While the email traffic is growing around the world, suchquestions often arise to recipients: to click or not to click? Should Itrust or should I distrust? When interacting with computers or digitalartefacts, individuals try to replicate interpersonal trust and distrustmechanisms in order to calibrate their trust. Such mechanisms rely onthe ways individuals interpret and understand information.Technical information systems security solutions may reduce externaland technical threats; yet the academic literature as well as industrialprofessionals warn on the risks associated with insider threats, thosecoming from inside the organization and induced by legitimate users.This article focuses on phishing emails as an unintentional insider threat.After a literature review on interpretation and knowledge management,insider threats and security, trust and distrust, we present a methodologyand experimental protocol used to conduct a study with 250 participantsand understand the ways they interpret, decide to trust or to distrustphishing emails. In this article, we discuss the preliminary results of thisstudy and outline future works and directions.
