Abstract

Phishing e-mails are fraudulent e-mails used to gain access to sensitive information or secure computer systems. They persuade users to click on malicious links, download attachments or provide sensitive information, such as usernames or passwords. One approach that aims to reduce people's susceptibility to phishing is the provision of information to users regarding the phishing threat and the techniques used within phishing e-mails. In line with this, awareness campaigns are often used within organizations and wider society to raise awareness of phishing and encourage people to engage with protective information. However, the potential effectiveness of such approaches in reducing susceptibility remains uncertain. In particular, there is a lack of research investigating (i) whether the propensity to access such information may in itself influence susceptibility to phishing and (ii) the different factors that motivate people to engage with information in the first place. In order to understand how current and future interventions regarding phishing may be consumed by users, as well as their potential impact on phishing susceptibility, it is important to conduct theoretically based research that provides a foundation to investigate these issues. This study provides a first step in addressing this by developing and validating a theoretically based survey measure across two studies centred upon the constructs of protection motivation theory (perceived vulnerability, severity, self-efficacy and response efficacy) to assess the factors that influence whether people choose to keep up to date with protective information about phishing. This survey measure is then used within Study 2 to provide an initial investigation of the role of these constructs in (i) self-reported user intentions to keep up to date with phishing techniques in the future and (ii) phishing discrimination ability, assessed using a phishing quiz. Overall, higher perceived threat severity, self-efficacy and response efficacy were associated with greater intentions, while greater perceived vulnerability was associated with lower intentions. No relationship was found with phishing discrimination ability. By understanding the factors that influence user intention to maintain knowledge and seek information about phishing threats, it will be possible to ensure that, as effective interventions are developed, their potential impact can be maximized.

Original languageEnglish
Article numbertyaa001
Number of pages16
JournalJournal of Cybersecurity
Volume6
Issue number1
Early online date22 Feb 2020
DOIs
Publication statusPublished - 2020

Keywords

  • information security
  • information seeking
  • phishing
  • protection motivation theory
  • security awareness

ASJC Scopus subject areas

  • Computer Science (miscellaneous)
  • Social Psychology
  • Safety, Risk, Reliability and Quality
  • Political Science and International Relations
  • Computer Networks and Communications
  • Law

Fingerprint Dive into the research topics of 'Developing a measure of information seeking about phishing'. Together they form a unique fingerprint.

Cite this