Publication Date

Summer 2023

Degree Type


Degree Name

Master of Arts (MA)




Evan Palmer; Sean Laraway; Christina Tzeng


Phishing attacks are attempts to obtain individual credentials or other private information through deception, usually in email format. As the Internet becomes increasingly intertwined with everyday lives, such attacks are on the rise, threatening individuals and businesses alike. Existing anti-phishing training measures fail to address possible prevalence effects on detection performance: in tasks where targets appear rarely, participants have heightened miss rates. This low prevalence effect could be present in phishing detection because phishing emails are observed much less frequently than legitimate emails. Emerging research has reported observing heightened miss rates as a function of phishing email rarity. This study aimed to replicate those findings with improvements to both the internal and external validity of the task design by using real-life emails as stimuli and increasing the stimulus set size. Participants attempted to identify phishing emails among normal emails and were randomly assigned to one of four phishing prevalence conditions: 1%, 3%, 5%, and 20%. Sensitivity did not significantly differ between prevalence groups, nor did we observe significant differences in criterion or miss rates. Limitations of the study include not accounting for English fluency, which is a possible covariate. More research is needed to understand whether the low prevalence effect is observed during phishing detection.

Included in

Psychology Commons