Deceit and Deception: A Large User Study of Phishing

This study is a large scale investigation of trust manipulation tactics used by phishing web sites and email messages. The experiment focuses on media authenticity evaluations, rather than content credibility with the assumption that its authors are known. It tests the effect of features ranging from URL plausibility to trust endorsement graphics on a population of 398 subjects. The experiment presents these trust indicators in a variety of stimuli since reactions will vary according to context. In addition to testing specific features, the test gauges the potential of a phishing tactic that spoofs third party program administrators rather than a brand itself. The results show that indeed graphic design can change authenticity evaluations and that their impact varies with context. We expected that authenticity inspiring design changes would have the opposite effect when paired with an unreasonable request, however our data suggest that narrative strength – rather than underlying legitimacy – limits the impact of graphic design on trust and that these authenticity-inspiring design features improve trust in both genuine and forged media.