The Effect of Personality on SMS Phishing Vulnerability

In the last decade, cybercrime has sought to bypass technical security in place by focusing in people. Recently more attention has been given to the security of mobile devices. However, very little research has investigated the human factors of mobile phishing. This thesis investigates human aspects in relation to SMS phishing. Based on our findings, we present recommendations and opportunities for research that will help the security community to better understand phishing attacks and educate mobile users against them.

The first study reports the results of a qualitative investigation of what people think and feel about mobile security. The study presents this investigation temporally by means of a series of interviews performed sequentially in multiple stages. A variation was noted in the users' responses and a theory was developed to explain such variation. The study proposed a grounded theory that suggested that human security attitude is strongly influenced by their agreeableness, conscientiousness and extraversion personality traits. The developed theory suggested that this general behaviour is moderated by individuals’ knowledge and past error-in-judgement experiences. The theory was tested via three further studies (one lab study and two experimental studies). The results suggest that the personality traits Assertiveness and Extraversion affect humans’ phishing vulnerability.

To the best of our knowledge, the three studies are the first empirical studies of the human aspects involved in SMS phishing.

The thesis embraces both quantitative and qualitative analysis approaches. The quantitative analysis helped in isolating the personality traits Assertiveness and Extraversion while the qualitative analysis helped us understand how individuals reason about their behaviour.