The Eff ectiveness of Deceptive Tactics in Phishing

Kent Marett, Mississippi State University
Ryan T. Wright, University of San Francisco


Phishing, or the attempt of criminals to obtain sensitive information through a variety of techniques, is still a serious problem for IT managers and Internet consumers. With over 57 million Americans exposed to phishing in 2005, a reported 5% of recipients were victimized. Some believe that one percent of all email is phishing-related, and estimates of financial losses vary from 100 million to 1 billion dollars (US) a year (Goth, 2005). Our research examines the properties in a phishing email that may or may not influence the users to give out personal and sensitive information. For this field experiment we use students to test the effect that certain types of content have on the phishing process. The study outcomes suggest that user’s do not pay attention to the sender’s domain in a phishing email but do respond to personalized messages and messages that demand an immediate response.