Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

User Context: An Explanatory Variable in Phishing Susceptibility



Kristen K. Greene, Michelle P. Steves, Mary Theofanos, Jennifer A. Kostick


Extensive research has been performed to examine the effectiveness of phishing defenses, but much of this research was performed in laboratory settings. In contrast, this work presents 4.5 years of workplace-situated, embedded phishing email training exercise data, focusing on the last three phishing exercises with participant feedback. The sample was an operating unit consisting of approximately 70 stratified staff members within a U.S. government research institution. A multiple methods assessment approach revealed that the individual's work context is the lens through which email cues are interpreted. Not only do clickers and non-clickers attend to different cues, they interpret the same cues differently depending on the alignment of the user's work context and the premise of the phishing email. Clickers were concerned over consequences arising from not clicking, such as failing to be responsive. In contrast, non-clickers were concerned with consequences from clicking, such as downloading malware. This finding firmly identifies the alignment of user context and the phishing attack premise as a significant explanatory factor in phishing susceptibility. We present additional findings that have actionable operational security implications. The long-term, embedded and ecologically valid conditions surrounding these phishing exercises provided the crucial elements necessary for these findings to surface and be confirmed.
Proceedings Title
Proceedings of the Network and Distributed Systems Security (NDSS) Symposium
Conference Dates
February 18-21, 2018
Conference Location
San Diego, CA, US
Conference Title
Workshop on Usable Security (USEC) at the Network and Distributed Systems Security (NDSS) Symposium 2018


decision-making, embedded phishing awareness training, user-centered approach, survey instrument, long-term assessment, operational data, trial deployment, network security, security defenses


Greene, K. , Steves, M. , Theofanos, M. and Kostick, J. (2018), User Context: An Explanatory Variable in Phishing Susceptibility, Proceedings of the Network and Distributed Systems Security (NDSS) Symposium, San Diego, CA, US, [online],, (Accessed May 29, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created July 15, 2018, Updated April 12, 2022