Researcher shows computer users are overconfident when dealing with junk emails

January 10, 2017
Jingguo Wang. Credit: UT Arlington

UTA researchers show in a new study that people's confidence actually exceeds what they can achieve when judging phishing attacks in the business world.

Jingguo Wang, a UTA associate professor in the College of Business' Department of Information Systems and Operations Management, collaborated with Yuan Li of Missouri's Columbia College and Raghav Rao of the State University of New York, Buffalo, on the study titled: Overconfidence in Phishing Email Detection, recently published in Journal of the Association for Information Systems.

"We wanted to link people's confidence with their performance," Wang said. "We found out that many people are overconfident. In other words, a lot of people thought they had made correct judgment on an email, yet they did not. Their confidence is a poor indicator for their actual performance. Therefore, one suggestion from the study is that following one's confidence on judgment to take subsequent actions on an email may not be recommended."

About 600 people were included in this survey experiment about how people recognize . Eighteen randomly selected emails were presented to the participants mixed with about half phishing emails that were targeted at financial institutions like Bank of America and Chase, and half authentic business emails actually sent by such institutions. People were asked to tell whether an email is legitimate or not.

"The research suggests that businesses may provide feedback mechanisms in their training measures on one's performance to regulate a person's confidence. The goal is to reduce overconfidence," Wang said.

Wang has led a second research paper that questions how people effectively recognize phishing. It's titled "Coping Responses in Phishing Detection: An Investigation of Antecedents and Consequences" and will be published in Information Systems Research. It investigates how people cope with phishing leads to detection accuracy.

"We determined that many of the people surveyed exhibited a lie bias in their response of how to cope with phishing emails," Wang said. "They might just decide to delete everything, which isn't effective or worthwhile."

Wang's research fits into a vital part of the University's strategic plan theme of data-driven discoveries.

Chandra Subramaniam, interim dean of the College of Business, said Wang's work in this realm of phishing and behavior is vital in reaching conclusions on how business and industry should proceed.

"Linking how think to how they actually act and how confident they are when acting is important in determining a method to deal with phishing effectively," Subramaniam said.

Explore further: Gone phishin': CyLab exposes how our ability to spot phishing emails is far from perfect

Related Stories

Study shows how phishing scams thrive on overconfidence

January 9, 2017

A new study by H.R. Rao, AT&T Distinguished Chair in Infrastructure Assurance and Security at The University of Texas at San Antonio (UTSA), examines overconfidence in detecting phishing e-mails. According to Rao, most people ...

Phishing Attacks in May Jumped More Than 200 Percent

June 30, 2005

The phishing season is officially open. Phishing – using fraudulent emails to try to dupe recipients into revealing personal or financial information -- reached its highest level in May, according to IBM. The month Global ...

Recommended for you

US faces moment of truth on 'net neutrality'

December 14, 2017

The acrimonious battle over "net neutrality" in America comes to a head Thursday with a US agency set to vote to roll back rules enacted two years earlier aimed at preventing a "two-speed" internet.

Microbes help turn Greek yogurt waste into fuel

December 13, 2017

Consumers across the world enjoy Greek yogurt for its taste, texture, and protein-packed punch. Reaching that perfect formula, however, generates large volumes of food waste in the form of liquid whey. Now researchers in ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.