摘要
网络钓鱼是指通过计算机技术并利用人类心理弱点对终端用户进行攻击的行为,研究网络钓鱼的影响因素可以提高网络安全水平,降低网络钓鱼伤害。本文以心理学的视角,从个体、情境和系统三个方面对网络钓鱼的影响因素进行梳理总结,并探讨了各影响因素联结的动态过程。在个体因素方面,先天特质会影响网络钓鱼易感性,但后天学习和积累的知识经验能降低被钓鱼的风险;在情境方面,身份伪装和特殊情境设定能够利用用户的心理弱点,直接影响用户回复钓鱼邮件的行为;在系统方面,系统反馈影响人对系统安全的信任,进而影响网络钓鱼风险。未来的研究可从三个方面展开:一是探讨和细化个人特质对整体网络钓鱼易感性的综合影响,建立易感者模型;二是量化邮件特征在用户动态决策过程的作用;三是结合个体特质、情境因素和系统特征,建立基于三者结合关系模型的防护体系。
Phishing refers to the behavior of attacking end-users through computer technology and taking advantage of human psychological weaknesses. Investigating what shapes phishing susceptibility can improve the level of network security and reduce the damage of phishing. From the perspective of psychology, this paper summarized the influential factors of phishing from three levels: the individual level, the email level and the system level. Meanwhile the dynamic processes of the link of those factors are also explored. At the individual level, people with high score in some specific individual are easier to be attached by phishing, but acquired knowledge and accumulated experience can reduce the risk of getting phished. At the email level, identity camouflage and context setting can make use of users’ psychological weaknesses, and thus directly affect the possibility to respond to phishing email. At the system level, system features affect users’ trust in automation security and reliability, which in turn affects phishing risk. Future research could be focused on three aspects: first, to refine the comprehensive influence of different personalities on overall phishing susceptibility and to establish the susceptibility model;second, to qualify the influence of email characteristics on users’ the dynamic decision-making process;third, to establish a protective system based on the comprehensive impact of individual traits, email characteristics and system features.
出处
《心理学进展》
2021年第4期968-977,共10页
Advances in Psychology