Jingguo Wang. Credit: UT Arlington UTA researchers show in a new study that people's confidence actually exceeds what they can achieve when judging phishing attacks in the business world.
Jingguo Wang, a UTA associate professor in the College of Business' Department of Information Systems and Operations Management, collaborated with Yuan Li of Missouri's Columbia College and Raghav Rao of the State University of New York, Buffalo, on the study titled: Overconfidence in Phishing Email Detection, recently published in Journal of the Association for Information Systems.
"We wanted to link people's confidence with their performance," Wang said. "We found out that many people are overconfident. In other words, a lot of people thought they had made correct judgment on an email, yet they did not. Their confidence is a poor indicator for their actual performance. Therefore, one suggestion from the study is that following one's confidence on judgment to take subsequent actions on an email may not be recommended."
About 600 people were included in this survey experiment about how people recognize phishing. Eighteen randomly selected emails were presented to the participants mixed with about half phishing emails that were targeted at financial institutions like Bank of America and Chase, and half authentic business emails actually sent by such institutions. People were asked to tell whether an email is legitimate or not.
"The research suggests that businesses may provide feedback mechanisms in their training measures on one's performance to regulate a person's confidence. The goal is to reduce overconfidence," Wang said.
Wang has led a second research paper that questions how people effectively recognize phishing. It's titled "Coping Responses in Phishing Detection: An Investigation of Antecedents and Consequences" and will be published in Information Systems Research. It investigates how people cope with phishing leads to detection accuracy.
"We determined that many of the people surveyed exhibited a lie bias in their response of how to cope with phishing emails," Wang said. "They might just decide to delete everything, which isn't effective or worthwhile."
Wang's research fits into a vital part of the University's strategic plan theme of data-driven discoveries.
Chandra Subramaniam, interim dean of the College of Business, said Wang's work in this realm of phishing and behavior is vital in reaching conclusions on how business and industry should proceed.
"Linking how people think to how they actually act and how confident they are when acting is important in determining a method to deal with phishing effectively," Subramaniam said.
Explore further: Gone phishin': CyLab exposes how our ability to spot phishing emails is far from perfect