BITlab: Behavior Information Technology

404 Wilson Rd. Room 249
Communication Arts & Sciences
Michigan State University
East Lansing, MI 48824

The BITLab is no longer operating. This webpage is for archival purposes only.

How Non-Experts Try to Detect Phishing Scam Emails"

by: Norbert Nthala and Rick Wash


Email remains one of the most widely used methods of communication globally. However, successful phishing email attacks and subsequent costs remain unreasonably high despite technical advances in defenses that limit phishing scams. In this paper, we examine human detection of phishing. We found that non-experts go through four different sensemaking processes to determine if an email is a phishing message; they use different knowledge and skills to become suspicious differently in each process. Additionally, non-experts rely on their social connections as an investigative tool to determine if an email is a phishing scam. We discuss the impact of our findings on phishing training and technology.


Norbert Nthala and Rick Wash. “How Non-Experts Try to Detect Phishing Scam Emails”.” Paper in Workshop on Technology and Consumer Protection.May 2021.

Download: PDF