Abstract
People are the weakest link in the security of any computer system or network. Adversaries tactically exploit decision-making processes of computer users by preying on their propensity to trust electronic communications based on learned contextual cues and environmental influences. Despite this understanding, explorations into the psychological, experiential, technological, and environmental factors influencing the cognitive phenomena of trust and suspicion are not typically based on the cues available to computer users. This work defines a taxonomy of human-perceptible trust cues that are used to make decisions online across the domains of Web, E-mail, and Social Networking. We believe this taxonomy could be foundational for future studies of phishing attacks. The Taxonomy also has significant implications for training both cyber security personnel and general computer users, because it codifies the domain or body of knowledge that may become the basis for future development of information systems security education and training.