Phishing, Data-Disclosure and The Cognitive Reflection Test

Abstract

Phishing is a form of online identity theft that aims to steal sensitive information such as passwords and credit card information from users. Data is key for the digital economy, but disclosing personal data online increases vulnerabilities and the likelihood of experiencing negative consequences from disclosure. In this paper, we analyze willingness to share personal data, a preference for an intuitive decision style and susceptibility to phishes. We report the results of three large-scale national studies in Norway that included the cognitive reflection test (CRT) and a choice experiment on willingness to share personal data. With a binary logistic regression method, we analyzed the relationship between the CRT, willingness to share data and demographical variables with susceptibility to phishes as the outcome variable. Our main finding is that the willingness to share personal data and an intuitive thinking style significantly predict the probability of falling for phish. These results are based on three large-scale studies with national populations, in contrast to earlier studies that in most cases relying on student populations, giving them greater validity.