Despite the rise of security awareness training programs and the use of advanced technology to intercept phishing attempts before they reach potential targets, the continued success of phishing attacks presents a challenge that requires a critical examination of existing knowledge. We suggest that susceptibility is not a stable state, but subject to an interplay between internal factors of the target (such as personality traits, learning, cognitive biases) and contextual factors (including the organizational context). An understanding of the collective influence of these factors on the target behavior facilitates the development of more effective anti-phishing measures and paves the way for new future research areas.

In this session, you will learn:

• Why phishing susceptibility is influenced by both individual traits and the organizational context
• That traditional awareness training often fails due to overgeneralized approaches
• How a more nuanced understanding of user behavior can improve anti-phishing strategies