Understanding Phishing Susceptibility Through Expert Consensus Using Digital Marketing Parallels and a Machine Learning-Based Implementation

Author

• Mansoor Ahmad, Minnesota State University, Mankato

Abstract

Phishing remains one of the most effective attack vectors for gaining unauthorized access to organizational systems, yet defenders often lack systematic methods to assess their exposure before an attack. This study develops a framework that uses machine learning to encode the collective expertise of cybersecurity practitioners into a portable phishing susceptibility assessment tool, with the goal to help security teams proactively identify patterns, prioritize awareness training, and strengthen detection controls. The study surveyed 27 practitioners with extensive experience in social engineering, red teaming, penetration testing, and threat analysis to identify which factors most influence phishing susceptibility. Practitioners provided quantitative ratings and rankings of targeting factors, psychological levers, pretext design elements, and timing considerations, as well as qualitative insights into overlooked and intuitive aspects of campaign design. These expert-weighted features were analyzed using descriptive statistics, Borda count ranking aggregation, and thematic coding, then encoded into a machine learning model operationalized as a new tool called PhishScore. The tool produces susceptibility scores (relative likelihood of engagement) rather than risk scores, a deliberate methodological distinction that positions susceptibility as the necessary first input to organizational risk calculation, bridging the gap between adversarial research and defensive practice. The research also draws novel parallels between the persuasion mechanisms underlying phishing and those employed in digital marketing and advertising, arguing that both domains exploit shared cognitive pathways to elicit engagement.

Advisor

Christophe Veltsos

Committee Member

Naseef Mansoor

Committee Member

David Clisbee

Date of Degree

2026

Language

english

Document Type

Thesis

Degree

Master of Science (MS)

Program of Study

Information Technology

Department

Computer Information Science

College

Science, Engineering and Technology

Recommended Citation

Ahmad, M. (2026). Understanding phishing susceptibility through expert consensus using digital marketing parallels and a machine learning-based implementation [Master’s thesis, Minnesota State University, Mankato]. Cornerstone: A Collection of Scholarly and Creative Works for Minnesota State University, Mankato. https://cornerstone.lib.mnsu.edu/etds/1587/

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.