NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.
Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.
An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
User Context: An Explanatory Variable in Phishing Susceptibility
Published
Author(s)
Kristen K. Greene, Michelle P. Steves, Mary Theofanos, Jennifer A. Kostick
Abstract
Extensive research has been performed to examine the effectiveness of phishing defenses, but much of this research was performed in laboratory settings. In contrast, this work presents 4.5 years of workplace-situated, embedded phishing email training exercise data, focusing on the last three phishing exercises with participant feedback. The sample was an operating unit consisting of approximately 70 stratified staff members within a U.S. government research institution. A multiple methods assessment approach revealed that the individual's work context is the lens through which email cues are interpreted. Not only do clickers and non-clickers attend to different cues, they interpret the same cues differently depending on the alignment of the user's work context and the premise of the phishing email. Clickers were concerned over consequences arising from not clicking, such as failing to be responsive. In contrast, non-clickers were concerned with consequences from clicking, such as downloading malware. This finding firmly identifies the alignment of user context and the phishing attack premise as a significant explanatory factor in phishing susceptibility. We present additional findings that have actionable operational security implications. The long-term, embedded and ecologically valid conditions surrounding these phishing exercises provided the crucial elements necessary for these findings to surface and be confirmed.
Proceedings Title
Proceedings of the Network and Distributed Systems Security (NDSS) Symposium
Conference Dates
February 18-21, 2018
Conference Location
San Diego, CA, US
Conference Title
Workshop on Usable Security (USEC) at the Network and Distributed Systems Security (NDSS) Symposium 2018
Greene, K.
, Steves, M.
, Theofanos, M.
and Kostick, J.
(2018),
User Context: An Explanatory Variable in Phishing Susceptibility, Proceedings of the Network and Distributed Systems Security (NDSS) Symposium, San Diego, CA, US, [online], https://doi.org/10.14722/usec.2018.23016, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=925206
(Accessed October 8, 2025)