CCE Theses and Dissertations

Date of Award


Document Type


Degree Name

Doctor of Philosophy (PhD)


College of Computing and Engineering


James L. Parrish

Committee Member

Steven R. Terrell

Committee Member

Timothy J. Ellis


Corporations and individuals continue to be under Phishing attack. Researchers categorizes methods corporations and individuals can employ to reduce the impact of being caught in a Phishing scheme. Corporation enable technical mechanisms such as automated filtering, URL blacklisting, and manipulation of browser warning messages to reduce phishing susceptibility costing billions of dollars annually. However, even with robust efforts to educate employees about phishing techniques through security awareness training the abundance of attacks continues to plague organizations. This study aims to identify whether a correlation exists between mindfulness and phishing susceptibility. The goal of this research is to determine if mindful individuals are less susceptible to phishing. By showing individuals with increased awareness are significantly able to identify areas that phishing attempts exploit.

Based on a review of the literature a misconception exists between end-users, corporation and Internet Service Providers (ISP) regarding ownership of Phishing identification. Specifically, individuals blame ISPs and corporate information technology departments for failing to protect them from Phishing attacks. Still, the truth of the matter is that the end-user is ultimately the weakest link in the phishing identification chain. The methodology of this study polled participants through initial screening focusing on whether the individuals were mindful using the Mindful Attention Awareness Scale (MAAS) survey. Conclusions seen in this study in contrast with other studies saw no significant correlation between Mindfulness and phishing susceptibility, increase in cogitative ability or increase in Phishing identification. Thus, continued use of MAAS survey questionnaire is necessary to screen other groups for phishing awareness prior to focusing on other phishing cues.