UTA researchers show in a new study that people's confidence actually exceeds what they can achieve when judging phishing attacks in the business world.
Jingguo Wang, a UTA associate professor in the College of Business' Department of Information Systems and Operations Management, collaborated with Yuan Li of Missouri's Columbia College and Raghav Rao of the State University of New York, Buffalo, on the study titled: Overconfidence in Phishing Email Detection, recently published in Journal of the Association for Information Systems.
"We wanted to link people's confidence with their performance," Wang said. "We found out that many people are overconfident. In other words, a lot of people thought they had made correct judgment on an email, yet they did not. Their confidence is a poor indicator for their actual performance. Therefore, one suggestion from the study is that following one's confidence on judgment to take subsequent actions on an email may not be recommended."
About 600 people were included in this survey experiment about how people recognize phishing. Eighteen randomly selected emails were presented to the participants mixed with about half phishing emails that were targeted at financial institutions like Bank of America and Chase, and half authentic business emails actually sent by such institutions. People were asked to tell whether an email is legitimate or not.
"The research suggests that businesses may provide feedback mechanisms in their training measures on one's performance to regulate a person's confidence. The goal is to reduce overconfidence," Wang said.
Wang has led a second research paper that questions how people effectively recognize phishing. It's titled "Coping Responses in Phishing Detection: An Investigation of Antecedents and Consequences" and will be published in Information Systems Research. It investigates how people cope with phishing leads to detection accuracy.
"We determined that many of the people surveyed exhibited a lie bias in their response of how to cope with phishing emails," Wang said. "They might just decide to delete everything, which isn't effective or worthwhile."
Wang's research fits into a vital part of the University's strategic plan theme of data-driven discoveries.
Chandra Subramaniam, interim dean of the College of Business, said Wang's work in this realm of phishing and behavior is vital in reaching conclusions on how business and industry should proceed.
"Linking how people think to how they actually act and how confident they are when acting is important in determining a method to deal with phishing effectively," Subramaniam said.
###
About The University of Texas at Arlington
The University of Texas at Arlington is a Carnegie Research-1 "highest research activity" institution. With a projected global enrollment of close to 57,000 in AY 2016-17, UTA is the largest institution in The University of Texas System. Guided by its Strategic Plan Bold Solutions | Global Impact, UTA fosters interdisciplinary research within four broad themes: health and the human condition, sustainable urban communities, global environmental impact, and data-driven discovery. UTA was recently cited by U.S. News & World Report as having the second lowest average student debt among U.S. universities. U.S. News & World Report also ranks UTA fifth in the nation for undergraduate diversity. The University is a Hispanic-Serving Institution and is ranked as the top four-year college in Texas for veterans on Military Times' 2017 Best for Vets list.
Journal
Journal of the Association for Information Systems