Eyes on phishing emails: an eye-tracking study

Liliana Ribeiro • Inês Sousa Guedes • Carla Sofia Cardoso

Keywords

quasi-experimental · phishing ·  suscetibility ·  emails · identification ·  eye-tracker          

Abstract

Objective

This study aims to explore susceptibility to phishing emails by analysing the visual patterns of individuals.

Method

A quasi-experimental study was developed, using 28 emails (13 phishing; 13 legitimate; 2 control) which were subdivided into two groups (G1; G2) and presented to the participants who looked at a set of 15 emails. The sample consisted of 70 participants.

Results

Phishing emails showed significantly higher average fixation times and total fixations in the sender’s area compared to legitimate emails. However, no significant correlations were found between fixation time, total number of fixations in various areas of the email, and the accuracy of email identification (both general and phishing).

Conclusion

This pioneering study within the Portuguese context lays the foundation for future research on analysing and accurately detecting different types of emails, including differentiating between them. It also supports the development of targeted training to improve the recognition of various emails cues.

https://link.springer.com/article/10.1007/s11292-024-09648-3