Experiences, Behavioral Tendencies, and Concerns of Non-Native English Speakers in Identifying Phishing Emails

Phishing, a form of online fraud, remains a huge cybersecurity threat. Recent research in cybersecurity and risk management revealed the possibility that non-native speakers of the language used in phishing emails are more susceptible to such attacks. Although many studies have focused on the behaviors that native English speakers use to avoid phishing attacks, little is known about the behaviors of non-native speakers. Therefore, we conducted an online survey with 862 non-native English speakers (284 Germans, 276 South Koreans, and 302 Japanese). We showed that non-native English speakers are regularly exposed to English phishing emails. Through our scenario-based roleplay task, we found that participants, especially those who lacked confidence in English, had a higher tendency to ignore English emails without careful inspection than emails in their native languages. Furthermore, both the German and South Korean participants generally followed the instructions in the email in their native languages without careful inspection. Finally, our qualitative analysis revealed five main concerns in identifying English phishing emails: difficulty understanding email content, difficulty identifying errors and unnatural language, unfamiliarity with phishing emails, decreased attention, and difficulty finding similar cases. These findings highlight the importance of providing non-native speakers with specific anti-phishing interventions that differ from those for native speakers. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.30(2022) (online) DOI　http://dx.doi.org/10.2197/ipsjjip.30.841 ------------------------------

Phishing, a form of online fraud, remains a huge cybersecurity threat. Recent research in cybersecurity and risk management revealed the possibility that non-native speakers of the language used in phishing emails are more susceptible to such attacks. Although many studies have focused on the behaviors that native English speakers use to avoid phishing attacks, little is known about the behaviors of non-native speakers. Therefore, we conducted an online survey with 862 non-native English speakers (284 Germans, 276 South Koreans, and 302 Japanese). We showed that non-native English speakers are regularly exposed to English phishing emails. Through our scenario-based roleplay task, we found that participants, especially those who lacked confidence in English, had a higher tendency to ignore English emails without careful inspection than emails in their native languages. Furthermore, both the German and South Korean participants generally followed the instructions in the email in their native languages without careful inspection. Finally, our qualitative analysis revealed five main concerns in identifying English phishing emails: difficulty understanding email content, difficulty identifying errors and unnatural language, unfamiliarity with phishing emails, decreased attention, and difficulty finding similar cases. These findings highlight the importance of providing non-native speakers with specific anti-phishing interventions that differ from those for native speakers. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.30(2022) (online) DOI　http://dx.doi.org/10.2197/ipsjjip.30.841 ------------------------------