Persuasion Susceptibility to University-Themed Phishing Emails Across Different Faculties: An Analysis Based on Cialdini’s Principles, and the Role of User Vigilance in Mitigation

Abstract

This study investigated whether phishing-detection performance differed by academic faculty and explored simple individual differences among university students. Thirty-three students completed a short Phishing Data Privacy IQ Test delivered in Microsoft Forms and analysed in JASP (R backend). Phishing vulner- ability was defined as the number of phishing items misclassified as legitimate. Mean vulnerabilities were Business/Law M = 4.182, SD = 3.573 (n=11); Health/Social Sciences M = 4.200, SD = 2.251 (n=10); STEM M = 3.200, SD = 2.573 (n=10); and Other M = 2.000, SD = 0.000 (n=2). A one-way ANOVA showed no significant faculty effect, F(3, 29)=0.549, p=.653, 2=.054 (95% CI [0, .202]); Levene’s test sup- ported homogeneity of variances, F(3, 29)=2.066, p=.127. An exploratory comparison of students who reported prior scam victimhood versus no/unsure also did not differ significantly (Welch’s t(29.43)=1.001, p=.325, Cohen’s d0.33). Within-person analyses by persuasion principle and associations with vigilance and privacy-knowledge were specified but not conducted in this results set. Overall, faculty membership did not explain meaningful variation in vulnerability in this sample, suggesting that training should target specific message cues and general student behaviours rather than assume large faculty-level differences. The full analysis bundle (raw export, cleaned data, JASP file, and exported R syntax) was archived to support reproducibility.