NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

User Context: An Explanatory Variable in Phishing Susceptibility

Published

Author(s)

Kristen K. Greene, Michelle P. Steves, Mary Theofanos, Jennifer A. Kostick

Abstract

Extensive research has been performed to examine the effectiveness of phishing defenses, but much of this research was performed in laboratory settings. In contrast, this work presents 4.5 years of workplace-situated, embedded phishing email training exercise data, focusing on the last three phishing exercises with participant feedback. The sample was an operating unit consisting of approximately 70 stratified staff members within a U.S. government research institution. A multiple methods assessment approach revealed that the individual's work context is the lens through which email cues are interpreted. Not only do clickers and non-clickers attend to different cues, they interpret the same cues differently depending on the alignment of the user's work context and the premise of the phishing email. Clickers were concerned over consequences arising from not clicking, such as failing to be responsive. In contrast, non-clickers were concerned with consequences from clicking, such as downloading malware. This finding firmly identifies the alignment of user context and the phishing attack premise as a significant explanatory factor in phishing susceptibility. We present additional findings that have actionable operational security implications. The long-term, embedded and ecologically valid conditions surrounding these phishing exercises provided the crucial elements necessary for these findings to surface and be confirmed.
Proceedings Title
Proceedings of the Network and Distributed Systems Security (NDSS) Symposium
Conference Dates
February 18-21, 2018
Conference Location
San Diego, CA, US
Conference Title
Workshop on Usable Security (USEC) at the Network and Distributed Systems Security (NDSS) Symposium 2018
Pub Type
Conferences

Download Paper

https://doi.org/10.14722/usec.2018.23016
Local Download

Keywords

decision-making, embedded phishing awareness training, user-centered approach, survey instrument, long-term assessment, operational data, trial deployment, network security, security defenses
Usability and human factors, Information technology and Cybersecurity and privacy

Citation

Greene, K. , Steves, M. , Theofanos, M. and Kostick, J. (2018), User Context: An Explanatory Variable in Phishing Susceptibility, Proceedings of the Network and Distributed Systems Security (NDSS) Symposium, San Diego, CA, US, [online], https://doi.org/10.14722/usec.2018.23016, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=925206 (Accessed October 24, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created July 15, 2018, Updated April 12, 2022
Was this page helpful?