Evaluating the applicability of the double system lens model to the analysis of phishing email judgments

Phishing emails pose a serious threat to cybersecurity. Because human users are the last line of defense, understanding how users identify phishing emails is imperative to addressing this problem. Judgment analysis (JA) provides a means of analyzing both how information in the environment (cues) contributes to an outcome and how users synthesize cues into judgments about that outcome, typically using multiple linear regression. Because JA has not been applied to this domain, this effort assessed if the statistical assumptions of JA with multiple linear regression are upheld. We hypothesized that phishing cues are linearly combinable, meaning a lens model analysis, a type of JA, is appropriate for evaluating phishing judgments. To test this, we analyzed ten participants who judged whether or not emails were phishing using the double system lens model. Results indicated that the lens model is an appropriate means of analyzing phishing judgments, primarily evidenced by the goodness of fits for both the environment model and human judgment models. We also observed varying achievement scores across participants consistent with their varying levels of performance in the judgment task. We discuss our results and how future phishing judgment research can utilize JA afforded analysis capabilities.