Phishing attacks pose substantial threats to the security of individuals and organizations. Although current anti-phishing tools achieve high accuracy rates and present a potential solution to this problem, users are often reluctant to rely on the predictions of these competent tools. However, we continue to lack a means of resolving this reluctance—or even an explanation for it. To address this need and advance toward a solution, we investigate the factors that influence users' reliance on anti-phishing tools. Over the course of two studies, we test the effects of tool attributes (i.e., accuracy and frequency of phishing email predictions) and develop a model based on the notions of trust and distrust. Countering the common conjecture that tools are not accurate enough, we find that users' under-reliance is not an artifact of the insufficient accuracy of tools, as even in a 100% accuracy condition, users were under-reliant on tools. Rather, we find that while accuracy increases users' trust in tools, full reliance is inhibited by users' distrust, which is driven by a lack of transparency regarding tools' functionalities and the quantity of predictions provided. Thus, overall, our study shows the limits of accuracy in engendering reliance and explains the under-reliance phenomenon by showing that due to lack of knowledge or understanding, some users prefer to rely on their own inferior judgment instead of trusting and relying on the predictions provided by highly accurate tools.

网络钓鱼攻击对个人和组织的安全构成重大威胁。尽管当前的反网络钓鱼工具实现了很高的准确率并为该问题提供了潜在的解决方案，但用户通常不愿意依赖这些有能力的工具的预测。然而，我们仍然缺乏解决这种不情愿的方法——甚至是对此的解释。为了满足这一需求并推进解决方案，我们调查了影响用户对反网络钓鱼工具依赖的因素。在两项研究的过程中，我们测试了工具属性的影响（即网络钓鱼电子邮件预测的准确性和频率），并开发了一个基于信任和不信任概念的模型。反驳工具不够准确的普遍猜想，我们发现用户的 依赖不足并不是工具精度不足的产物，因为即使在 100% 的精度条件下，用户对工具的依赖也不足。相反，我们发现虽然准确性增加了用户对工具的信任，但用户的不信任抑制了完全依赖，这是由于工具功能和提供的预测数量缺乏透明度所致。因此，总体而言，我们的研究显示了产生依赖的准确性的局限性，并通过表明由于缺乏知识或理解，一些用户更愿意依靠自己的低劣判断而不是信任和依赖预测来解释依赖不足现象由高度精确的工具提供。我们发现，虽然准确性增加了用户对工具的信任，但用户的不信任阻碍了完全依赖，这是由于工具功能和提供的预测数量缺乏透明度所致。因此，总体而言，我们的研究显示了产生依赖的准确性的局限性，并通过表明由于缺乏知识或理解，一些用户更愿意依靠自己的低劣判断而不是信任和依赖预测来解释依赖不足现象由高度精确的工具提供。我们发现，虽然准确性增加了用户对工具的信任，但用户的不信任阻碍了完全依赖，这是由于工具功能和提供的预测数量缺乏透明度所致。因此，总体而言，我们的研究显示了产生依赖的准确性的局限性，并通过表明由于缺乏知识或理解，一些用户更愿意依靠自己的低劣判断而不是信任和依赖预测来解释依赖不足现象由高度精确的工具提供。