention measures. This helps to improve users' awareness of prevention and reduce the security risks brought by phishing emails. ### Main Findings - Users' perception of the sender's legitimacy has an important impact on the degree of their trust in the email. - Users' emotional attachment and personal habits also affect their intention to respond to the email. - The way users verify the source of the email and their previous phishing experiences also have an impact on their decisions. Through these findings, researchers can better understand the behavior patterns of users when facing phishing emails and develop more targeted preventive measures accordingly.

Why People Still Fall for Phishing Emails: An Empirical Investigation into How Users Make Email Response Decisions

Falling for Phishing: An Empirical Investigation into People's Email Response Behaviors

Eyes on the Phish(er): Towards Understanding Users' Email Processing Pattern and Mental Models in Phishing Detection

Using a Computational Cognitive Model to Understand Phishing Classification Decisions of Email Users

SoK: Human-Centered Phishing Susceptibility

Breaching the Human Firewall: Social engineering in Phishing and Spear-Phishing Emails

So Many Phish, So Little Time: Exploring Email Task Factors and Phishing Susceptibility

Predicting susceptibility to social influence in phishing emails

The Anatomy of Deception: Measuring Technical and Human Factors of a Large-scale Phishing Campaign

Phishing in Organizations: Findings from a Large-Scale and Long-Term Study

How Good Are We at Detecting a Phishing Attack? Investigating the Evolving Phishing Attack Email and Why It Continues to Successfully Deceive Society

The Anatomy of Deception: Technical and Human Perspectives on a Large-scale Phishing Campaign

Don’t click: towards an effective anti-phishing training. A comparative literature review

The roles of phishing knowledge, cue utilization, and decision styles in phishing email detection

Analysis of Phishing Attacks and Countermeasures

How Persuasive is a Phishing Email? A Phishing Game for Phishing Awareness

The Phishing Email Suspicion Test (PEST) a lab-based task for evaluating the cognitive mechanisms of phishing detection

Building Confidence not to be Phished through a Gamified Approach: Conceptualising User's Self-Efficacy in Phishing Threat Avoidance Behaviour

Exploring the Evidence for Email Phishing Training: A Scoping Review

Phish Phinder: A Game Design Approach to Enhance User Confidence in Mitigating Phishing Attacks

What You See is Not What You Get: The Role of Email Presentation in Phishing Susceptibility