Abstract (EN)

When interacting with computers or digital artifacts, individuals tend to replicate interpersonal trust and distrust mechanisms to calibrate their trust. Such mechanisms involve cognitive processes that individuals rely on before making a decision to trust or distrust. With the worldwide increase in email traffic, both the academic literature and professionals warn of insider threats, that is, coming from inside an organization, in particular those created by legitimate users who have decided to trust a phishing email. This article offers a cognitive approach to the decision whether to trust a phishing email. After reviewing the literature on decision making concerning a cognitive perspective, interpretation, trust, distrust, online deception, and insider threats, we present a study conducted on 249 participants designed to ascertain how they interpreted phishing emails and decided whether or not to trust them. We noted that certain elements eliciting trust or distrust remained invariable regardless of the participant. We show examples of phishing emails designed to maximize (or minimize) the decision to trust (or distrust), and lastly consider the limitations and ethical questions raised by this research.