Interaction of Personality and Persuasion Tactics in Email Phishing Attacks
Phishing is a social engineering tactic where a malicious actor impersonates a trustworthy third party with the intention of tricking the user into divulging sensitive information. Previous social engineering research has shown an interaction between personality and the persuasion principle used. This study was conducted to investigate whether this interaction is present in the realm of email phishing. To investigate this, we used a personality inventory and an email identification task (phishing or legitimate). The emails used in the identification task utilize four of Cialdini’s persuasion principles. Our data confirms previous findings that high extroversion is predictive of increased susceptibility to phishing attacks. In addition, we identify multiple interactions between personality and specific persuasion principles. We also report the overarching efficacy of various persuasion principles on phishing email identification accuracy.