Linguistic Protection from Phishing: A Benefit of English as a Second Language
by: Tara Thomsen, Jennifer Salemy, Christian Willis, and Rick Wash
Abstract
Phishing affects everyone, but certain groups are at a higher risk of being phished than others. Prior research has pointed to language skills impacting phishing detection. We conducted a survey with the aim of understanding English as a Second Language (ESL) speakers’ experiences with phishing compared to native English speakers to find out if one group was at a greater risk of falling for phishing than the other. We surveyed 100 native Mandarin, Korean, Spanish, and English speakers, 400 participants in total, who are living in the United States and are fluent in English. We presented the participants with phishing, ambiguous, and legitimate email simulations. We found that ESL speakers are at a lower risk of phishing than native English speakers. Additionally, we identified three key parts of the ESL experience of phishing, covering the weariness of receiving emails in their native language, the importance of familiarity, and the consideration of language specific nuances. Our findings show that just because someone is ESL does not mean they are necessarily more at risk of being phished. In the case of ESL speakers in the United States who are fluent, the opposite is true, this group is less likely to be phished when compared to Native English speakers.
Reference
Tara Thomsen, Jennifer Salemy, Christian Willis, and Rick Wash. “Linguistic Protection from Phishing: A Benefit of English as a Second Language.” Poster in Symposium on Usable Privacy and Security (SOUPS).August 2025.