Skip to main content

Understanding Phishing Email Processing and Perceived Trustworthiness Through Eye Tracking.

McAlaney, J. and Hills, P.J., 2020. Understanding Phishing Email Processing and Perceived Trustworthiness Through Eye Tracking. Frontiers in Psychology, 11, 1756.

Full text available as:

2020McAlaneyHills_Frontiers.pdf - Published Version
Available under License Creative Commons Attribution.


DOI: 10.3389/fpsyg.2020.01756


© Copyright © 2020 McAlaney and Hills. Social engineering attacks in the form of phishing emails represent one of the biggest risks to cybersecurity. There is a lack of research on how the common elements of phishing emails, such as the presence of misspellings and the use of urgency and threatening language, influences how the email is processed and judged by individuals. Eye tracking technology may provide insight into this. In this exploratory study a sample of 22 participants viewed a series of emails with or without indicators associated with phishing emails, whilst their eye movements were recorded using a SMI RED 500 eye-tracker. Participants were also asked to give a numerical rating of how trustworthy they deemed each email to be. Overall, it was found that participants looked more frequently at the indicators associated with phishing than would be expected by chance but spent less overall time viewing these elements than would be expected by chance. The emails that included indicators associated with phishing were rated as less trustworthy on average, with the presence of misspellings or threatening language being associated with the lowest trustworthiness ratings. In addition, it was noted that phishing indicators relating to threatening language or urgency were viewed before misspellings. However, there was no significant interaction between the trustworthiness ratings of the emails and the amount of scanning time for phishing indicators within the emails. These results suggest that there is a complex relationship between the presence of indicators associated with phishing within an email and how trustworthy that email is judged to be. This study also demonstrates that eye tracking technology is a feasible method with which to identify and record how phishing emails are processed visually by individuals, which may contribute toward the design of future mitigation approaches.

Item Type:Article
Uncontrolled Keywords:phishing, eye tracking, social engineering, cybersecurity, email
Group:Faculty of Science & Technology
ID Code:34475
Deposited By: Symplectic RT2
Deposited On:01 Sep 2020 12:57
Last Modified:14 Mar 2022 14:23


Downloads per month over past year

More statistics for this item...
Repository Staff Only -