<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.4 20241031//EN" "JATS-journalpublishing1-4.dtd">
<article xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" article-type="research-article" dtd-version="1.4" xml:lang="en">
  <front>
    <journal-meta>
      <journal-id journal-id-type="publisher-id">jcc</journal-id>
      <journal-title-group>
        <journal-title>Journal of Computer and Communications</journal-title>
      </journal-title-group>
      <issn pub-type="epub">2327-5227</issn>
      <issn pub-type="ppub">2327-5219</issn>
      <publisher>
        <publisher-name>Scientific Research Publishing</publisher-name>
      </publisher>
    </journal-meta>
    <article-meta>
      <article-id pub-id-type="doi">10.4236/jcc.2026.143010</article-id>
      <article-id pub-id-type="publisher-id">jcc-150497</article-id>
      <article-categories>
        <subj-group>
          <subject>Article</subject>
        </subj-group>
        <subj-group>
          <subject>Computer Science</subject>
          <subject>Communications</subject>
        </subj-group>
      </article-categories>
      <title-group>
        <article-title>Predictors of Phishing Detection Confidence among Defense Engineering Professionals</article-title>
      </title-group>
      <contrib-group>
        <contrib contrib-type="author">
          <name name-style="western">
            <surname>Brickley</surname>
            <given-names>Joseph</given-names>
          </name>
          <xref ref-type="aff" rid="aff1">1</xref>
        </contrib>
        <contrib contrib-type="author">
          <name name-style="western">
            <surname>Thakur</surname>
            <given-names>Kutub</given-names>
          </name>
          <xref ref-type="aff" rid="aff1">1</xref>
        </contrib>
        <contrib contrib-type="author">
          <name name-style="western">
            <surname>Krantz</surname>
            <given-names>Michael</given-names>
          </name>
          <xref ref-type="aff" rid="aff1">1</xref>
        </contrib>
      </contrib-group>
      <aff id="aff1"><label>1</label> Professional Security Studies Department of New Jersey City University, Jersey City, USA </aff>
      <author-notes>
        <fn fn-type="conflict" id="fn-conflict">
          <p>The authors declare no conflicts of interest regarding the publication of this paper.</p>
        </fn>
      </author-notes>
      <pub-date pub-type="epub">
        <day>03</day>
        <month>03</month>
        <year>2026</year>
      </pub-date>
      <pub-date pub-type="collection">
        <month>03</month>
        <year>2026</year>
      </pub-date>
      <volume>14</volume>
      <issue>03</issue>
      <fpage>196</fpage>
      <lpage>219</lpage>
      <history>
        <date date-type="received">
          <day>11</day>
          <month>02</month>
          <year>2026</year>
        </date>
        <date date-type="accepted">
          <day>27</day>
          <month>03</month>
          <year>2026</year>
        </date>
        <date date-type="published">
          <day>30</day>
          <month>03</month>
          <year>2026</year>
        </date>
      </history>
      <permissions>
        <copyright-statement>© 2026 by the authors and Scientific Research Publishing Inc.</copyright-statement>
        <copyright-year>2026</copyright-year>
        <license license-type="open-access">
          <license-p> This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license ( <ext-link ext-link-type="uri" xlink:href="https://creativecommons.org/licenses/by/4.0/">https://creativecommons.org/licenses/by/4.0/</ext-link> ). </license-p>
        </license>
      </permissions>
      <self-uri content-type="doi" xlink:href="https://doi.org/10.4236/jcc.2026.143010">https://doi.org/10.4236/jcc.2026.143010</self-uri>
      <abstract>
        <p>Phishing is a persistent organizational threat, yet most empirical work emphasizes post-exposure susceptibility rather than the confidence judgments that shape behavior when suspicious messages arrive. This study examines predictors of phishing-detection confidence in a professional sample of U.S. defense-industry engineers (N = 97). Participants completed a validated survey capturing email comfort, perceived Internet proficiency, Self-Reported Phishing-Cue Knowledge, cue-checking frequency, use of sanctioned confirmation channels, and Big Five personality traits. Multiple linear models with standardized coefficients and multicollinearity checks estimate each factor’s unique contribution. Three predictors show the largest and most consistent associations with detection confidence: email comfort, perceived Internet proficiency, and Self-Reported Phishing-Cue Knowledge. Emotional stability and openness contribute at smaller magnitudes, while cue-checking frequency and use of a confirmation channel exhibit secondary effects. Years of experience and recent training volume are not reliable drivers once core skills and knowledge are included. Findings support a confidence-mediated account of phishing decisions and suggest practical interventions: hands-on practice that improves email fluency and web problem-solving, explicit instruction on cue schemas, and low-friction confirmation workflows. Limitations include a single occupational context and reliance on retrospective confidence; implications for replication and program design are discussed.</p>
      </abstract>
      <kwd-group kwd-group-type="author-generated" xml:lang="en">
        <kwd>Confidence</kwd>
        <kwd>Human Factors</kwd>
        <kwd>Organizational Security</kwd>
        <kwd>Phishing</kwd>
        <kwd>Security Training</kwd>
        <kwd>Self-Efficacy</kwd>
        <kwd>Social Engineering</kwd>
        <kwd>Usable Security</kwd>
      </kwd-group>
    </article-meta>
  </front>
  <body>
    <sec id="sec1">
      <title>1. Introduction</title>
      <p>Phishing remains one of the most persistent social-engineering threats in organizations, repeatedly implicated in incidents and breaches [<xref ref-type="bibr" rid="B1">1</xref>][<xref ref-type="bibr" rid="B2">2</xref>]. Much of the empirical literature emphasizes susceptibility after exposure, who clicks or replies and under what conditions, focusing on deceptive page design, social proof, urgency, and spoofing tactics [<xref ref-type="bibr" rid="B3">3</xref>]-[<xref ref-type="bibr" rid="B5">5</xref>]. That emphasis clarifies many determinants of being deceived but leaves less explained about the judgment users make before acting, how confident they feel in detecting a suspicious message. Confidence matters operationally: it influences whether an employee slows down, inspects surface and header cues, or seeks an authorized confirmation channel before executing a potentially risky action [<xref ref-type="bibr" rid="B3">3</xref>]-[<xref ref-type="bibr" rid="B5">5</xref>]. A clearer account of what drives phishing-detection confidence offers a direct lever for risk reduction because confidence can be shaped by training, process design, and tool support [<xref ref-type="bibr" rid="B6">6</xref>]-[<xref ref-type="bibr" rid="B8">8</xref>]. </p>
      <p>Building on this premise, we model detection confidence as a psychologically grounded belief state related to self-efficacy, the belief in one’s capability to perform a task under typical constraints [<xref ref-type="bibr" rid="B6">6</xref>]. Prior usable-security work links self-efficacy with secure practice, suggesting that users who feel competent are more likely to enact recommended controls [<xref ref-type="bibr" rid="B7">7</xref>][<xref ref-type="bibr" rid="B8">8</xref>]. Translating that insight to phishing, we examine drivers that are both learnable and actionable in enterprise programs: 1) technology comfort (comfort using email; perceived Internet proficiency), 2) knowledge of phishing cues captured by widely trained indicators (e.g., sender anomalies, link/attachment scrutiny), 3) frequency of cue checking and use of sanctioned confirmation channels (behavioral tendencies that organizations can standardize), and 4) personality traits (Big Five) previously associated with cautious responding or deception resistance [<xref ref-type="bibr" rid="B3">3</xref>]-[<xref ref-type="bibr" rid="B5">5</xref>][<xref ref-type="bibr" rid="B7">7</xref>][<xref ref-type="bibr" rid="B8">8</xref>]. We analyze these factors in a professional sample of U.S. defense-industry engineering staff using linear models with multicollinearity checks [<xref ref-type="bibr" rid="B9">9</xref>]. </p>
      <sec id="sec1dot1">
        <title>Research Question</title>
        <p><bold>RQ1:</bold> How do user characteristics affect users’ retrospective confidence levels toward phishing detection? </p>
        <p><bold>RQ2:</bold> How do cues affect users’ retrospective confidence levels? </p>
        <p><bold>Significance:</bold>By isolating rank-ordered, trainable predictors of detection confidence in a real workforce, this study provides a compact basis for prioritizing training content and operational safeguards in enterprise phishing programs. </p>
      </sec>
    </sec>
    <sec id="sec2">
      <title>2. Related Work</title>
      <sec id="sec2dot1">
        <title>2.1. Phishing Deception and User Decision Processes</title>
        <p>Phishing is defined here as the use of deceptive, computer-mediated communications to induce a security-relevant action, such as credential submission, payment authorization, attachment execution, or disclosure of sensitive information, by misrepresenting identity or context [<xref ref-type="bibr" rid="B10">10</xref>][<xref ref-type="bibr" rid="B11">11</xref>]. As a subtype of social engineering, phishing combines technical and psychological techniques to elicit trust and exploit routine communication patterns. In organizational settings, attackers frequently seek to bypass established “trusted paths” (e.g., authenticated portals, ticketing systems) by persuading users either to reply directly with information or to click through to an attacker-controlled site where the disclosure occurs [<xref ref-type="bibr" rid="B12">12</xref>][<xref ref-type="bibr" rid="B13">13</xref>]. <xref ref-type="fig" rid="fig1">Figure 1</xref> illustrates the trusted-path concept and the attacker’s goal of keeping users in the adversary’s lane rather than returning to an authenticated channel. Within this work, deception cues denote surface, header, and contextual indicators (e.g., discrepancies between display and destination URLs, sender anomalies, unexpected attachments, urgency framing) that can support discrimination between benign and malicious messages. </p>
        <fig id="fig1">
          <label>Figure 1</label>
          <graphic xlink:href="https://html.scirp.org/file/1733467-rId13.jpeg?20260330024613" />
        </fig>
        <p><bold>Figure 1.</bold>Trusted path redrawn (Adapted by Author from Li &amp; Wu, 2003 [<xref ref-type="bibr" rid="B12">12</xref>]). </p>
        <p>Industry analyses consistently situate phishing among the leading precursors to incidents and breaches, underscoring its operational impact on enterprises of all sizes [<xref ref-type="bibr" rid="B1">1</xref>][<xref ref-type="bibr" rid="B2">2</xref>]. Foundational HCI/IS studies demonstrate how visual realism, identity/URL spoofing, and message framing systematically increase compliance, even among technically literate users who express high security awareness [<xref ref-type="bibr" rid="B3">3</xref>]-[<xref ref-type="bibr" rid="B5">5</xref>][<xref ref-type="bibr" rid="B14">14</xref>][<xref ref-type="bibr" rid="B15">15</xref>]. Small manipulations in domain strings and sender presentation, together with polished brand impersonation, can create an initial sense of legitimacy sufficient to trigger routine responding before analytic checking occurs [<xref ref-type="bibr" rid="B14">14</xref>][<xref ref-type="bibr" rid="B15">15</xref>]. Content analyses further document the role of persuasion principles, especially authority and scarcity, in compressing deliberation windows and biasing toward rapid action (e.g., executive spoofing, deadline pressure, threat of negative consequences) [<xref ref-type="bibr" rid="B16">16</xref>]-[<xref ref-type="bibr" rid="B19">19</xref>]. Likeability/affinity and appeals to social proof also appear in attacker content, although their effects vary across studies and populations [<xref ref-type="bibr" rid="B16">16</xref>][<xref ref-type="bibr" rid="B20">20</xref>]-[<xref ref-type="bibr" rid="B22">22</xref>]. As summarized in <xref ref-type="fig" rid="fig2">Figure 2</xref>, when mismatches between expectations and indicators are detected, users branch toward alternative actions rather than the phisher-suggested path [<xref ref-type="bibr" rid="B23">23</xref>]. </p>
        <p>Cognitive accounts of user decision making help explain these outcomes. Under time pressure and email load, users often default to peripheral cues (appearance, brand familiarity, sender label) rather than engaging in cue-analytic processing, consistent with dual-process and elaboration likelihood perspectives [<xref ref-type="bibr" rid="B3">3</xref>][<xref ref-type="bibr" rid="B5">5</xref>][<xref ref-type="bibr" rid="B24">24</xref>]-[<xref ref-type="bibr" rid="B26">26</xref>]. Models tailored to online deception characterize detection as a multi-stage judgment: activation of suspicion upon encountering inconsistent cues; hypothesis generation that the content may be deceptive; hypothesis testing via additional evidence seeking (e.g., inspecting headers, hovering links, cross-channel verification); and global assessment culminating in action or avoidance [<xref ref-type="bibr" rid="B27">27</xref>]. Extensions to email contexts emphasize that priming (e.g., recent warnings or simulations) and individual differences influence whether relevant cue schemas are retrieved and applied at the moment of decision [<xref ref-type="bibr" rid="B28">28</xref>]. Building on this stream, the present study treats retrospective detection confidence as a proximal belief state that governs whether users slow down, interrogate cues, and seek confirmation before acting [<xref ref-type="bibr" rid="B9">9</xref>]. As shown in <xref ref-type="fig" rid="fig3">Figure 3</xref>, detection unfolds as a multi-stage judgment: activation, hypothesis generation, hypothesis testing, and global assessment. </p>
        <fig id="fig2">
          <label>Figure 2</label>
          <graphic xlink:href="https://html.scirp.org/file/1733467-rId14.jpeg?20260330024614" />
        </fig>
        <p><bold>Figure 2.</bold>Email decision-making model (Adapted by Author from Xun <italic>et al.</italic>, 2008 [<xref ref-type="bibr" rid="B23">23</xref>]). </p>
        <fig id="fig3">
          <label>Figure 3</label>
          <graphic xlink:href="https://html.scirp.org/file/1733467-rId15.jpeg?20260330024614" />
        </fig>
        <p><bold>Figure 3.</bold>Multi-stage deception detection model (Adapted by Author from Grazioli, 2004 [<xref ref-type="bibr" rid="B27">27</xref>]). </p>
        <p>Comparative work distinguishes detectors from victims by process as well as outcome. Detectors tend to notice inconsistent cues, test hypotheses, and select richer confirmation channels when uncertain; victims more often rely on appearance cues, misinterpret indicators, or choose weak confirmation paths [<xref ref-type="bibr" rid="B14">14</xref>][<xref ref-type="bibr" rid="B23">23</xref>][<xref ref-type="bibr" rid="B26">26</xref>][<xref ref-type="bibr" rid="B29">29</xref>][<xref ref-type="bibr" rid="B30">30</xref>]. These patterns motivate the study’s focus on trainable levers, technology comfort, cue knowledge, routinized cue-checking, and sanctioned confirmation pathways, and on confidence as the mechanism linking these levers to behavior within operational environments. As shown in <xref ref-type="fig" rid="fig4">Figure 4</xref>, risky in-thread replies keep users in the adversary’s lane, whereas safer out-of-thread confirmation returns the user to a trusted path, motivating our emphasis on sanctioned channels. </p>
        <fig id="fig4">
          <label>Figure 4</label>
          <graphic xlink:href="https://html.scirp.org/file/1733467-rId16.jpeg?20260330024614" />
        </fig>
        <p><bold>Figure 4.</bold>Phishing reply flow (Adapted by Author from Alseadoon, 2014 [<xref ref-type="bibr" rid="B14">14</xref>]).</p>
      </sec>
      <sec id="sec2dot2">
        <title>2.2. Confidence as Self-Efficacy in Usable Security</title>
        <p>In this study, we treat detection confidence as a task-focused belief state aligned with self-efficacy, one’s perceived capability to execute the behaviors required to achieve a specific outcome under typical constraints [<xref ref-type="bibr" rid="B6">6</xref>]. Within security practice, higher self-efficacy has been associated with stronger adherence to recommended behaviors (e.g., checking indicators, using sanctioned channels) and reduced intention to engage in unsafe acts [<xref ref-type="bibr" rid="B7">7</xref>][<xref ref-type="bibr" rid="B8">8</xref>]. Framed this way, phishing detection is not only about knowledge of cues but also about the belief that one can apply that knowledge efficiently in routine work conditions (email load, deadlines, social pressure). </p>
        <p>Prior work distinguishes prospective and retrospective forms of confidence. Prospective confidence (before acting) reflects beliefs about one’s capability and overlaps conceptually with self-efficacy [<xref ref-type="bibr" rid="B6">6</xref>][<xref ref-type="bibr" rid="B31">31</xref>]-[<xref ref-type="bibr" rid="B35">35</xref>]. Retrospective (judgmental) confidence is assessed after a decision and reflects the perceived correctness of that decision [<xref ref-type="bibr" rid="B36">36</xref>][<xref ref-type="bibr" rid="B37">37</xref>]. Behavioral decision research links both forms to downstream behavior: higher confidence generally predicts more decisive action, whereas lower confidence predicts additional information search and verification [<xref ref-type="bibr" rid="B34">34</xref>]. In phishing contexts, elevated confidence, especially when outpacing actual skill, has been tied to faster responding, reduced cue inspection, and greater risk-taking [<xref ref-type="bibr" rid="B32">32</xref>][<xref ref-type="bibr" rid="B35">35</xref>]. Conversely, lower confidence often triggers confirmation via richer channels (e.g., calling a known contact or opening a ticket) prior to action [<xref ref-type="bibr" rid="B22">22</xref>][<xref ref-type="bibr" rid="B33">33</xref>]. </p>
        <p>A second stream emphasizes where confidence comes from. Social cognitive theory posits four primary sources of efficacy beliefs: mastery experiences, vicarious learning, verbal persuasion, and physiological states [<xref ref-type="bibr" rid="B31">31</xref>]. In enterprise programs, these map directly to hands-on simulation and feedback (mastery), modeling via worked examples, explicit policy/process messaging, and fatigue-aware delivery. Consistent with this account, studies show that training may raise security self-efficacy and improve certain protective behaviors, although gains are uneven and can be offset by overconfidence when task demands or cue complexity are high [<xref ref-type="bibr" rid="B7">7</xref>][<xref ref-type="bibr" rid="B8">8</xref>][<xref ref-type="bibr" rid="B32">32</xref>]. Evidence from printed-email and lab paradigms further indicates that participants can report high confidence while misclassifying phish at meaningful rates, highlighting the risk of miscalibrated confidence [<xref ref-type="bibr" rid="B3">3</xref>][<xref ref-type="bibr" rid="B5">5</xref>][<xref ref-type="bibr" rid="B32">32</xref>]. </p>
        <p>Finally, research on confidence calibration suggests that motivational self-enhancement and perceived competence in a domain can inflate confidence beyond performance, producing systematic errors under uncertainty [<xref ref-type="bibr" rid="B32">32</xref>][<xref ref-type="bibr" rid="B35">35</xref>]. In email triage, brand familiarity and routine exposure may create an “illusion of validity,” encouraging peripheral processing of polished impostors and premature action [<xref ref-type="bibr" rid="B3">3</xref>][<xref ref-type="bibr" rid="B25">25</xref>][<xref ref-type="bibr" rid="B36">36</xref>][<xref ref-type="bibr" rid="B37">37</xref>]. Together, these strands motivate our focus on trainable levers (email comfort, Internet problem-solving, cue knowledge) and routinized safeguards (cue-checking, sanctioned confirmation pathways) as mechanisms for improving confidence and calibration in operational settings, with retrospective detection confidence analyzed as the proximal judgment that links these levers to behavior [<xref ref-type="bibr" rid="B9">9</xref>][<xref ref-type="bibr" rid="B22">22</xref>][<xref ref-type="bibr" rid="B32">32</xref>][<xref ref-type="bibr" rid="B33">33</xref>]. </p>
      </sec>
      <sec id="sec2dot3">
        <title>2.3. Technology Comfort and Cue Knowledge</title>
        <p>In practice, detection improves when users are comfortable with the medium and know exactly what to look for. Consistent with prior work, technology comfort, routine facility with mail clients, and basic web problem-solving matter most when inbox load and time pressure push users toward peripheral judgments [<xref ref-type="bibr" rid="B3">3</xref>][<xref ref-type="bibr" rid="B5">5</xref>][<xref ref-type="bibr" rid="B25">25</xref>]. Simply handling more messages is not protective; higher volume can increase haste and appearance-based responding. What differentiates detectors in operational settings is that comfort translates into habitual indicator inspection before action (sender anomalies, display vs. destination URL, unexpected attachments) rather than relying on visual polish or brand familiarity [<xref ref-type="bibr" rid="B13">13</xref>][<xref ref-type="bibr" rid="B25">25</xref>]. </p>
        <p>Comfort alone is insufficient without cue knowledge. Foundational HCI/IS studies show that small URL/domain manipulations, spoofed sender presentation, and polished brand impersonation reliably elicit compliance unless users actively interrogate indicators [<xref ref-type="bibr" rid="B3">3</xref>][<xref ref-type="bibr" rid="B14">14</xref>][<xref ref-type="bibr" rid="B30">30</xref>]. Eye-tracking and decision-process work further show detectors attend to diagnostic regions (headers, links), while victims overemphasize global appearance—precisely the failure mode attackers design for [<xref ref-type="bibr" rid="B26">26</xref>][<xref ref-type="bibr" rid="B29">29</xref>]. Prior findings also distinguish knowing that “phishing exists” from knowing which cues distinguish legitimate from deceptive messages at decision time; the latter predicts avoidance, the former does not [<xref ref-type="bibr" rid="B13">13</xref>][<xref ref-type="bibr" rid="B19">19</xref>][<xref ref-type="bibr" rid="B25">25</xref>][<xref ref-type="bibr" rid="B27">27</xref>]. </p>
        <p>Tool assistance helps but does not remove the need for internalized schemas. Filters and toolbars reduce some threats, yet are inconsistently heeded and can be bypassed by high-fidelity spoofs, leaving human indicator checking decisive at the moment of choice [<xref ref-type="bibr" rid="B3">3</xref>][<xref ref-type="bibr" rid="B14">14</xref>][<xref ref-type="bibr" rid="B24">24</xref>][<xref ref-type="bibr" rid="B30">30</xref>]. Training that explicitly rehearses cue identification and verification (hover links, inspect headers, and when uncertainty persists, use a sanctioned confirmation path) improves discrimination for many users, though gains decay without reinforcement; critically, some users retain high confidence while misclassifying sophisticated phish, underscoring the need to calibrate confidence, not merely increase it [<xref ref-type="bibr" rid="B7">7</xref>][<xref ref-type="bibr" rid="B8">8</xref>][<xref ref-type="bibr" rid="B22">22</xref>][<xref ref-type="bibr" rid="B24">24</xref>]. </p>
        <p>Consistent with the trusted-path framework described above, two organizational levers are particularly salient: 1) increasing email fluency and web problem-solving capability so that diagnostic indicators are accessed efficiently under workload constraints, and 2) making cue schemas explicit and sufficiently rehearsed to support automatic retrieval at the point of decision. When uncertainty persists, routinized use of sanctioned confirmation channels shifts users away from in-thread replies—an attacker-favored pathway—toward independently sourced verification, a pattern repeatedly observed among detectors in prior work [<xref ref-type="bibr" rid="B13">13</xref>][<xref ref-type="bibr" rid="B22">22</xref>][<xref ref-type="bibr" rid="B23">23</xref>][<xref ref-type="bibr" rid="B25">25</xref>].</p>
      </sec>
      <sec id="sec2dot4">
        <title>2.4. Behavioral Safeguards</title>
        <p>When a suspicious message bypasses technical controls, safer decision pathways involve exiting the attacker-controlled communication thread and returning to an independently authenticated channel. Prior work characterizes initial triage as a deliberate inspection of diagnostic indicators rather than reliance on visual polish or brand familiarity. Diagnostic behaviors documented in the literature include expanding headers, comparing display names to underlying sender addresses, examining display versus destination URLs, and treating unexpected attachments or urgency framing as potential risk signals. Empirical studies show that minor domain manipulations and high-fidelity visual impersonation reliably elicit compliance unless users slow processing and interrogate indicators [<xref ref-type="bibr" rid="B3">3</xref>][<xref ref-type="bibr" rid="B14">14</xref>][<xref ref-type="bibr" rid="B30">30</xref>]. Eye-tracking and decision-process research further demonstrate that detectors allocate attention to diagnostic regions (e.g., headers and links), whereas victims disproportionately attend to global appearance cues [<xref ref-type="bibr" rid="B27">27</xref>][<xref ref-type="bibr" rid="B29">29</xref>]. </p>
        <p>When uncertainty persists, confirmation behavior becomes critical. Research consistently distinguishes in-thread confirmation—replying within the same email chain or clicking embedded links—from independently sourced verification. The latter involves switching media or channel (e.g., opening a ticket, calling a directory-listed extension, or contacting the purported sender through an independently obtained address) and restores what prior models describe as a trusted path [<xref ref-type="bibr" rid="B13">13</xref>]. Within Grazioli’s multi-stage framework, this behavior reflects the hypothesis-testing phase, where outcomes depend on both the quality of evidence sought and the richness of the channel used to obtain it [<xref ref-type="bibr" rid="B27">27</xref>][<xref ref-type="bibr" rid="B28">28</xref>]. </p>
        <p>Effective verification addresses both identity validation and alignment with established organizational processes before the execution of sensitive actions such as credential submission, payment authorization, or data disclosure. Studies indicate that structured indicator inspection combined with out-of-thread confirmation reduces deception success rates, particularly under workload conditions [<xref ref-type="bibr" rid="B12">12</xref>][<xref ref-type="bibr" rid="B27">27</xref>]. Checklist-based reinforcement and embedded cues within mail clients have been shown to improve retrieval of verification steps under time pressure and may mitigate overconfidence effects observed with high-fidelity spoofs [<xref ref-type="bibr" rid="B22">22</xref>][<xref ref-type="bibr" rid="B32">32</xref>]. </p>
        <p>Tool assistance reduces exposure but does not eliminate the need for user judgment. Security toolbars and filters decrease threat prevalence; however, users frequently overlook or discount visual indicators, particularly when message realism is high [<xref ref-type="bibr" rid="B3">3</xref>][<xref ref-type="bibr" rid="B14">14</xref>][<xref ref-type="bibr" rid="B30">30</xref>]. Across studies, detectors consistently combine indicator inspection with sanctioned confirmation channels, whereas victims are more likely to reply in-thread or act without independent verification [<xref ref-type="bibr" rid="B13">13</xref>][<xref ref-type="bibr" rid="B23">23</xref>][<xref ref-type="bibr" rid="B27">27</xref>][<xref ref-type="bibr" rid="B29">29</xref>]. </p>
      </sec>
      <sec id="sec2dot5">
        <title>2.5. Personality Factors</title>
        <p>Personality differences shape how people approach uncertainty and social requests, so it is unsurprising that Big Five traits show modest but systematic associations with phishing judgments [<xref ref-type="bibr" rid="B5">5</xref>][<xref ref-type="bibr" rid="B38">38</xref>]. Conscientiousness and emotional stability are typically linked to more deliberate, cue-analytic processing (checking headers/URLs, pausing under time pressure), whereas agreeableness, extraversion, and openness can, in certain framings, increase willingness to engage or comply (e.g., helpfulness to “urgent” requests, social reciprocity, curiosity to “learn more”) [<xref ref-type="bibr" rid="B5">5</xref>][<xref ref-type="bibr" rid="B38">38</xref>]. These effects are consistently smaller than skill/knowledge effects and can invert when urgency, authority, or workload pushes users toward peripheral processing [<xref ref-type="bibr" rid="B25">25</xref>]. </p>
        <p>These findings align with prior work indicating that personality traits exert smaller and more context-dependent effects on phishing judgments relative to task-relevant skills and knowledge. Emotional stability (low neuroticism) and openness contribute at secondary magnitudes to detection confidence once core, trainable levers—email comfort, perceived Internet proficiency, and Self-Reported Phishing-Cue Knowledge—are included [<xref ref-type="bibr" rid="B22">22</xref>][<xref ref-type="bibr" rid="B25">25</xref>]. Mechanistically, dispositional calm may support hypothesis testing following suspicion activation, whereas openness may either facilitate cue exploration or, under high-fidelity impersonation, increase exploratory interaction when diagnostic schemas are not salient [<xref ref-type="bibr" rid="B13">13</xref>][<xref ref-type="bibr" rid="B25">25</xref>].</p>
        <p>Overall, personality appears to influence processing tendencies under uncertainty but accounts for substantially less variance in detection confidence than capability- and knowledge-based predictors. Consistent with the broader literature, dispositional traits shape how users approach ambiguous requests, whereas fluency and cue knowledge more directly determine confidence judgments in operational email contexts [<xref ref-type="bibr" rid="B5">5</xref>][<xref ref-type="bibr" rid="B25">25</xref>][<xref ref-type="bibr" rid="B38">38</xref>]. </p>
        <p>Ethical considerations also arise when incorporating personality insights into organizational security design. Prior research cautions against profiling or individualized punitive controls and instead emphasizes the importance of universal safeguards that support consistent protective behavior across user types [<xref ref-type="bibr" rid="B13">13</xref>][<xref ref-type="bibr" rid="B22">22</xref>]. In this context, environmental and workflow-based interventions are positioned as structural supports that mitigate dispositional risk without targeting individuals directly. </p>
      </sec>
      <sec id="sec2dot6">
        <title>2.6. Gap and Approach</title>
        <p>Despite extensive work on phishing deception and user decisions, three gaps remain salient. First, most studies emphasize post-exposure susceptibility or printed/lab judgments and give limited attention to the belief state that governs behavior at the moment of choice—retrospective detection confidence (RDC) [<xref ref-type="bibr" rid="B3">3</xref>][<xref ref-type="bibr" rid="B5">5</xref>][<xref ref-type="bibr" rid="B32">32</xref>]. Related streams document cue effects and dual-process dynamics but typically stop short of modeling confidence as the proximal mechanism that determines whether users slow down, interrogate indicators, or seek confirmation [<xref ref-type="bibr" rid="B25">25</xref>]-[<xref ref-type="bibr" rid="B27">27</xref>]. Second, confirmation behavior is often discussed qualitatively but rarely operationalized as a measurable safeguard (channel choice/time-to-verification) in concert with cue use; yet detectors in field contexts reliably exit the attacker’s lane and switch media when uncertain [<xref ref-type="bibr" rid="B13">13</xref>][<xref ref-type="bibr" rid="B22">22</xref>][<xref ref-type="bibr" rid="B27">27</xref>]. Third, many findings derive from student or convenience samples and single-cue or single-principle stimuli, limiting external validity for enterprise inboxes where workload, polished impersonation, and organizational workflow shape decisions [<xref ref-type="bibr" rid="B3">3</xref>][<xref ref-type="bibr" rid="B22">22</xref>]. </p>
        <p>This study addresses these gaps directly. Detection confidence is treated as a task-focused belief state aligned with self-efficacy and is modeled as the proximal driver of triage behavior under routine constraints (load, deadlines, social pressure) [<xref ref-type="bibr" rid="B6">6</xref>]-[<xref ref-type="bibr" rid="B8">8</xref>][<xref ref-type="bibr" rid="B32">32</xref>]. Cue knowledge is paired with routinized behavioral safeguards by measuring both indicators use (e.g., header and URL checks) and sanctioned confirmation channel use, linking them to confidence rather than only to accuracy [<xref ref-type="bibr" rid="B13">13</xref>][<xref ref-type="bibr" rid="B22">22</xref>][<xref ref-type="bibr" rid="B27">27</xref>]. To strengthen ecological validity, the sample comprises a professional U.S. defense-industry cohort (N = 97) whose daily work involves high-stakes communications and mandatory training, rather than lab volunteers evaluating static printouts [<xref ref-type="bibr" rid="B1">1</xref>]-[<xref ref-type="bibr" rid="B3">3</xref>]. </p>
        <p>The predictor set is compact and explicitly trainable: technology comfort (email comfort, perceived Internet proficiency), Self-Reported Phishing-Cue Knowled ge, cue-checking frequency, sanctioned confirmation use, and Big Five traits as secondary dispositions [<xref ref-type="bibr" rid="B5">5</xref>][<xref ref-type="bibr" rid="B13">13</xref>][<xref ref-type="bibr" rid="B22">22</xref>][<xref ref-type="bibr" rid="B25">25</xref>][<xref ref-type="bibr" rid="B39">39</xref>]. Standardized OLS models with block entry (first skills and knowledge, then behaviors, then personality) are estimated; multicollinearity checks and robustness diagnostics are reported, and interpretation emphasizes rank-ordered contributions to confidence rather than omnibus fit alone [<xref ref-type="bibr" rid="B9">9</xref>]. The design maps cleanly to enterprise levers (training content, workflow nudges, tool cues) and avoids over-reliance on demographic moderators not used in the models. </p>
        <p>Conceptually, the paper advances a confidence-mediated account of phishing decisions that integrates cue schemas and confirmation behavior within established deception models [<xref ref-type="bibr" rid="B22">22</xref>][<xref ref-type="bibr" rid="B25">25</xref>][<xref ref-type="bibr" rid="B27">27</xref>]. Practically, it delivers a prioritized, actionable set of drivers—email fluency, Internet problem-solving, and cue knowledge—that explains the bulk of variance in detection confidence, with personality playing a smaller role. Program guidance follows directly: teach indicators, rehearse out-of-thread verification, and instrument workflows to make the safer action the easier action in real inboxes [<xref ref-type="bibr" rid="B13">13</xref>][<xref ref-type="bibr" rid="B22">22</xref>][<xref ref-type="bibr" rid="B30">30</xref>]. </p>
      </sec>
    </sec>
    <sec id="sec3">
      <title>3. Methods</title>
      <sec id="sec3dot1">
        <title>3.1. Participants and Context</title>
        <p>The sample comprised N = 97 full-time employees of a U.S. Department of Defense (DoD) contractor drawn from the firm’s Lynchburg, Virginia division. This unit is predominantly technical: respondents included engineers and systems architects from associate through senior levels whose daily work involves high-stakes communication, change control, and adherence to formal security workflows. The organization conducts periodic phishing simulations and mandatory cybersecurity training; recruitment for the present study followed immediately after one such simulation featuring an authority-themed ACH/EFT direct-deposit confirmation email. Positioning the survey at this moment ensured that judgments referenced a concrete, recent inbox event rather than abstract scenarios, improving ecological validity relative to typical student/convenience samples reported in the literature [<xref ref-type="bibr" rid="B1">1</xref>]-[<xref ref-type="bibr" rid="B3">3</xref>][<xref ref-type="bibr" rid="B13">13</xref>][<xref ref-type="bibr" rid="B25">25</xref>]. Data were collected online in Summer 2022. Participation was voluntary and anonymous, and all outreach occurred after the employer’s exercise concluded to minimize any perception of employment pressure. While access relied on convenience sampling, the professional, technical cohort aligns the study context with enterprise environments emphasized by organizational reporting and usable-security research [<xref ref-type="bibr" rid="B1">1</xref>]-[<xref ref-type="bibr" rid="B3">3</xref>][<xref ref-type="bibr" rid="B13">13</xref>][<xref ref-type="bibr" rid="B22">22</xref>][<xref ref-type="bibr" rid="B25">25</xref>].</p>
        <p>Sampling Transparency. The survey was distributed to 114 engineering employees within the selected division. Of these, 98 agreed to participate (85.96% response rate), and 97 completed responses were retained for analysis. Participation was voluntary and anonymous. Inclusion criteria consisted of full-time employees within the targeted engineering division; employees under the age of 18 were excluded. A convenience sampling approach was used due to the researcher’s access to the organization. Only completed surveys were included in the final analytic dataset; no imputation procedures were applied. </p>
      </sec>
      <sec id="sec3dot2">
        <title>3.2. Measures</title>
        <p>All measures were administered online using 5-point Likert-type scales unless noted. Items were written in plain, work-proximal language and anchored to email triage or web problem-solving to maximize face validity for a professional audience. Multi-item indices were computed as means so higher scores reflect “more” of the construct. Scale quality met accepted standards for social-science work: the administered battery yielded post hoc <italic>α</italic> = 0.753, and construct-level reliability for composites is reported with descriptives in <bold>Table 1</bold> [<xref ref-type="bibr" rid="B31">31</xref>][<xref ref-type="bibr" rid="B39">39</xref>]. </p>
        <p>Outcome (Retrospective Detection Confidence; Frame Variants). The primary outcome was retrospective detection confidence (RDC), defined as respondents’ judgmental confidence regarding phishing-detection decisions. RDC was operationalized in four analytic “frames” to distinguish stimulus-anchored confidence from generalized detection confidence. The Specific Email frame (stimulus-anchored RDC) was computed as the mean of four items (Q26, Q28, Q29, Q31; 1 - 5 scale) referencing the embedded organizational phishing simulation email (e.g., “Upon receiving the email below, I was confident in my decision process”). This four-item composite demonstrated acceptable internal consistency (<italic>α</italic> = 0.753). </p>
        <p>In addition, three single-item generalized confidence indicators were analyzed separately: confidence detecting phishing emails, confidence detecting deceitful emails, and confidence detecting cybercrime-related emails (each 1 - 5 scale). These items were modeled independently and are referred to as the Phishing, Deceitful, and Cybercrime frames in the Results. For multi-item composites, scores were computed as arithmetic means. Higher values reflect greater retrospective detection confidence. No reverse coding was required. </p>
        <p>Primary trainable predictors (skills and knowledge). Consistent with the study’s emphasis on actionable levers, we captured 1) Email Comfort via a single face-valid item (“I am comfortable using email,” Q30; 1 - 5); 2) Perceived Internet Proficiency (“How proficient are you at using the internet?” Q14; 1 - 5); 3) Self-Reported Phishing-Cue Knowledge (“I am knowledgeable about phishing emails,” Q15; 1 - 5); and 4) Cue-Checking Frequency (“I inspect emails for phishing cues…,” Q25; 1 - 5, from All the time to Never). The cue knowledge item reflects perceived knowledge of diagnostic phishing indicators rather than objective performance on cue-identification tasks. Together, these variables operationalize self-perceived capability and routine behaviors commonly associated with analytic processing and accurate discrimination in prior work [<xref ref-type="bibr" rid="B3">3</xref>][<xref ref-type="bibr" rid="B5">5</xref>][<xref ref-type="bibr" rid="B7">7</xref>][<xref ref-type="bibr" rid="B8">8</xref>][<xref ref-type="bibr" rid="B14">14</xref>][<xref ref-type="bibr" rid="B25">25</xref>][<xref ref-type="bibr" rid="B30">30</xref>]. </p>
        <p>Behavioral safeguards (confirmation). To index routinized verification, the survey assessed the likelihood of using sanctioned confirmation channels when uncertain (“How likely are you to ask someone for their opinion…,” Q21; 1 - 5), followed by channel selection (face-to-face, telephone, IM, email; Q22), confidence in the consulted party (Q23), and influence on the final decision (Q24). The likelihood item (Q21) captures the stated intent to use a sanctioned confirmation channel. However, the primary safeguard predictor entered in the main models is Q24 (“The consulted opinion impacted my decision”), as it reflects enacted confirmation influence rather than stated likelihood. Channel-selection details (Q22 - Q23) support descriptives and robustness checks consistent with confirmation constructs in Grazioli and Alseadoon [<xref ref-type="bibr" rid="B13">13</xref>][<xref ref-type="bibr" rid="B23">23</xref>][<xref ref-type="bibr" rid="B27">27</xref>][<xref ref-type="bibr" rid="B28">28</xref>]. </p>
        <p>Personality (dispositional controls). Given modest but reliable links between disposition and phishing responses, we included single-item Big Five indicators adapted for brevity in an enterprise setting: Emotional Stability (“I remain calm in stressful situations,” Q1), Agreeableness (Q2), Extraversion (Q3), Openness (Q4), and Conscientiousness (Q5), each on 1 - 5 scales [<xref ref-type="bibr" rid="B5">5</xref>][<xref ref-type="bibr" rid="B25">25</xref>][<xref ref-type="bibr" rid="B39">39</xref>][<xref ref-type="bibr" rid="B40">40</xref>]. Personality is modeled as secondary to trainable skills/knowledge but provides controls for cautiousness versus engagement tendencies. </p>
        <p>Experience and exposure (contextual controls). Contextual variables recorded years of email use (Q7), email load as typical daily volume (Q9), years of internet experience (Q13), and years of work experience (Q16), all in ordered categories. To represent training/priming, we captured counts of social-engineering, cybersecurity, and phishing-specific trainings (Q6, Q10, Q11; 1 - 5 each) plus training frequency (Q12). The three count items are averaged into a Training Volume index used in robustness checks and descriptives [<xref ref-type="bibr" rid="B7">7</xref>][<xref ref-type="bibr" rid="B8">8</xref>][<xref ref-type="bibr" rid="B17">17</xref>][<xref ref-type="bibr" rid="B22">22</xref>]. Prior exposure was measured with self-victimization frequency (Q17) and social exposure (Q18 - Q19), given evidence that such experiences shift cue attention and confidence calibration [<xref ref-type="bibr" rid="B22">22</xref>][<xref ref-type="bibr" rid="B25">25</xref>][<xref ref-type="bibr" rid="B32">32</xref>]. </p>
        <p>Cue-process indicators (SRQ2). Finally, to characterize the immediate decision process for the embedded stimulus, respondents indicated which elements they checked (sender address, subject, body, hyperlink, none; Q32), the order of inspection (Q33), and the action after the first check (inspect more, delete, ignore, report, respond; Q34). These items map onto activation towards hypothesis generation/testing sequences emphasized in deception models and email-specific adaptations [<xref ref-type="bibr" rid="B22">22</xref>][<xref ref-type="bibr" rid="B27">27</xref>][<xref ref-type="bibr" rid="B28">28</xref>]. For parsimony in the main OLS models, cue-checking frequency (Q25) is the process variable entered; SRQ2 items inform process descriptives and sensitivity analyses. </p>
        <p>Because cue knowledge was measured via self-assessment rather than objective cue-identification testing, estimates may reflect perceived competence rather than demonstrated discrimination accuracy. Self-reported capability measures are subject to common-method variance and potential overconfidence bias, particularly in security contexts where respondents may overestimate their detection skills [<xref ref-type="bibr" rid="B32">32</xref>][<xref ref-type="bibr" rid="B34">34</xref>]. Accordingly, findings should be interpreted as associations between perceived cue knowledge and confidence rather than objective performance. </p>
        <p>Scoring and Coding. All Likert-type items were coded on 1 - 5 scales. For most constructs, higher values reflect greater levels of the construct, including greater email comfort, greater cue-checking frequency, and greater retrospective detection confidence. Interpretation of descriptive statistics and model coefficients follows this general directionality unless otherwise noted. </p>
        <p>Perceived Internet Proficiency (Q14) was coded 1 = Very proficient to 5 = Very un-proficient; therefore, lower numeric values indicate higher proficiency. Cue-Checking Frequency (Q25) was coded 1 = All the time to 5 = Never, such that lower values represent more frequent cue inspection. Confirmation Likelihood (Q21) was coded 1 = Very likely to 5 = Very unlikely, meaning lower values reflect a greater likelihood of using a sanctioned confirmation channel. Correlation signs and regression coefficients reflect these coding directions. </p>
        <p>Multi-item composites, including the stimulus-anchored RDC and Training Volume indices, were computed as arithmetic means of their constituent items. No items were reverse scored. Internal consistency estimates and zero-order intercorrelations are reported in <bold>Table 1</bold>. The modeling strategy (standardized OLS with block entry; multicollinearity and robustness checks) is described in Section 3.4 and implemented in Results [<xref ref-type="bibr" rid="B5">5</xref>][<xref ref-type="bibr" rid="B9">9</xref>][<xref ref-type="bibr" rid="B25">25</xref>][<xref ref-type="bibr" rid="B32">32</xref>]. </p>
      </sec>
      <sec id="sec3dot3">
        <title>3.3. Procedures</title>
        <p>Data collection was conducted in Summer 2022 via a short online survey administered a few days after the organization’s routine phishing simulation concluded. This timing anchored respondents’ judgments in a realistic, recent inbox event while clearly separating the research from the employer’s internal exercise to avoid any perception of required participation. The email invitation described the study purpose and linked to an information/consent page outlining risks, benefits, voluntariness, and data handling; only after affirmative consent could participants proceed. </p>
        <p>The instrument followed a fixed sequence to minimize construct carryover: user characteristics and experience (email, Internet, work), training/priming (counts and frequency), self-reported phishing-cue knowledge and cue-checking frequency, likelihood of using sanctioned confirmation channels with brief follow-ups on channel type and influence, personality indicators, and finally the retrospective detection confidence items anchored to the organization’s example email. Items used neutral wording and concrete examples to reduce demand characteristics; the embedded email served solely as a shared reference point for the confidence judgments. </p>
        <p>Participation was voluntary and uncompensated. The survey platform limited responses to one per participant, captured no personally identifying information, and did not retain IP addresses or device fingerprints. Responses were automatically coded and exported to an analysis dataset with anonymous case identifiers. Raw data access was restricted to the research team; de-identified data are stored on encrypted media with access controls and are retained for at least five years under institutional policy. The study protocol received ethics approval from the New Jersey City University Institutional Review Board, and all procedures conformed to applicable human-subjects protections. </p>
      </sec>
      <sec id="sec3dot4">
        <title>3.4. Analysis Plan</title>
        <p>Analyses were pre-specified to estimate the unique contribution of actionable factors to retrospective detection confidence (RDC) and to present effect sizes on a common scale. Ordinary least squares models were estimated with standardized coefficients so that magnitudes are directly comparable across predictors. Predictors were block-entered to reflect the theoretical ordering used throughout this work and the practical emphasis on trainable levers: Block 1 included skills/knowledge variables (Email Comfort, Perceived Internet Proficiency, Self-Reported Phishing-Cue Knowledge, Cue-Checking Frequency); Block 2 added the behavioral safeguard, operationalized as confirmation influence (Q24: “the consulted opinion impacted my decision”), reflecting enacted confirmation rather than stated likelihood; Block 3 added dispositional controls (single-item Big Five indicators). Contextual covariates (years of email use, daily email volume, years of Internet use, years of work experience) and a Training Volume index (mean of social engineering, cybersecurity, and phishing-specific training counts) were summarized descriptively and then introduced in robustness specifications to verify that the rank ordering of the core effects was not an artifact of omitted experience or training variance. </p>
        <p>Composite scores were computed as means of their constituent items (e.g., RDC from Q26, Q28, Q29, Q31). Unless otherwise noted, higher scores reflect more of the construct. Descriptive statistics (means and standard deviations), internal consistency for multi-item composites (post hoc <italic>α</italic> = 0.753), and zero-order correlations are reported with the Results to provide a transparent view of scale quality and associations prior to modeling. </p>
        <p>Model diagnostics were conducted for every specification. Multicollinearity was assessed via variance inflation factors (target VIF &lt; 5), with condition indices inspected when VIFs approached common thresholds. Residual diagnostics included component-plus-residual plots for linearity and additivity, Q-Q plots for normality, and Breusch–Pagan/White tests for heteroskedasticity. Where heteroskedasticity was indicated, heteroskedasticity-consistent standard errors (HC3) were reported without altering point estimates. Influence and stability were evaluated using leverage, studentized residuals, and Cook’s distance; sensitivity analyses re-estimated models after excluding any cases exceeding conventional influence cutoffs to confirm that substantive conclusions were unchanged. </p>
        <p>Because item-level missingness was minimal, listwise deletion was used for the main models. A sensitivity check using mean-imputed composites produced substantively identical results and is omitted for brevity. Additional sensitivity analyses 1) dichotomized the confirmation likelihood at “Likely/Very likely” and re-estimated the Block 2 effect, and 2) added the Training Volume index and contextual covariates as a final block; in both cases, the ordering and interpretation of the core skills/knowledge and safeguard effects remained stable. </p>
        <p>Main findings are presented as standardized coefficients with 95% confidence intervals. Complete item wording, coding rules, alternative model specifications (e.g., training-volume substitutions, exclusion of single-item predictors), and full coefficient tables with diagnostics are available from the authors upon reasonable request. This completes the Method. The next section proceeds to the empirical results, first the descriptives and reliability, then the block-entered OLS models and robustness checks, followed by a Discussion that interprets the rank-ordered predictors for theory and program design. </p>
      </sec>
    </sec>
    <sec id="sec4">
      <title>4. Results</title>
      <p>RDC was computed as a four-item mean composite and showed acceptable internal consistency (<italic>α</italic> = 0.753; <bold>Table 1</bold>). Descriptively, the sample reported high email comfort (M ≈ 1.4) and high perceived Internet proficiency (M ≈ 1.5), alongside frequent cue inspection (M ≈ 1.54). Zero-order associations with RDC concentrated in three trainable factors (<bold>Table 1</bold>): Email Comfort correlated positively across frames (r ≈ 0.38 - 0.50); Perceived Internet Proficiency tracked with RDC (scale coded 1 = very proficient to 5 = very un-proficient; r ≈ −0.40 for the single-stimulus frame and ≈ 0.41 - 0.49 in the other frames as reported); and Self-Reported Phishing-Cue Knowledge showed the largest positive bivariate relations for phishing, deceitful email, and cybercrime (r ≈ 0.60, 0.50, 0.55). Cue-checking frequency was small and frame-dependent (n.s. for the single-stimulus frame; r ≈ 0.21 - 0.24 otherwise). Confirmation items were weakly positive in bivariate terms, with “the consulted opinion impacted my decision” the strongest of the three (r ≈ 0.22 - 0.36). Personality indicators were secondary: Emotional Stability and Openness correlated weakly and positively with RDC; Extraversion showed a single positive relation in the specific-email frame; Agreeableness and Conscientiousness were near zero. Years-based experience measures (email, Internet, work) were negligible or inconsistent. </p>
      <p><bold>Table 1.</bold>Descriptives, reliability, and zero-order correlations with RDC (by frame).</p>
      <table-wrap id="tbl1">
        <label>Table 1</label>
        <table>
          <tbody>
            <tr>
              <td>Measure</td>
              <td>Mean</td>
              <td>
                <italic>α</italic>
                /Items
              </td>
              <td>r (RDC: Specific Email)</td>
              <td>r (RDC: Phishing)</td>
              <td>r (RDC: Deceitful)</td>
              <td>r (RDC: Cybercrime)</td>
            </tr>
            <tr>
              <td>Retrospective Detection Confidence (RDC)</td>
              <td>1.90</td>
              <td>
                <italic>α</italic>
                = 0.753/4
              </td>
              <td>
              </td>
              <td>
              </td>
              <td>
              </td>
              <td>
              </td>
            </tr>
            <tr>
              <td>Email Comfort</td>
              <td>1.40</td>
              <td>—</td>
              <td>0.384</td>
              <td>0.487</td>
              <td>0.493</td>
              <td>0.498</td>
            </tr>
            <tr>
              <td>Perceived Internet Proficiency*</td>
              <td>1.50</td>
              <td>—</td>
              <td>−0.404</td>
              <td>0.485</td>
              <td>0.460</td>
              <td>0.411</td>
            </tr>
            <tr>
              <td>Self-Reported Phishing-Cue Knowledge</td>
              <td>—</td>
              <td>—</td>
              <td>—</td>
              <td>0.600</td>
              <td>0.496</td>
              <td>0.547</td>
            </tr>
            <tr>
              <td>Cue-Checking Frequency</td>
              <td>1.54</td>
              <td>—</td>
              <td>n.s.</td>
              <td>0.210</td>
              <td>n.s.</td>
              <td>0.238</td>
            </tr>
            <tr>
              <td>Confirmation: Opinion Impacted Decision</td>
              <td>2.10</td>
              <td>—</td>
              <td>0.358</td>
              <td>0.220</td>
              <td>0.216</td>
              <td>0.357</td>
            </tr>
            <tr>
              <td>Personality: Emotional Stability</td>
              <td>—</td>
              <td>—</td>
              <td>—</td>
              <td>0.348</td>
              <td>0.288</td>
              <td>0.319</td>
            </tr>
            <tr>
              <td>Personality: Openness</td>
              <td>—</td>
              <td>—</td>
              <td>—</td>
              <td>0.221</td>
              <td>0.227</td>
              <td>0.313</td>
            </tr>
            <tr>
              <td>Personality: Extraversion</td>
              <td>—</td>
              <td>—</td>
              <td>0.246</td>
              <td>—</td>
              <td>—</td>
              <td>—</td>
            </tr>
            <tr>
              <td>Personality: Agreeableness</td>
              <td>—</td>
              <td>—</td>
              <td>—</td>
              <td>—</td>
              <td>—</td>
              <td>0.194</td>
            </tr>
          </tbody>
        </table>
      </table-wrap>
      <p>Notes. SD intentionally omitted to keep the main table compact; <italic>α</italic> shown for RDC composite (<italic>α</italic> = 0.753). Perceived Internet Proficiency coded 1 = very proficient to 5 = very unproficient; signs reflect coding. Detailed descriptives and diagnostics are available from the authors upon request. </p>
      <p>Block-entered OLS models quantified unique contributions by predictor family (<bold>Table 2</bold>). In the skills/knowledge block, Email Comfort was a consistent, sizeable positive predictor: specific email <italic>β</italic> ≈ 0.677, phishing <italic>β</italic> ≈ 0.782, deceitful <italic>β</italic> ≈ 0.676, cybercrime <italic>β</italic> ≈ 0.899. Perceived Internet Proficiency showed similarly robust positive effects across frames (<italic>β</italic> ≈ 0.530, 0.596, 0.514, 0.507). Self-Reported Phishing-Cue Knowledge, operationalized within the priming family, was the dominant content variable for phishing, deceitful email, and cybercrime (<italic>β</italic> ≈ 0.653, 0.512, 0.659). Cue-checking frequency contributed small, frame-specific increments (n.s. for the single-stimulus frame; phishing <italic>β</italic> ≈ 0.217; deceitful n.s.; cybercrime <italic>β</italic> ≈ 0.247). In the behavioral-safeguard family, only “the consulted opinion impacted my decision” reached significance, and only for the specific-email frame (<italic>β</italic> ≈ 0.426); confirmation was n.s. elsewhere. Within personality, Emotional Stability and Openness produced small positive coefficients in several specifications (e.g., deceitful and cybercrime for Emotional Stability; phishing and cybercrime for Openness). Extraversion was isolated to the specific-email frame, and Agreeableness/Conscientiousness remained near zero. Model fit was low to moderate and aligned with expectations about proximal, trainable determinants of confidence: personality-only R<sup>2</sup> ≈ 0.084/0.168/0.123/0.204; email-experience R<sup>2</sup> ≈ 0.160/0.249/ 0.294/0.263; Internet-experience R<sup>2</sup> ≈ 0.165/0.257/0.218/0.183; priming (including cue knowledge) R<sup>2</sup> ≈ 0.091/0.367/0.280/0.323; confirmation R<sup>2</sup> ≈ 0.151/0.081/ 0.115/0.166; cues R<sup>2</sup> ≈ 0.015/0.044/0.018/0.057 (see <bold>Table 2</bold> for the consolidated summary; full coefficient matrices and diagnostics are available from the authors upon request). </p>
      <p><bold>Table 2.</bold>Consolidated OLS summary by predictor family (coefficients as reported; frame: Specific/Phishing/Deceitful/Cybercrime).</p>
      <table-wrap id="tbl2">
        <label>Table 2</label>
        <table>
          <tbody>
            <tr>
              <td>Predictor Family/Term</td>
              <td>Coeff. (Specific)</td>
              <td>Coeff. (Phishing)</td>
              <td>Coeff. (Deceitful)</td>
              <td>Coeff. (Cybercrime)</td>
            </tr>
            <tr>
              <td>Skills &amp; Knowledge → Email Comfort</td>
              <td>0.677 (p &lt; 0.001)</td>
              <td>0.782 (p &lt; 0.001)</td>
              <td>0.676 (p &lt; 0.001)</td>
              <td>0.899 (p &lt; 0.001)</td>
            </tr>
            <tr>
              <td>Skills &amp; Knowledge → Perceived Internet Proficiency</td>
              <td>0.530 (p &lt; 0.001)</td>
              <td>0.596 (p &lt; 0.001)</td>
              <td>0.514 (p &lt; 0.001)</td>
              <td>0.507 (p &lt; 0.001)</td>
            </tr>
            <tr>
              <td>Skills &amp; Knowledge → Self-Reported Phishing-Cue Knowledge</td>
              <td>—</td>
              <td>0.653 (p &lt; 0.001)</td>
              <td>0.512 (p &lt; 0.001)</td>
              <td>0.659 (p &lt; 0.001)</td>
            </tr>
            <tr>
              <td>Skills &amp; Knowledge → Cue-Checking Frequency</td>
              <td>n.s.</td>
              <td>0.217 (p = 0.040)</td>
              <td>n.s.</td>
              <td>0.247 (p = 0.020)</td>
            </tr>
            <tr>
              <td>Behavioral Safeguard → Confirmation: Opinion Impacted Decision</td>
              <td>0.426 (p = 0.023)</td>
              <td>n.s.</td>
              <td>n.s.</td>
              <td>n.s.</td>
            </tr>
            <tr>
              <td>Personality → Emotional Stability</td>
              <td>n.s.</td>
              <td>n.s.</td>
              <td>0.231 (p = 0.018)</td>
              <td>0.238 (p = 0.001)</td>
            </tr>
            <tr>
              <td>Personality → Openness</td>
              <td>n.s.</td>
              <td>0.267 (p = 0.048)</td>
              <td>n.s.</td>
              <td>0.379 (p = 0.001)</td>
            </tr>
            <tr>
              <td>Personality → Extraversion</td>
              <td>0.266 (p = 0.025)</td>
              <td>n.s.</td>
              <td>n.s.</td>
              <td>n.s.</td>
            </tr>
            <tr>
              <td>Personality → Agreeableness/Conscientiousness</td>
              <td>n.s.</td>
              <td>n.s.</td>
              <td>n.s.</td>
              <td>n.s.</td>
            </tr>
            <tr>
              <td>
                Model R
                <sup>2</sup>
                → Personality block
              </td>
              <td>0.084</td>
              <td>0.168</td>
              <td>0.123</td>
              <td>0.204</td>
            </tr>
            <tr>
              <td>
                Model R
                <sup>2</sup>
                → Email experience block
              </td>
              <td>0.160</td>
              <td>0.249</td>
              <td>0.294</td>
              <td>0.263</td>
            </tr>
            <tr>
              <td>
                Model R
                <sup>2</sup>
                → Internet experience block
              </td>
              <td>0.165</td>
              <td>0.257</td>
              <td>0.218</td>
              <td>0.183</td>
            </tr>
            <tr>
              <td>
                Model R
                <sup>2</sup>
                → Confirmation block
              </td>
              <td>0.151</td>
              <td>0.081</td>
              <td>0.115</td>
              <td>0.166</td>
            </tr>
            <tr>
              <td>
                Model R
                <sup>2</sup>
                → Priming (incl. Cue Knowledge)
              </td>
              <td>—</td>
              <td>0.367</td>
              <td>0.280</td>
              <td>0.323</td>
            </tr>
          </tbody>
        </table>
      </table-wrap>
      <p>Notes. Entries reproduce coefficients/R<sup>2</sup> already reported in Chapter 4. Cells marked “—” indicate not estimated in that frame. Full coefficient matrices and diagnostics are available from the authors upon request. </p>
      <p>Robustness checks supported these conclusions. Multicollinearity was acceptable (typical VIFs ≈ 1.0 - 2.0; all &lt;5), and Email Comfort and Perceived Internet Proficiency were empirically separable despite conceptual proximity. Alternative coding (e.g., dichotomizing confirmation as Likely/Very likely vs. other) did not change interpretation. Adding contextual covariates (years of email use, daily email volume, years of Internet use, years of work experience) and a Training-Volume index left the signs and relative magnitudes of the core skills/knowledge effects intact; in contrast, generic training volume was weakly or negatively related to RDC in bivariate views while cue knowledge remained positive. Assumption checks (linearity/additivity via component-plus-residuals; normality via Q-Q) were acceptable; HC3 standard errors addressed occasional heteroskedasticity without affecting point estimates. Influence statistics (leverage, studentized residuals, Cook’s distance) revealed no cases that altered inference; exclusions beyond conventional thresholds left magnitudes and signs stable. Missingness was minimal; mean-imputed composites reproduced listwise-deletion results; detailed diagnostics are available from the authors upon request. </p>
      <p>Substantively, RDC is primarily a function of trainable capability and knowledge rather than tenure or disposition. Email fluency and general Internet problem-solving, together with explicit knowledge of diagnostic phishing cues, account for most of the predictable variance; habitual cue-checking adds a smaller, frame-specific increment; sanctioned confirmation appears behaviorally protective but is not a strong determinant of reported confidence; personality contributes only secondary variance. These results justify programs that prioritize hands-on practice to increase email fluency and web problem-solving, explicit instruction and rehearsal of cue schemas, and low-friction out-of-thread confirmation pathways, while de-emphasizing years-based tenure as a proxy for confidence-relevant skill. </p>
    </sec>
    <sec id="sec5">
      <title>5. Discussion and Implications</title>
      <p>The core finding is that retrospective detection confidence (RDC) is chiefly a function of trainable capability and knowledge rather than tenure or broad exposure. Mathematically, this is evidenced by large, standardized coefficients (<italic>β</italic>) for three predictors across frames: Email Comfort, Perceived Internet Proficiency, and Self-Reported Phishing-Cue Knowledge, with <italic>β</italic> estimates commonly in the 0.50 - 0.90 range (<bold>Table 2</bold>) and correspondingly moderate R<sup>2</sup> at the family level (<bold>Table 2</bold>) despite parsimonious models. These results indicate that detection confidence is most strongly associated with fluency in email tools, perceived Internet problem-solving capability, and explicit knowledge of diagnostic phishing cues. The pattern suggests that transferable skill and cue-schema mastery, rather than accumulated tenure, are the primary determinants of confidence in operational phishing judgments. </p>
      <p>The skills/knowledge block consistently dominated. For example, Email Comfort and Internet Proficiency produce <italic>β</italic>’s that would be interpreted as large effects in social science conventions (|<italic>β</italic>| ≳ 0.50), meaning a one-SD increase in these variables is associated with roughly half to nearly one SD increase in RDC, holding other variables constant. Self-Reported Phishing-Cue Knowledge contributes moderate, positive coefficients across multi-item frames, confirming that explicit cue schemas carry incremental explanatory power beyond general comfort/proficiency. Operational fluency with email clients and general web problem-solving proficiency account for substantial variance in detection confidence. Explicit knowledge of phishing indicators, such as sender/address alignment, link target versus display text discrepancies, and attachment expectations, provides additional, reliable explanatory power beyond general technical comfort. </p>
      <p>Cue-checking frequency exhibits small, frame-dependent standardized effects (<italic>β</italic> ≈ 0.20 - 0.25 when significant). Although routine inspection contributes incrementally to confidence, its magnitude is substantially lower than that of skill- and knowledge-based predictors. Sanctioned confirmation behavior demonstrates limited independent association with retrospective detection confidence once core capability variables are included, reaching statistical significance in only the stimulus-specific frame. These findings suggest that confirmation operates primarily as a behavioral safeguard rather than as a determinant of confidence per se. </p>
      <p>Personality indicators explain secondary variance. Emotional Stability and Openness show small positive <italic>β</italic>’s in several frames; Extraversion appears once; Agreeableness/Conscientiousness hover near zero. In variance terms, personality-only models yield low R<sup>2</sup> (≈0.08 - 0.20), far less than blocks that include skill/knowledge. Personality traits exert modest and context-dependent effects on detection confidence; however, capability-based predictors account for substantially greater variance in reported confidence levels. Finally, tenure proxies, years of email/Internet/work, are negligible or inconsistent. Statistically, their <italic>β</italic>’s are near zero and frequently non-significant; practically, counting years is a poor proxy for the capabilities that drive confidence. </p>
      <p>These patterns hold under robustness checks. Multicollinearity is modest (VIFs &lt; 5), indicating that Email Comfort and Internet Proficiency, though conceptually related, are empirically separable; heteroskedasticity-robust (HC3) errors do not alter point estimates; influence diagnostics show no leverage points that change inference; alternative codings of confirmation and the addition of contextual covariates leave signs and magnitudes essentially unchanged. The relative ordering of predictors remains stable across alternative model specifications, robustness checks, and diagnostic adjustments, indicating that the observed effects are not artifacts of estimation procedures. </p>
      <p>Programmatically, the implications are direct. First, train to fluency: brief, hands-on repetitions in the actual mail client and browser, hover, expand headers, compare sender identity to address, and evaluate link targets, shift the constructs that mathematically move confidence the most. Second, rehearse explicit cue schemas so they are retrieved under load; treating “cue knowledge” as a practiced checklist aligns with the moderate <italic>β</italic>’s observed for Self-Reported Phishing-Cue Knowledge. Third, instrument low-friction confirmation for when cues conflict, one-click ticketing, no-reply banners, directory lookups, but recognize that this chiefly improves behavioral safety rather than raw confidence. Fourth, de-emphasize generic training volume and years-based metrics as KPIs for confidence; the math shows they do not predict RDC once fluency and cue schemas are accounted for. Finally, monitor calibration: track time-to-verification and channel choice alongside accuracy to identify pockets of high confidence/low discrimination, a risk pattern consistent with the literature and implied by our ordering effect. </p>
    </sec>
    <sec id="sec6">
      <title>6. Limitations and Future Work</title>
      <p>This study has several limitations that bound inference and generalizability. First, the sample comprises a single-site, professional cohort of DoD engineers (N = 97) responding to an authority-framed stimulus; both the organizational context and persuasion principle may constrain external validity to other sectors, roles, or attack framings. Second, several constructs relied on single-item indicators for field feasibility, which caps reliability and likely attenuates true effects; although internal consistency for the RDC composite was acceptable (<italic>α</italic> = 0.753), measurement error in predictors probably biases coefficients toward zero, a pattern consistent with established psychometric and attenuation principles in scale development research [<xref ref-type="bibr" rid="B41">41</xref>][<xref ref-type="bibr" rid="B42">42</xref>]. Third, the design is cross-sectional and retrospective, introducing potential recall bias, social desirability, and common-method variance; despite robustness checks, causal direction cannot be asserted. Fourth, mandatory security training and engineering workload may induce range restriction (e.g., uniformly high fluency), suppressing variance in key predictors and limiting detection of moderation by workload or role. Fifth, nonresponse and survivorship effects are possible (e.g., security-engaged employees may have been more likely to participate), and demographic covariates were unavailable due to HR constraints, limiting subgroup analyses. Sixth, although the study models predictors of retrospective detection confidence (RDC), it does not directly link RDC to observed behavioral outcomes within the same dataset. While process indicators were collected, the present analysis focuses on confidence as a proximal belief state rather than on click, reply, or verification outcomes. As such, conclusions pertain to determinants of confidence rather than demonstrated behavioral protection or calibration. </p>
      <p>Future work should directly link confidence to behavior, pair RDC with telemetry from phishing simulations (click/reply outcomes, time-to-verification, channel choice), and quantify calibration using over/under-confidence indices, Brier scores, and signal-detection measures (d′, c) to identify when confidence is protective versus risky. Causal tests should isolate the top levers via randomized interventions that independently manipulate email-fluency drills, cue-schema rehearsal, and confirmation UX (such as no-reply to banners and one-click ticketing), estimating pre/post changes in standardized coefficients and model fit, with heterogeneity-of-treatment-effect analyses by role and workload. Generalization should be evaluated through multi-site, multi-industry replications that rotate persuasion principles, including urgency/scarcity, reciprocity, and social proof, to test the stability of the observed effect ordering. Measurement should move from single items to short, validated multi-item scales, add prospective confidence alongside RDC, and include demographics to enable moderation tests across experience bands and job families. Process modeling should examine capability/knowledge-to-RDC-to-verification/action pathways using SEM or sequential regression with sensitivity checks for omitted-variable bias. Finally, policy-oriented studies should translate a one–standard-deviation gain in email comfort or cue knowledge into expected reductions in high-risk actions to inform budgeting and governance, while preregistration, de-identified codebooks, and analysis sharing advance transparency and address privacy and fairness concerns when instrumenting inbox workflows at scale. </p>
    </sec>
    <sec id="sec7">
      <title>7. Conclusions</title>
      <p>This study sets out to explain what drives users’ retrospective confidence in phishing detection and, specifically, whether confidence is better explained by who people are, what they know and can do, or how they work through cues in the moment. The results consistently show that confidence is primarily a function of trainable capability and knowledge, not tenure or generic exposure. In standardized models, email fluency (comfort using email), perceived Internet problem-solving proficiency, and explicit Self-Reported Phishing-Cue Knowledge carry the largest coefficients (typically <italic>β</italic> ≈ 0.50 - 0.90 across frames), while cue-checking frequency adds a small, frame-specific increment, and personality contributes secondary variance. Years of email/Internet/work experience and recent training volume do not reliably explain additional confidence once those core levers are included. </p>
      <p>Detection confidence is highest among individuals demonstrating fluency with email tools, proficiency in Internet problem-solving, and explicit knowledge of diagnostic phishing cues. Habitual cue-checking contributes marginally, and personality traits exert smaller, context-dependent effects. Years of experience and generic training volume do not reliably predict confidence once core skill- and knowledge-based variables are included in the model. </p>
      <p>The answer to the primary research question is that retrospective detection confidence is driven primarily by trainable capability variables: email fluency, perceived Internet proficiency, and explicit knowledge of diagnostic phishing cues. Cue-checking behavior contributes a smaller, frame-dependent increment, and personality factors account for secondary variance. Years-based tenure and generic training volume do not reliably explain additional confidence once core skill and knowledge variables are included. </p>
      <p>The answer to Subsidiary Research Question 1 (user characteristics): Among user characteristics, perceived capability matters most. Comfort with email and Internet proficiency show strong, positive effects; certain traits (emotional stability and openness) contribute to smaller, context-dependent boosts; extraversion appears in one frame only; agreeableness and conscientiousness do not matter. Years of experience (email, Internet, work) are negligible or inconsistent predictors of retrospective detection confidence once capability-based variables are included. Overall, the findings suggest that skill fluency and explicit cue knowledge are more reliable determinants of confidence than tenure or generic training exposure. </p>
      <p>The answer to Subsidiary Research Question 2 (cues) is that explicit knowledge of diagnostic phishing indicators is a consistent and meaningful predictor of retrospective detection confidence. Routine cue-checking behavior contributes to a smaller, frame-dependent increment. In contrast, use of a sanctioned confirmation channel, while behaviorally protective, does not independently generate reported confidence once core skill and knowledge variables are included in the model. Only the item capturing whether a consulted opinion substantively influenced the decision reached significance, and only in the stimulus-specific frame. </p>
      <p>From an organizational perspective, these findings suggest prioritizing capability-based interventions over tenure-based metrics. Interventions emphasizing hands-on fluency under realistic workload conditions, explicit cue-schema rehearsal to support automatic retrieval, and friction-reduced out-of-thread verification align with the strongest predictors identified in this study. Evaluation frameworks may benefit from incorporating calibration metrics, such as time-to-verification and channel choice, alongside accuracy to distinguish justified from miscalibrated confidence. Emphasis on demonstrated capability and calibrated confidence may provide more actionable indicators than measures based solely on training volume or years of experience. Under such conditions, detection confidence may function as a protective asset rather than a source of risk within operational email environments.</p>
    </sec>
  </body>
  <back>
    <ref-list>
      <title>References</title>
      <ref id="B1">
        <label>1.</label>
        <citation-alternatives>
          <mixed-citation publication-type="report">Verizon (2025) 2025 Data Breach Investigations Report (DBIR). Verizon. https://www.verizon.com/business/resources/reports/dbir/</mixed-citation>
          <element-citation publication-type="report">
            <year>2025</year>
            <article-title>2025 Data Breach Investigations Report (DBIR)</article-title>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B2">
        <label>2.</label>
        <citation-alternatives>
          <mixed-citation publication-type="report">Anti-Phishing Working Group (APWG) (2025) Phishing Activity Trends Report, 4th Quarter 2024. https://docs.apwg.org/reports/apwg_trends_report_q4_2024.pdf</mixed-citation>
          <element-citation publication-type="report">
            <year>2025</year>
            <article-title>Phishing Activity Trends Report, 4th Quarter 2024</article-title>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B3">
        <label>3.</label>
        <citation-alternatives>
          <mixed-citation publication-type="confproc">Dhamija, R., Tygar, J.D. and Hearst, M. (2006). Why Phishing Works. <italic>Proceedings of the SIGCHI Conference on Human Factors in Computing Systems</italic>, Montréa, 22-27 April 2006, 581-590. https://doi.org/10.1145/1124772.1124861 <pub-id pub-id-type="doi">10.1145/1124772.1124861</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.1145/1124772.1124861">https://doi.org/10.1145/1124772.1124861</ext-link></mixed-citation>
          <element-citation publication-type="confproc">
            <person-group person-group-type="author">
              <string-name>Dhamija, R.</string-name>
              <string-name>Tygar, J.D.</string-name>
              <string-name>Hearst, M.</string-name>
              <string-name>Systems, M</string-name>
            </person-group>
            <year>2006</year>
            <pub-id pub-id-type="doi">10.1145/1124772.1124861</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B4">
        <label>4.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">Jagatic, T.N., Johnson, N.A., Jakobsson, M. and Menczer, F. (2007) Social Phishing. <italic>Communications</italic><italic>of</italic><italic>the</italic><italic>ACM</italic>, 50, 94-100. https://doi.org/10.1145/1290958.1290968 <pub-id pub-id-type="doi">10.1145/1290958.1290968</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.1145/1290958.1290968">https://doi.org/10.1145/1290958.1290968</ext-link></mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Jagatic, T.N.</string-name>
              <string-name>Johnson, N.A.</string-name>
              <string-name>Jakobsson, M.</string-name>
              <string-name>Menczer, F.</string-name>
            </person-group>
            <year>2007</year>
            <article-title>Social Phishing</article-title>
            <source>Communications of the ACM</source>
            <volume>50</volume>
            <pub-id pub-id-type="doi">10.1145/1290958.1290968</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B5">
        <label>5.</label>
        <citation-alternatives>
          <mixed-citation publication-type="journal">Wright, R.T. and Marett, K. (2010) The Influence of Experiential and Dispositional Factors in Phishing: An Empirical Investigation of the Deceived. <italic>Journal</italic><italic>of</italic><italic>Management</italic><italic>Information</italic><italic>Systems</italic>, 27, 273-303. https://doi.org/10.2753/mis0742-1222270111 <pub-id pub-id-type="doi">10.2753/mis0742-1222270111</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.2753/mis0742-1222270111">https://doi.org/10.2753/mis0742-1222270111</ext-link></mixed-citation>
          <element-citation publication-type="journal">
            <person-group person-group-type="author">
              <string-name>Wright, R.T.</string-name>
              <string-name>Marett, K.</string-name>
            </person-group>
            <year>2010</year>
            <article-title>The Influence of Experiential and Dispositional Factors in Phishing: An Empirical Investigation of the Deceived</article-title>
            <source>Journal of Management Information Systems</source>
            <volume>27</volume>
            <pub-id pub-id-type="doi">10.2753/mis0742-1222270111</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B6">
        <label>6.</label>
        <citation-alternatives>
          <mixed-citation publication-type="journal">Bandura, A., Freeman, W.H. and Lightsey, R. (1999) Self-Efficacy: The Exercise of Control. <italic>Journal</italic><italic>of</italic><italic>Cognitive</italic><italic>Psychotherapy</italic>, 13, 158-166. https://doi.org/10.1891/0889-8391.13.2.158 <pub-id pub-id-type="doi">10.1891/0889-8391.13.2.158</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.1891/0889-8391.13.2.158">https://doi.org/10.1891/0889-8391.13.2.158</ext-link></mixed-citation>
          <element-citation publication-type="journal">
            <person-group person-group-type="author">
              <string-name>Bandura, A.</string-name>
              <string-name>Freeman, W.H.</string-name>
              <string-name>Lightsey, R.</string-name>
            </person-group>
            <year>1999</year>
            <article-title>Self-Efficacy: The Exercise of Control</article-title>
            <source>Journal of Cognitive Psychotherapy</source>
            <volume>13</volume>
            <pub-id pub-id-type="doi">10.1891/0889-8391.13.2.158</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B7">
        <label>7.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">Rhee, H., Kim, C. and Ryu, Y.U. (2009) Self-efficacy in Information Security: Its Influence on End Users’ Information Security Practice Behavior. <italic>Computers</italic><italic>&amp;</italic><italic>Security</italic>, 28, 816-826. https://doi.org/10.1016/j.cose.2009.05.008 <pub-id pub-id-type="doi">10.1016/j.cose.2009.05.008</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.1016/j.cose.2009.05.008">https://doi.org/10.1016/j.cose.2009.05.008</ext-link></mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Rhee, H.</string-name>
              <string-name>Kim, C.</string-name>
              <string-name>Ryu, Y.U.</string-name>
            </person-group>
            <year>2009</year>
            <article-title>Self-efficacy in Information Security: Its Influence on End Users’ Information Security Practice Behavior</article-title>
            <source>Computers &amp; Security</source>
            <volume>28</volume>
            <pub-id pub-id-type="doi">10.1016/j.cose.2009.05.008</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B8">
        <label>8.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">Parsons, K., McCormac, A., Butavicius, M., Pattinson, M. and Jerram, C. (2014) Determining Employee Awareness Using the Human Aspects of Information Security Questionnaire (HAIS-Q). <italic>Computers</italic><italic>&amp;</italic><italic>Security</italic>, 42, 165-176. https://doi.org/10.1016/j.cose.2013.12.003 <pub-id pub-id-type="doi">10.1016/j.cose.2013.12.003</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.1016/j.cose.2013.12.003">https://doi.org/10.1016/j.cose.2013.12.003</ext-link></mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Parsons, K.</string-name>
              <string-name>McCormac, A.</string-name>
              <string-name>Butavicius, M.</string-name>
              <string-name>Pattinson, M.</string-name>
              <string-name>Jerram, C.</string-name>
            </person-group>
            <year>2014</year>
            <article-title>Determining Employee Awareness Using the Human Aspects of Information Security Questionnaire (HAIS-Q)</article-title>
            <source>Computers &amp; Security</source>
            <volume>42</volume>
            <pub-id pub-id-type="doi">10.1016/j.cose.2013.12.003</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B9">
        <label>9.</label>
        <citation-alternatives>
          <mixed-citation publication-type="thesis">Brickley, J.C. (2022) What Drives User Retrospective Confidence Levels Towards Phishing Detection Behavior. Ph.D. Thesis, New Jersey City University.</mixed-citation>
          <element-citation publication-type="thesis">
            <person-group person-group-type="author">
              <string-name>Brickley, J.C.</string-name>
              <string-name>Thesis, N</string-name>
            </person-group>
            <year>2022</year>
            <article-title>What Drives User Retrospective Confidence Levels Towards Phishing Detection Behavior</article-title>
            <source>Ph.D. Thesis</source>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B10">
        <label>10.</label>
        <citation-alternatives>
          <mixed-citation publication-type="journal">Souppaya, K. and Scarfone, K. (2013) Guide to Malware Incident Prevention and Handling for Desktops and Laptops. NIST Special Publication 800-83 Rev. 1, National Institute of Standards and Technology.</mixed-citation>
          <element-citation publication-type="journal">
            <person-group person-group-type="author">
              <string-name>Souppaya, K.</string-name>
              <string-name>Scarfone, K.</string-name>
            </person-group>
            <year>2013</year>
            <article-title>Guide to Malware Incident Prevention and Handling for Desktops and Laptops</article-title>
            <source>NIST Special Publication 800-83 Rev. 1</source>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B11">
        <label>11.</label>
        <citation-alternatives>
          <mixed-citation publication-type="journal">Cichonski, P., Millar, T., Grance, T. and Scarfone, K. (2012) Computer Security Incident Handling Guide. NIST Special Publication 800-61 Rev. 2, National Institute of Standards and Technology.</mixed-citation>
          <element-citation publication-type="journal">
            <person-group person-group-type="author">
              <string-name>Cichonski, P.</string-name>
              <string-name>Millar, T.</string-name>
              <string-name>Grance, T.</string-name>
              <string-name>Scarfone, K.</string-name>
            </person-group>
            <year>2012</year>
            <article-title>Computer Security Incident Handling Guide</article-title>
            <source>NIST Special Publication 800-61 Rev. 2</source>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B12">
        <label>12.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">Li, N. and Wu, D. (2005) A Framework for Secure Electronic Commerce Transactions. <italic>Decision Support Systems</italic>, 39, 271-283.</mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Li, N.</string-name>
              <string-name>Wu, D.</string-name>
            </person-group>
            <year>2005</year>
            <article-title>A Framework for Secure Electronic Commerce Transactions</article-title>
            <source>Decision Support Systems</source>
            <volume>39</volume>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B13">
        <label>13.</label>
        <citation-alternatives>
          <mixed-citation publication-type="thesis">Alseadoon, I. (2014) Phishing Detection Behavior: A User-Centered Model. Ph.D. Thesis, University of New South Wales.</mixed-citation>
          <element-citation publication-type="thesis">
            <person-group person-group-type="author">
              <string-name>Alseadoon, I.</string-name>
              <string-name>Thesis, U</string-name>
            </person-group>
            <year>2014</year>
            <article-title>Phishing Detection Behavior: A User-Centered Model</article-title>
            <source>Ph.D. Thesis</source>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B14">
        <label>14.</label>
        <citation-alternatives>
          <mixed-citation publication-type="confproc">Wu, M., Miller, R.C. and Garfinkel, S.L. (2006) Do Security Toolbars Actually Prevent Phishing Attacks? <italic>Proceedings of the SIGCHI Conference on Human Factors in Computing Systems</italic>, Montréal, 22-27 April 2006, 601-610. https://doi.org/10.1145/1124772.1124863 <pub-id pub-id-type="doi">10.1145/1124772.1124863</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.1145/1124772.1124863">https://doi.org/10.1145/1124772.1124863</ext-link></mixed-citation>
          <element-citation publication-type="confproc">
            <person-group person-group-type="author">
              <string-name>Wu, M.</string-name>
              <string-name>Miller, R.C.</string-name>
              <string-name>Garfinkel, S.L.</string-name>
              <string-name>Systems, M</string-name>
            </person-group>
            <year>2006</year>
            <article-title>Do Security Toolbars Actually Prevent Phishing Attacks? Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, Montréal, 22-27 April 2006, 601-610</article-title>
            <pub-id pub-id-type="doi">10.1145/1124772.1124863</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B15">
        <label>15.</label>
        <citation-alternatives>
          <mixed-citation publication-type="confproc">Pandove, G., Maity, R. and Sharma, S. (2010) E-Mail Spoofing: Techniques and Countermeasures. <italic>Proceedings</italic><italic>of</italic><italic>ICCCT</italic>, Guangxi, 13-14 October 2010, 394-398.</mixed-citation>
          <element-citation publication-type="confproc">
            <person-group person-group-type="author">
              <string-name>Pandove, G.</string-name>
              <string-name>Maity, R.</string-name>
              <string-name>Sharma, S.</string-name>
              <string-name>ICCCT, G</string-name>
            </person-group>
            <year>2010</year>
            <article-title>E-Mail Spoofing: Techniques and Countermeasures</article-title>
            <source>Proceedings of ICCCT</source>
            <volume>13</volume>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B16">
        <label>16.</label>
        <citation-alternatives>
          <mixed-citation publication-type="thesis">Akbar, M. (2014) Phishing E-Mails and Cialdini’s Principles of Persuasion. Master’s Thesis, University of Twente.</mixed-citation>
          <element-citation publication-type="thesis">
            <person-group person-group-type="author">
              <string-name>Akbar, M.</string-name>
              <string-name>Thesis, U</string-name>
            </person-group>
            <year>2014</year>
            <article-title>Phishing E-Mails and Cialdini’s Principles of Persuasion</article-title>
            <source>Master’s Thesis</source>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B17">
        <label>17.</label>
        <citation-alternatives>
          <mixed-citation publication-type="book">Cialdini, R.B. (2009) Influence: Science and Practice. 5th Edition, Pearson.</mixed-citation>
          <element-citation publication-type="book">
            <person-group person-group-type="author">
              <string-name>Cialdini, R.B.</string-name>
              <string-name>Edition, P</string-name>
            </person-group>
            <year>2009</year>
            <article-title>Influence: Science and Practice</article-title>
            <source>5th Edition</source>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B18">
        <label>18.</label>
        <citation-alternatives>
          <mixed-citation publication-type="journal">Jansen, J. and Leukfeldt, R.E. (2016) Phishing and Malware Attacks on Online Banking Customers in the Netherlands: A Qualitative Analysis of Factors Leading to Victimization. <italic>International</italic><italic>Journal</italic><italic>of</italic><italic>Cyber</italic><italic>Criminology</italic>, 10, 79-91.</mixed-citation>
          <element-citation publication-type="journal">
            <person-group person-group-type="author">
              <string-name>Jansen, J.</string-name>
              <string-name>Leukfeldt, R.E.</string-name>
            </person-group>
            <year>2016</year>
            <article-title>Phishing and Malware Attacks on Online Banking Customers in the Netherlands: A Qualitative Analysis of Factors Leading to Victimization</article-title>
            <source>International Journal of Cyber Criminology</source>
            <volume>10</volume>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B19">
        <label>19.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">Workman, M. (2008) A Test of Intervention for Security Threats: Decision Biases in Computer Security. <italic>Decision</italic><italic>Sciences</italic>, 39, 615-643.</mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Workman, M.</string-name>
            </person-group>
            <year>2008</year>
            <article-title>A Test of Intervention for Security Threats: Decision Biases in Computer Security</article-title>
            <source>Decision Sciences</source>
            <volume>39</volume>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B20">
        <label>20.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">Guéguen, N., Pascual, A. and Dagot, J.L. (2010) Similarity and Compliance to a Request: A Field Study on Pedestrians. <italic>Social</italic><italic>Behavior</italic><italic>and</italic><italic>Personality</italic>, 38, 453-458.</mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Pascual, A.</string-name>
              <string-name>Dagot, J.L.</string-name>
            </person-group>
            <year>2010</year>
            <article-title>Similarity and Compliance to a Request: A Field Study on Pedestrians</article-title>
            <source>Social Behavior and Personality</source>
            <volume>38</volume>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B21">
        <label>21.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">Guadagno, R.E., Muscanell, N.L., Rice, L.M. and Roberts, N. (2013) Social Influence Online: The Impact of Social Validation and Likability on Compliance. <italic>Psychology of Popular Media Culture</italic>, 2, 51-60. https://doi.org/10.1037/a0030592 <pub-id pub-id-type="doi">10.1037/a0030592</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.1037/a0030592">https://doi.org/10.1037/a0030592</ext-link></mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Guadagno, R.E.</string-name>
              <string-name>Muscanell, N.L.</string-name>
              <string-name>Rice, L.M.</string-name>
              <string-name>Roberts, N.</string-name>
            </person-group>
            <year>2013</year>
            <article-title>Social Influence Online: The Impact of Social Validation and Likability on Compliance</article-title>
            <source>Psychology of Popular Media Culture</source>
            <volume>2</volume>
            <pub-id pub-id-type="doi">10.1037/a0030592</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B22">
        <label>22.</label>
        <citation-alternatives>
          <mixed-citation publication-type="journal">Lawson, P., Pearson, C.J., Crowson, A. and Mayhorn, C.B. (2020) Email Phishing and Signal Detection: How Persuasion Principles and Personality Influence Response Patterns and Accuracy. <italic>Applied</italic><italic>Ergonomics</italic>, 86, Article ID: 103084. https://doi.org/10.1016/j.apergo.2020.103084 <pub-id pub-id-type="doi">10.1016/j.apergo.2020.103084</pub-id><pub-id pub-id-type="pmid">32174448</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.1016/j.apergo.2020.103084">https://doi.org/10.1016/j.apergo.2020.103084</ext-link></mixed-citation>
          <element-citation publication-type="journal">
            <person-group person-group-type="author">
              <string-name>Lawson, P.</string-name>
              <string-name>Pearson, C.J.</string-name>
              <string-name>Crowson, A.</string-name>
              <string-name>Mayhorn, C.B.</string-name>
            </person-group>
            <year>2020</year>
            <article-title>Email Phishing and Signal Detection: How Persuasion Principles and Personality Influence Response Patterns and Accuracy</article-title>
            <source>Applied Ergonomics</source>
            <volume>86</volume>
            <fpage>103084</fpage>
            <elocation-id>ID</elocation-id>
            <pub-id pub-id-type="doi">10.1016/j.apergo.2020.103084</pub-id>
            <pub-id pub-id-type="pmid">32174448</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B23">
        <label>23.</label>
        <citation-alternatives>
          <mixed-citation publication-type="confproc">Xun, D., Clark, J.A. and Jacob, J. (2008) Modelling User-Phishing Interaction. 2008 <italic>Conference on Human System Interaction</italic>, Krakow, 25-27 May 2008, 627-632. https://doi.org/10.1109/HSI.2008.4581513 <pub-id pub-id-type="doi">10.1109/HSI.2008.4581513</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.1109/HSI.2008.4581513">https://doi.org/10.1109/HSI.2008.4581513</ext-link></mixed-citation>
          <element-citation publication-type="confproc">
            <person-group person-group-type="author">
              <string-name>Xun, D.</string-name>
              <string-name>Clark, J.A.</string-name>
              <string-name>Jacob, J.</string-name>
              <string-name>Interaction, K</string-name>
            </person-group>
            <year>2008</year>
            <article-title>Modelling User-Phishing Interaction</article-title>
            <source>2008 Conference on Human System Interaction</source>
            <volume>25</volume>
            <pub-id pub-id-type="doi">10.1109/HSI.2008.4581513</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B24">
        <label>24.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">Aburrous, M., Hossain, M.A., Dahal, K. and Thabtah, F. (2010) Intelligent Phishing Detection System for E-Banking Using Fuzzy Data Mining. <italic>Expert</italic><italic>Systems</italic><italic>with</italic><italic>Applications</italic>, 37, 7913-7921. https://doi.org/10.1016/j.eswa.2010.04.044 <pub-id pub-id-type="doi">10.1016/j.eswa.2010.04.044</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.1016/j.eswa.2010.04.044">https://doi.org/10.1016/j.eswa.2010.04.044</ext-link></mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Aburrous, M.</string-name>
              <string-name>Hossain, M.A.</string-name>
              <string-name>Dahal, K.</string-name>
              <string-name>Thabtah, F.</string-name>
            </person-group>
            <year>2010</year>
            <article-title>Intelligent Phishing Detection System for E-Banking Using Fuzzy Data Mining</article-title>
            <source>Expert Systems with Applications</source>
            <volume>37</volume>
            <pub-id pub-id-type="doi">10.1016/j.eswa.2010.04.044</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B25">
        <label>25.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">Vishwanath, A., Herath, T., Chen, R., Wang, J. and Rao, H.R. (2011) Why Do People Get Phished? Testing Individual Differences in Phishing Vulnerability within an Integrated, Information Processing Model. <italic>Decision</italic><italic>Support</italic><italic>Systems</italic>, 51, 576-586. https://doi.org/10.1016/j.dss.2011.03.002 <pub-id pub-id-type="doi">10.1016/j.dss.2011.03.002</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.1016/j.dss.2011.03.002">https://doi.org/10.1016/j.dss.2011.03.002</ext-link></mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Vishwanath, A.</string-name>
              <string-name>Herath, T.</string-name>
              <string-name>Chen, R.</string-name>
              <string-name>Wang, J.</string-name>
              <string-name>Rao, H.R.</string-name>
              <string-name>Integrated, I</string-name>
            </person-group>
            <year>2011</year>
            <article-title>Why Do People Get Phished? Testing Individual Differences in Phishing Vulnerability within an Integrated, Information Processing Model</article-title>
            <source>Decision Support Systems</source>
            <volume>51</volume>
            <pub-id pub-id-type="doi">10.1016/j.dss.2011.03.002</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B26">
        <label>26.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">Petty, R.E. and Cacioppo, J.T. (1986) Communication and Persuasion: Central and Peripheral Routes to Attitude Change. Springer.</mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Petty, R.E.</string-name>
              <string-name>Cacioppo, J.T.</string-name>
            </person-group>
            <year>1986</year>
            <article-title>Communication and Persuasion: Central and Peripheral Routes to Attitude Change</article-title>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B27">
        <label>27.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">Grazioli, S. (2004) Where Did They Go Wrong? An Analysis of the Failure of Knowledgeable Internet Consumers to Detect Deception over the Internet. <italic>MIS</italic><italic>Quarterly</italic>, 28, 387-422.</mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Grazioli, S.</string-name>
            </person-group>
            <year>2004</year>
            <article-title>Where Did They Go Wrong? An Analysis of the Failure of Knowledgeable Internet Consumers to Detect Deception over the Internet</article-title>
            <source>MIS Quarterly</source>
            <volume>28</volume>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B28">
        <label>28.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">Higgins, E.T. (1996) Knowledge Activation: Accessibility, Applicability, and Salience. In: Higgins, E.T. and Kruglanski, A.W., Eds., <italic>Social</italic><italic>Psychology</italic>: <italic>Handbook</italic><italic>of</italic><italic>Basic</italic><italic>Principles</italic>, Guilford, 133-168.</mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Higgins, E.T.</string-name>
              <string-name>Accessibility, A</string-name>
              <string-name>Higgins, E.T.</string-name>
              <string-name>Kruglanski, A.W.</string-name>
              <string-name>Principles, G</string-name>
            </person-group>
            <year>1996</year>
            <article-title>Knowledge Activation: Accessibility, Applicability, and Salience</article-title>
            <source>In: Higgins</source>
            <volume>133</volume>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B29">
        <label>29.</label>
        <citation-alternatives>
          <mixed-citation publication-type="thesis">Rietbergen, A. (2015) An Eye-Tracking Study on What Receives Attention in E-Mails in an Intercultural Context. Master’s Thesis, Radboud University.</mixed-citation>
          <element-citation publication-type="thesis">
            <person-group person-group-type="author">
              <string-name>Rietbergen, A.</string-name>
              <string-name>Thesis, R</string-name>
            </person-group>
            <year>2015</year>
            <article-title>An Eye-Tracking Study on What Receives Attention in E-Mails in an Intercultural Context</article-title>
            <source>Master’s Thesis</source>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B30">
        <label>30.</label>
        <citation-alternatives>
          <mixed-citation publication-type="journal">Jain, A.K. and Gupta, B.B. (2017) Phishing Detection: Analysis of Visual Similarity Based Approaches. <italic>Security</italic><italic>and</italic><italic>Communication</italic><italic>Networks</italic>, 2017, Article ID: 5421046. https://doi.org/10.1155/2017/5421046 <pub-id pub-id-type="doi">10.1155/2017/5421046</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.1155/2017/5421046">https://doi.org/10.1155/2017/5421046</ext-link></mixed-citation>
          <element-citation publication-type="journal">
            <person-group person-group-type="author">
              <string-name>Jain, A.K.</string-name>
              <string-name>Gupta, B.B.</string-name>
            </person-group>
            <year>2017</year>
            <article-title>Phishing Detection: Analysis of Visual Similarity Based Approaches</article-title>
            <source>Security and Communication Networks</source>
            <volume>2017</volume>
            <fpage>542104</fpage>
            <elocation-id>ID</elocation-id>
            <pub-id pub-id-type="doi">10.1155/2017/5421046</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B31">
        <label>31.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">Ho, S.Y. and Bodoff, D. (2014) The Effects of Web Personalization on User Attitude and Behavior: An Integration of the Elaboration Likelihood Model and Consumer Search Theory. <italic>MIS</italic><italic>Quarterly</italic>, 38, 497-520. https://doi.org/10.25300/misq/2014/38.2.08 <pub-id pub-id-type="doi">10.25300/misq/2014/38.2.08</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.25300/misq/2014/38.2.08">https://doi.org/10.25300/misq/2014/38.2.08</ext-link></mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Ho, S.Y.</string-name>
              <string-name>Bodoff, D.</string-name>
            </person-group>
            <year>2014</year>
            <article-title>The Effects of Web Personalization on User Attitude and Behavior: An Integration of the Elaboration Likelihood Model and Consumer Search Theory</article-title>
            <source>MIS Quarterly</source>
            <volume>38</volume>
            <pub-id pub-id-type="doi">10.25300/misq/2014/38.2.08</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B32">
        <label>32.</label>
        <citation-alternatives>
          <mixed-citation publication-type="journal">Wang, J., Li, Y. and Rao, H.R. (2016) Overconfidence in Phishing Email Detection. <italic>Journal</italic><italic>of</italic><italic>the</italic><italic>Association</italic><italic>for</italic><italic>Information</italic><italic>Systems</italic>, 17, 759-783. https://doi.org/10.17705/1jais.00442 <pub-id pub-id-type="doi">10.17705/1jais.00442</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.17705/1jais.00442">https://doi.org/10.17705/1jais.00442</ext-link></mixed-citation>
          <element-citation publication-type="journal">
            <person-group person-group-type="author">
              <string-name>Wang, J.</string-name>
              <string-name>Li, Y.</string-name>
              <string-name>Rao, H.R.</string-name>
            </person-group>
            <year>2016</year>
            <article-title>Overconfidence in Phishing Email Detection</article-title>
            <source>Journal of the Association for Information Systems</source>
            <volume>17</volume>
            <pub-id pub-id-type="doi">10.17705/1jais.00442</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B33">
        <label>33.</label>
        <citation-alternatives>
          <mixed-citation publication-type="journal">Fazio, R.H. and Zanna, M.P. (1978) On the Predictive Validity of Attitudes: The Roles of Direct Experience and Confidence. <italic>Journal</italic><italic>of</italic><italic>Personality</italic>, 46, 228-243. https://doi.org/10.1111/j.1467-6494.1978.tb00177.x <pub-id pub-id-type="doi">10.1111/j.1467-6494.1978.tb00177.x</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.1111/j.1467-6494.1978.tb00177.x">https://doi.org/10.1111/j.1467-6494.1978.tb00177.x</ext-link></mixed-citation>
          <element-citation publication-type="journal">
            <person-group person-group-type="author">
              <string-name>Fazio, R.H.</string-name>
              <string-name>Zanna, M.P.</string-name>
            </person-group>
            <year>1978</year>
            <article-title>On the Predictive Validity of Attitudes: The Roles of Direct Experience and Confidence</article-title>
            <source>Journal of Personality</source>
            <volume>46</volume>
            <pub-id pub-id-type="doi">10.1111/j.1467-6494.1978.tb00177.x</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B34">
        <label>34.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">Moore, D.A. and Healy, P.J. (2008) The Trouble with Overconfidence. <italic>Psychological</italic><italic>Review</italic>, 115, 502-517. https://doi.org/10.1037/0033-295x.115.2.502 <pub-id pub-id-type="doi">10.1037/0033-295x.115.2.502</pub-id><pub-id pub-id-type="pmid">18426301</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.1037/0033-295x.115.2.502">https://doi.org/10.1037/0033-295x.115.2.502</ext-link></mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Moore, D.A.</string-name>
              <string-name>Healy, P.J.</string-name>
            </person-group>
            <year>2008</year>
            <article-title>The Trouble with Overconfidence</article-title>
            <source>Psychological Review</source>
            <volume>115</volume>
            <pub-id pub-id-type="doi">10.1037/0033-295x.115.2.502</pub-id>
            <pub-id pub-id-type="pmid">18426301</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B35">
        <label>35.</label>
        <citation-alternatives>
          <mixed-citation publication-type="journal">Berger, I.E. (1992) The Nature of Attitude Accessibility and Attitude Confidence: A Triangulated Experiment. <italic>Journal</italic><italic>of</italic><italic>Consumer</italic><italic>Psychology</italic>, 1, 103-123. https://doi.org/10.1016/s1057-7408(08)80052-6 <pub-id pub-id-type="doi">10.1016/s1057-7408(08)80052-6</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.1016/s1057-7408(08)80052-6">https://doi.org/10.1016/s1057-7408(08)80052-6</ext-link></mixed-citation>
          <element-citation publication-type="journal">
            <person-group person-group-type="author">
              <string-name>Berger, I.E.</string-name>
            </person-group>
            <year>1992</year>
            <article-title>The Nature of Attitude Accessibility and Attitude Confidence: A Triangulated Experiment</article-title>
            <source>Journal of Consumer Psychology</source>
            <volume>7408</volume>
            <issue>08</issue>
            <pub-id pub-id-type="doi">10.1016/s1057-7408(08)80052-6</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B36">
        <label>36.</label>
        <citation-alternatives>
          <mixed-citation publication-type="journal">Berger, I.E. and Mitchell, A.A. (1989) The Effect of Advertising on Attitude Accessibility, Attitude Confidence, and the Attitude-Behavior Relationship. <italic>Journal</italic><italic>of</italic><italic>Consumer</italic><italic>Research</italic>, 16, 269-279. https://doi.org/10.1086/209213 <pub-id pub-id-type="doi">10.1086/209213</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.1086/209213">https://doi.org/10.1086/209213</ext-link></mixed-citation>
          <element-citation publication-type="journal">
            <person-group person-group-type="author">
              <string-name>Berger, I.E.</string-name>
              <string-name>Mitchell, A.A.</string-name>
              <string-name>Accessibility, A</string-name>
            </person-group>
            <year>1989</year>
            <article-title>The Effect of Advertising on Attitude Accessibility, Attitude Confidence, and the Attitude-Behavior Relationship</article-title>
            <source>Journal of Consumer Research</source>
            <volume>16</volume>
            <pub-id pub-id-type="doi">10.1086/209213</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B37">
        <label>37.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">Busey, T.A., Tunnicliff, J., Loftus, G.R. and Loftus, E.F. (2000) Accounts of the Confidence-Accuracy Relation in Recognition Memory. <italic>Psychonomic</italic><italic>Bulletin</italic><italic>&amp;</italic><italic>Review</italic>, 7, 26-48. https://doi.org/10.3758/bf03210724 <pub-id pub-id-type="doi">10.3758/bf03210724</pub-id><pub-id pub-id-type="pmid">10780019</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.3758/bf03210724">https://doi.org/10.3758/bf03210724</ext-link></mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Busey, T.A.</string-name>
              <string-name>Tunnicliff, J.</string-name>
              <string-name>Loftus, G.R.</string-name>
              <string-name>Loftus, E.F.</string-name>
            </person-group>
            <year>2000</year>
            <article-title>Accounts of the Confidence-Accuracy Relation in Recognition Memory</article-title>
            <source>Psychonomic Bulletin &amp; Review</source>
            <volume>7</volume>
            <pub-id pub-id-type="doi">10.3758/bf03210724</pub-id>
            <pub-id pub-id-type="pmid">10780019</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B38">
        <label>38.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">Stone, D.N. (1994) Overconfidence in Initial Self-Efficacy Judgments: Effects on Decision Processes and Performance. <italic>Organizational</italic><italic>Behavior</italic><italic>and</italic><italic>Human</italic><italic>Decision</italic><italic>Processes</italic>, 59, 452-474. https://doi.org/10.1006/obhd.1994.1069 <pub-id pub-id-type="doi">10.1006/obhd.1994.1069</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.1006/obhd.1994.1069">https://doi.org/10.1006/obhd.1994.1069</ext-link></mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Stone, D.N.</string-name>
            </person-group>
            <year>1994</year>
            <article-title>Overconfidence in Initial Self-Efficacy Judgments: Effects on Decision Processes and Performance</article-title>
            <source>Organizational Behavior and Human Decision Processes</source>
            <volume>59</volume>
            <pub-id pub-id-type="doi">10.1006/obhd.1994.1069</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B39">
        <label>39.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">Moores, T.T. and Chang, J.C. (2009) Self-Efficacy, Overconfidence, and the Negative Effect on Subsequent Performance: A Field Study. <italic>Information</italic><italic>&amp;</italic><italic>Management</italic>, 46, 69-76. https://doi.org/10.1016/j.im.2008.11.006 <pub-id pub-id-type="doi">10.1016/j.im.2008.11.006</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.1016/j.im.2008.11.006">https://doi.org/10.1016/j.im.2008.11.006</ext-link></mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Moores, T.T.</string-name>
              <string-name>Chang, J.C.</string-name>
              <string-name>Self-Efficacy, O</string-name>
            </person-group>
            <year>2009</year>
            <article-title>Self-Efficacy, Overconfidence, and the Negative Effect on Subsequent Performance: A Field Study</article-title>
            <source>Information &amp; Management</source>
            <volume>46</volume>
            <pub-id pub-id-type="doi">10.1016/j.im.2008.11.006</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B40">
        <label>40.</label>
        <citation-alternatives>
          <mixed-citation publication-type="journal">Cramer, R.J., Neal, T.M.S. and Brodsky, S.L. (2009) Self-Efficacy and Confidence: Theoretical Distinctions and Implications for Trial Consultation. <italic>Consulting</italic><italic>Psychology</italic><italic>Journal</italic>: <italic>Practice</italic><italic>and</italic><italic>Research</italic>, 61, 319-334. https://doi.org/10.1037/a0017310 <pub-id pub-id-type="doi">10.1037/a0017310</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.1037/a0017310">https://doi.org/10.1037/a0017310</ext-link></mixed-citation>
          <element-citation publication-type="journal">
            <person-group person-group-type="author">
              <string-name>Cramer, R.J.</string-name>
              <string-name>Neal, T.M.S.</string-name>
              <string-name>Brodsky, S.L.</string-name>
            </person-group>
            <year>2009</year>
            <article-title>Self-Efficacy and Confidence: Theoretical Distinctions and Implications for Trial Consultation</article-title>
            <source>Consulting Psychology Journal: Practice and Research</source>
            <volume>61</volume>
            <pub-id pub-id-type="doi">10.1037/a0017310</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B41">
        <label>41.</label>
        <citation-alternatives>
          <mixed-citation publication-type="other">Alseadoon, I., Othman, M.H., Chan, A. and Foo, S. (2017) Typology of Phishing Victims Based on Personality Traits and Other Factors. <italic>Computers</italic><italic>in</italic><italic>Human</italic><italic>Behavior</italic>, 66, 1-13.</mixed-citation>
          <element-citation publication-type="other">
            <person-group person-group-type="author">
              <string-name>Alseadoon, I.</string-name>
              <string-name>Othman, M.H.</string-name>
              <string-name>Chan, A.</string-name>
              <string-name>Foo, S.</string-name>
            </person-group>
            <year>2017</year>
            <article-title>Typology of Phishing Victims Based on Personality Traits and Other Factors</article-title>
            <source>Computers in Human Behavior</source>
            <volume>66</volume>
          </element-citation>
        </citation-alternatives>
      </ref>
      <ref id="B42">
        <label>42.</label>
        <citation-alternatives>
          <mixed-citation publication-type="journal">Srivastava, S., John, O.P., Gosling, S.D. and Potter, J. (2003) Development of Personality in Early and Middle Adulthood: Set Like Plaster or Persistent Change? <italic>Journal</italic><italic>of</italic><italic>Personality</italic><italic>and</italic><italic>Social</italic><italic>Psychology</italic>, 84, 1041-1053. https://doi.org/10.1037/0022-3514.84.5.1041 <pub-id pub-id-type="doi">10.1037/0022-3514.84.5.1041</pub-id><pub-id pub-id-type="pmid">12757147</pub-id><ext-link ext-link-type="uri" xlink:href="https://doi.org/10.1037/0022-3514.84.5.1041">https://doi.org/10.1037/0022-3514.84.5.1041</ext-link></mixed-citation>
          <element-citation publication-type="journal">
            <person-group person-group-type="author">
              <string-name>Srivastava, S.</string-name>
              <string-name>John, O.P.</string-name>
              <string-name>Gosling, S.D.</string-name>
              <string-name>Potter, J.</string-name>
            </person-group>
            <year>2003</year>
            <article-title>Development of Personality in Early and Middle Adulthood: Set Like Plaster or Persistent Change? Journal of Personality and Social Psychology, 84, 1041-1053</article-title>
            <pub-id pub-id-type="doi">10.1037/0022-3514.84.5.1041</pub-id>
            <pub-id pub-id-type="pmid">12757147</pub-id>
          </element-citation>
        </citation-alternatives>
      </ref>
    </ref-list>
  </back>
</article>