Abstract
Phishing is one of the most prominent and long-lasting cyber-attacks, whereby attackers use social engineering methods to deceive targets to reveal private information. This study analyzes individual differences in victims’ vulnerability from the perspective of victimology and applied psychology. Although most studies have focused on the technical nature of phishing attacks, very little is known about personality traits as drivers of vulnerability. It involved a large-scale survey in which all participants completed a personality assessment questionnaire, along with a phishing susceptibility questionnaire. The results of the survey could be used to create personalized phishing prevention programs in which personality traits, which could be particularly susceptible to phishing, would be targeted. The developed treatments were evaluated in a randomized controlled trial. The findings identified crucial personality traits that influenced the tendency toward phishing attacks, specifically impulsivity and neuroticism. The designed programs for phishing prevention proved capable of reducing susceptibility, thus informing selective intervention designs for improved cybersecurity. This study underscores the importance of integrating psychological theories and victimology approaches to better understand and mitigate phishing risks, offering valuable insights for both academic and practical applications in cybersecurity.