Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

How stage theorizing can improve recommendations against phishing attacks

How stage theorizing can improve recommendations against phishing attacks Phishing remains a major cybersecurity problem. Mainly adopting variance approaches, researchers have suggested several recommendations to help users avoid being victimized in phishing attacks. However, the evidence suggests that anti-phishing recommendations are not very effective. The purpose of this paper is threefold: first, to analyze why the existing anti-phishing recommendations may not be very effective; second, to propose stage theorizing as an additional approach for studying phishing that can contribute toward more effective recommendations; and third, to demonstrate using a stage theory, how IS researchers can utilize the concept of stages in phishing research.Design/methodology/approachThe study draws on findings from previous empirical phishing research to assess whether the reasons why people are victimized in phishing attacks can be categorized into stages. The criteria for stages of the Transtheoretical Model (TTM) are used as an example.FindingsAnalysis indicates support for the existence of stages of phishing victims. The criteria for stages of the TTM were applied to the reasons that subjects in previous studies gave for clicking on phishing links and to the anti-phishing recommendations proposed in previous studies. There was overall support for four of the five criteria of the TTM. The results from the current study indicate that a targeted approach is a better approach to proposing anti-phishing recommendations.Practical implicationsThe analysis identified the stages of phishing victims and the processes of change for each stage. It is suggested that recommendations against phishing should target individuals based on their resident stages. Moreover, the processes of change should be applied to the correct stage for the recommendations to be effective.Originality/valueFrom a phishing perspective, there is a lack of research based on stage theorizing. The current study presents stage theorizing as an additional approach to the existing approaches and demonstrates how a stage theory can be used to make more effective recommendations against phishing. The study has thrown light on the benefits of stage theorizing and how its approach to targeted recommendations can be useful in IS security research. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png Information Technology and People Emerald Publishing

How stage theorizing can improve recommendations against phishing attacks

Information Technology and People , Volume 32 (4): 30 – Sep 23, 2019

Loading next page...
 
/lp/emerald-publishing/how-stage-theorizing-can-improve-recommendations-against-phishing-i32IrpKQu0

References (69)

Publisher
Emerald Publishing
Copyright
© Emerald Publishing Limited
ISSN
0959-3845
DOI
10.1108/itp-12-2017-0434
Publisher site
See Article on Publisher Site

Abstract

Phishing remains a major cybersecurity problem. Mainly adopting variance approaches, researchers have suggested several recommendations to help users avoid being victimized in phishing attacks. However, the evidence suggests that anti-phishing recommendations are not very effective. The purpose of this paper is threefold: first, to analyze why the existing anti-phishing recommendations may not be very effective; second, to propose stage theorizing as an additional approach for studying phishing that can contribute toward more effective recommendations; and third, to demonstrate using a stage theory, how IS researchers can utilize the concept of stages in phishing research.Design/methodology/approachThe study draws on findings from previous empirical phishing research to assess whether the reasons why people are victimized in phishing attacks can be categorized into stages. The criteria for stages of the Transtheoretical Model (TTM) are used as an example.FindingsAnalysis indicates support for the existence of stages of phishing victims. The criteria for stages of the TTM were applied to the reasons that subjects in previous studies gave for clicking on phishing links and to the anti-phishing recommendations proposed in previous studies. There was overall support for four of the five criteria of the TTM. The results from the current study indicate that a targeted approach is a better approach to proposing anti-phishing recommendations.Practical implicationsThe analysis identified the stages of phishing victims and the processes of change for each stage. It is suggested that recommendations against phishing should target individuals based on their resident stages. Moreover, the processes of change should be applied to the correct stage for the recommendations to be effective.Originality/valueFrom a phishing perspective, there is a lack of research based on stage theorizing. The current study presents stage theorizing as an additional approach to the existing approaches and demonstrates how a stage theory can be used to make more effective recommendations against phishing. The study has thrown light on the benefits of stage theorizing and how its approach to targeted recommendations can be useful in IS security research.

Journal

Information Technology and PeopleEmerald Publishing

Published: Sep 23, 2019

Keywords: Security; Practice; End users; Phishing; Process theory; Theoretical perspective

There are no references for this article.