Let us support your efforts at UB. Here you can find information
you might need for academic life and career success.
The UB Library System has a variety of resources that are available to you.
Head, Educational Services Team
Communication Department Liaison
520C Lockwood Library North Campus email@example.com (716) 645-8629
Published April 11, 2011
Two UB professors were among the authors of a study that
explores who tends to be more susceptible to email phishing.
Communication researchers at four major universities found that if you receive a lot of email, habitually respond to a good portion of it, maintain a lot of online relationships and conduct a large number of transactions online you are more susceptible to email “phishing” expeditions than those who limit their online activity.
The study, “Why Do People Get Phished?” forthcoming in the journal Decision Support Systems and Electronic Commerce, uses an integrated information processing model to test individual differences in vulnerability to phishing.
The study is particularly pertinent given the rash of phishing expeditions that have become public of late, the most recent involving the online marketing firm Epsilon, whose database was breached last week by hackers, potentially affecting millions of banking and retail customers.
The authors are Arun “Vish” Vishwanath, UB associate professor of communication and adjunct associate professor of management science and systems, and H. Raghav Rao, UB professor of management science and systems, and Tejaswini Herath, Brock University, Ontario; Rui Chen, Ball State University; and Jingguo Wang, University of Texas, Arlington. Herath, Chen and Wang all hold a PhD in management science and systems from UB.
Email phishing is a process that employs such techniques as using the names of credible businesses (American Express, eBay), government institutions (Internal Revenue Service, Department of Motor Vehicles) or current events (political donations, Beijing Olympic tickets, aiding Katrina victims) in conjunction with statements invoking fear, threat, excitement or urgency to persuade people to respond with personal and sensitive information like usernames, passwords and credit card details.