Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

How Do We Fight Email Phishing? (ICA2015 - San Juan, PR)


Published on

A research presentation made in ICA2015:

Email phishing poses a grave security threat to national governments, business operations and average Internet users. The current study presents a model of counter-phishing protective behaviour based on email users' cognitive appraisal of phishing threat and systematic/heuristic processing of email content. The model integrates the theoretical frameworks of protection motivation theory and heuristic-systematic model of information processing. Findings suggest that protective behaviour against email phishing is predicted by a high degree of perceived severity and vulnerability towards cybersecurity risks, a high level of self-efficacy in performing cybersecurity checks and efficacy in responding using cybersecurity tools. The perceived severity, along with the elevated degree of protective behaviour, predicts systematic processing of phishing emails.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

How Do We Fight Email Phishing? (ICA2015 - San Juan, PR)

  1. 1. Enabling Protection Motivation in Heuristic-Systematic Defense against Email Phishing • Weiai Wayne Xu, PhD Candidate, Department of Communication, SUNY- Buffalo • Arun Vishwanath, PhD, Associate Professor, Department of Communication, SUNY-Buffalo • Zhi Yang (Zed) Ngoh, Department of Communication, SUNY-Buffalo
  2. 2. 2014: The year of cybersecurity
  3. 3. We are the moles!
  4. 4. What we know so far… Based on heuristic-systematic processing model (HSM) (Chen & Chaiken, 1999) Heuristic processing: bypass in- depth thinking and instead rely on heuristics, rules of thumbs, past experience, and instincts (for efficiency) Systematic processing: scrutinize all elements and aspects of information presented (for accuracy)
  5. 5. Based on protection motivation theory (PMT) (Rogers,1975) Severity Vulnerability Response efficacy Self-efficacy Protection enactment What we know so far…
  6. 6. The integrated model
  7. 7. • 288 students • A simulated phishing email disguised to originate from the university’s student ID card office. • The phishing email requested the participants to provide personal information to update their credit card information The experiment
  8. 8. The results
  9. 9. Theoretical implication: • It is one of the few studies that applies the PMT framework to an email phishing context • The incorporation of both PMT and HSM Practical insights: • Fear drives protection and more mindful internet behavior • Skills/knowledge (self-efficacy) matters Takeaway