“A Bank Would Never Write That!” - A Qualitative Study on E-Mail Trust Decisions

Abstract

In order to communicate the risk of fraudulent e-mails to users properly, it is important to know which aspects they focus on when evaluating the trustworthiness of an e-mail. To that end, a study was conducted to test predictions derived from a decision model by asking participants how they would react to each of eight e-mails and why. The study confirms results from previous research showing that content as well as visual and linguistic aspects, but also technical aspects such as sender address and link URL are considered by recipients. It also adds new findings like the fact that through experience and education, users form rules such as “A bank will never ask you for account details via e-mail” or the fact that attachments in HTML format or implausible sending times raise suspicions in users. These findings can be used to inform the design of anti-fraud education and user interfaces of e-mail clients