‘Protect and Fight Back’: A Case Study on User Motivations to Report Phishing Emails

In ACM Proceedings of the 2024 European Symposium on Usable Security, 2024

Abstract

Phishing reporting is emerging as a key defense mechanism against phishing attacks. Whereas large enough organizations have specific policies in place for phishing reporting, user uptake is still limited, and a clear picture of what motivates users to report and which types of emails is still to be drawn. Yet, this is critical to devising better policies and procedures and stimulating awareness and a cyber-security culture within organizations. In this work, we sample and interview 𝑛 = 49 employees from the pool of phishing reporters at a medium-sized European technical university. We sample interviewees based on how sophisticated the emails they report are over contextual and technical dimensions and cluster reporters in terms of their (emerging) reporting behavior. We conduct semi-structured interviews up to thematic saturation and derive 13 main themes driving reporting motivations. We discuss the identified themes in the broader theoretical context, as well as the practical implications of our findings.

URL: https://doi.org/10.1145/3688459.3688473