Access the full text.
Sign up today, get DeepDyve free for 14 days.
K. Parsons, Agata McCormac, M. Pattinson, M. Butavicius, C. Jerram (2015)
The design of phishing studies: Challenges for researchersComput. Secur., 52
W. Velicer, C. DiClemente, J. Prochaska, N. Brandenburg (1985)
Decisional balance measure for assessing and predicting smoking status.Journal of personality and social psychology, 48 5
Serge Egelman, L. Cranor, Jason Hong (2008)
You've been warned: an empirical study of the effectiveness of web browser phishing warningsProceedings of the SIGCHI Conference on Human Factors in Computing Systems
J. Downs, Mandy Holbrook, L. Cranor (2006)
Decision strategies and susceptibility to phishing
X. Luo, Wei Zhang, S. Burd, Alessandro Seazzu (2013)
Investigating phishing victimization with the Heuristic-Systematic Model: A theoretical framework and an explorationComput. Secur., 38
W. Orlikowski, J. Baroudi (1990)
Studying Information Technology in Organizations: Research Approaches and AssumptionsOrganizations & Markets eJournal
Jingguo Wang, Tejaswini Herath, Rui Chen, A. Vishwanath, H. Rao (2012)
Research Article Phishing Susceptibility: An Investigation Into the Processing of a Targeted Spear Phishing EmailIEEE Transactions on Professional Communication, 55
M. Lynne, Markus And, D. Robey (1988)
Information technology and organizational change: causal structure in theory and researchManagement Science, 34
J. Crowe (2016)
Phishing by the numbers: must-know phishing statistics 2016
S. Goel, K. Williams, Ersin Dincelli (2017)
Got Phished? Internet Security and Human VulnerabilityJ. Assoc. Inf. Syst., 18
Serena Chen, S. Chaiken (1999)
The heuristic-systematic model in its broader context.
J. Prochaska, C. DiClemente (1983)
Stages and processes of self-change of smoking: toward an integrative model of change.Journal of consulting and clinical psychology, 51 3
B. Kitchenham (2004)
Procedures for Performing Systematic Reviews
B. Marcus, J. Rossi, Vanessa Selby, R. Niaura, D. Abrams (1992)
The stages and processes of exercise adoption and maintenance in a worksite sample.Health psychology : official journal of the Division of Health Psychology, American Psychological Association, 11 6
C. DiClemente, J. Prochaska, Scott Fairhurst, W. Velicer, M. Velasquez, J. Rossi (1991)
The process of smoking cessation: an analysis of precontemplation, contemplation, and preparation stages of change.Journal of consulting and clinical psychology, 59 2
Chitu Okoli (2015)
A Guide to Conducting a Standalone Systematic Literature ReviewCommun. Assoc. Inf. Syst., 37
Mohamed Alsharnouby, Furkan Alaca, S. Chiasson (2015)
Why phishing still works: User strategies for combating phishing attacksInt. J. Hum. Comput. Stud., 82
A. Burton-Jones, E. McLean, E. Monod (2015)
Theoretical perspectives in IS research: from variance and process to conceptual latitude and conceptual fitEuropean Journal of Information Systems, 24
S. Purkait (2016)
Information Management & Computer Security Phishing counter measures and their effectiveness – literature review
American Psychologist, 47
Van Ven, H. Andrew (2007)
Engaged Scholarship: A Guide for Organizational and Social Research
W. Orlikowski (2015)
Integrated Information Environment or Matrix of Control?: The Contradictory Implications of Information Technology
Information Management & Computer Security, 20
Min Wu, Rob Miller, S. Garfinkel (2006)
Do security toolbars actually prevent phishing attacks?Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Rachna Dhamija, J. Tygar, Marti Hearst (2006)
Why phishing worksProceedings of the SIGCHI Conference on Human Factors in Computing Systems
C. DiClemente (1986)
Self-Efficacy and the Addictive BehaviorsJournal of Social and Clinical Psychology, 4
N. Davinson, Elizabeth Sillence (2010)
It won't happen to me: Promoting secure behaviour among internet usersComput. Hum. Behav., 26
N. Weinstein, Alexander Rothman, Stephen Sutton (1998)
Stage theories of health behavior: conceptual and methodological issues.Health psychology : official journal of the Division of Health Psychology, American Psychological Association, 17 3
D. Whitehead, G. Russell (2004)
How effective are health education programmes--resistance, reactance, rationality and risk? Recommendations for effective practice.International journal of nursing studies, 41 2
S. Chaiken (1987)
The heuristic model of persuasion
M. Newman, D. Robey (1992)
A Social Process Model of User-Analyst RelationshipsMIS Q., 16
M. Volkamer, K. Renaud, B. Reinheimer, Alexandra Kunz (2017)
User experiences of TORPEDO: TOoltip-poweRed Phishing Email DetectiOnComput. Secur., 71
N. Weinstein, P. Sandman (1992)
A model of the precaution adoption process: evidence from home radon testing.Health psychology : official journal of the Division of Health Psychology, American Psychological Association, 11 3
Steve Sheng, Mandy Holbrook, P. Kumaraguru, L. Cranor, J. Downs (2010)
Who falls for phish?: a demographic analysis of phishing susceptibility and effectiveness of interventionsProceedings of the SIGCHI Conference on Human Factors in Computing Systems
J. Prochaska, W. Velicer, C. DiClemente, J. Fava (1988)
Measuring processes of change: applications to the cessation of smoking.Journal of consulting and clinical psychology, 56 4
Brynne Harrison, Elena Svetieva, A. Vishwanath (2016)
Individual processing of phishing emails: How attention and elaboration protect against phishingOnline Inf. Rev., 40
W. Velicer, J. Prochaska, Colleen Redding (2006)
Tailored communications for smoking cessation: past successes and future directions.Drug and alcohol review, 25 1
O. Zielinska, Rucha Tembe, Kyung Hong, Xi Ge, E. Murphy-Hill, C. Mayhorn (2014)
One Phish, Two Phish, How to Avoid the Internet PhishProceedings of the Human Factors and Ergonomics Society Annual Meeting, 58
R. Dodge, C. Carver, A. Ferguson (2007)
Phishing for user security awarenessComput. Secur., 26
R. Schwarzer (2008)
Some Burning Issues in Research on Health Behavior ChangeApplied Psychology, 57
R. Petty, J. Cacioppo (1986)
The Elaboration Likelihood Model of Persuasion
N. Weinstein (1984)
Why it won't happen to me: perceptions of risk factors and susceptibility.Health psychology : official journal of the Division of Health Psychology, American Psychological Association, 3 5
P. Kumaraguru, Yong Rhee, A. Acquisti, L. Cranor, Jason Hong, Elizabeth Ferrall-Nunge (2007)
Protecting people from phishing: the design and evaluation of an embedded training email systemProceedings of the SIGCHI Conference on Human Factors in Computing Systems
P. Kumaraguru, Steve Sheng, A. Acquisti, L. Cranor, Jason Hong (2010)
Teaching Johnny not to fall for phishACM Trans. Internet Techn., 10
Ralf Schwarzer, Benicio Gutiérrez-Doña (2009)
Modelando el cambio en el comportamiento de salud: Cómo predecir y modificar la adopción y el mantenimiento de comportamientos de salud/Modeling Health Behavior Change: How to Predict and Modify the Adoption and Maintenance of Health Behaviors, 28
J. Prochaska, W. Velicer (1997)
The Transtheoretical Model of Health Behavior ChangeAmerican Journal of Health Promotion, 12
D. Turner, V. Prevelakis, A. Keromytis (2010)
A market-based bandwidth charging frameworkACM Trans. Internet Techn., 10
(2007)
The human factor in phishing
M. Jensen, Michael Dinger, Ryan Wright, J. Thatcher (2017)
Training to Mitigate Phishing Attacks Using Mindfulness TechniquesJournal of Management Information Systems, 34
J. Prochaska, C. DiClemente, J. Norcross (1992)
In Search of How People Change: Applications to Addictive BehaviorsJournal of Addictions Nursing, 5
Jingguo Wang (2016)
Overconfidence in Phishing Email DetectionJ. Assoc. Inf. Syst., 17
D. Buller, J. Burgoon (1996)
Interpersonal Deception TheoryCommunication Theory, 6
Ryan Wright, M. Jensen, J. Thatcher, Michael Dinger, Kent Marett (2014)
Research Note - Influence Techniques in Phishing Attacks: An Examination of Vulnerability and ResistanceInf. Syst. Res., 25
Gregory Moody, D. Galletta, B. Dunn (2017)
Which phish get caught? An exploratory study of individuals′ susceptibility to phishingEuropean Journal of Information Systems, 26
Tambe Ebot, Alain Claude (2017)
Explaining two forms of Internet crime from two perspectives : toward stage theories for phishing and Internet scamming
Ryan Wright, Kent Marett (2010)
The Influence of Experiential and Dispositional Factors in Phishing: An Empirical Investigation of the DeceivedJournal of Management Information Systems, 27
C. DiClemente, J. Prochaska, M. Gibertini (1985)
Self-efficacy and the stages of self-change of smokingCognitive Therapy and Research, 9
J. Prochaska, C. DiClemente (1986)
Toward a Comprehensive Model of Change
W. Velicer, J. Prochaska (2008)
Stage and Non‐stage Theories of Behavior and Behavior Change: A Comment on SchwarzerApplied Psychology, 57
J. Prochaska, W. Velicer, E. Guadagnoli, J. Rossi, C. DiClemente (1991)
Patterns of Change: Dynamic Typology Applied to Smoking Cessation.Multivariate behavioral research, 26 1
A. Vishwanath, Tejaswini Herath, Rui Chen, Jingguo Wang, H. Rao, R. Chen, J. Wang, H. Rao (2011)
Why do people get phished? Testing individual differences in phishing vulnerability within an integrated, information processing modelDecis. Support Syst., 51
J. Prochaska, C. DiClemente, W. Velicer, J. Rossi (1993)
Standardized, individualized, interactive, and personalized self-help programs for smoking cessation.Health psychology : official journal of the Division of Health Psychology, American Psychological Association, 12 5
M. Junger, Lorena Montoya, F. Overink (2017)
Priming and warnings are not effective to prevent social engineering attacksComput. Hum. Behav., 66
M. Pattinson, C. Jerram, K. Parsons, Agata McCormac, M. Butavicius (2012)
Why Do Some People Manage Phishing Emails Better Than Others?Inf. Manag. Comput. Secur., 20
J. Prochaska, Colleen Redding, L. Harlow, J. Rossi, W. Velicer (1994)
The Transtheoretical Model of Change and HIV Prevention: A ReviewHealth Education & Behavior, 21
N. Arachchilage, S. Love, K. Beznosov (2016)
Phishing threat avoidance behaviour: An empirical investigationComput. Hum. Behav., 60
Mariam Al-Hamar, R. Dawson, Jassim Alhamar (2011)
The need for education on phishing: a survey comparison of the UK and QatarCampus-wide Information Systems, 28
J. Prochaska, C. DiClemente (1982)
Transtheoretical therapy: Toward a more integrative model of change.Psychotherapy, 19
R. Scapens, M. Jazayeri (2003)
ERP systems and management accounting change: opportunities or impacts? A research noteEuropean Accounting Review, 12
Phishing remains a major cybersecurity problem. Mainly adopting variance approaches, researchers have suggested several recommendations to help users avoid being victimized in phishing attacks. However, the evidence suggests that anti-phishing recommendations are not very effective. The purpose of this paper is threefold: first, to analyze why the existing anti-phishing recommendations may not be very effective; second, to propose stage theorizing as an additional approach for studying phishing that can contribute toward more effective recommendations; and third, to demonstrate using a stage theory, how IS researchers can utilize the concept of stages in phishing research.Design/methodology/approachThe study draws on findings from previous empirical phishing research to assess whether the reasons why people are victimized in phishing attacks can be categorized into stages. The criteria for stages of the Transtheoretical Model (TTM) are used as an example.FindingsAnalysis indicates support for the existence of stages of phishing victims. The criteria for stages of the TTM were applied to the reasons that subjects in previous studies gave for clicking on phishing links and to the anti-phishing recommendations proposed in previous studies. There was overall support for four of the five criteria of the TTM. The results from the current study indicate that a targeted approach is a better approach to proposing anti-phishing recommendations.Practical implicationsThe analysis identified the stages of phishing victims and the processes of change for each stage. It is suggested that recommendations against phishing should target individuals based on their resident stages. Moreover, the processes of change should be applied to the correct stage for the recommendations to be effective.Originality/valueFrom a phishing perspective, there is a lack of research based on stage theorizing. The current study presents stage theorizing as an additional approach to the existing approaches and demonstrates how a stage theory can be used to make more effective recommendations against phishing. The study has thrown light on the benefits of stage theorizing and how its approach to targeted recommendations can be useful in IS security research.
Information Technology and People – Emerald Publishing
Published: Sep 23, 2019
Keywords: Security; Practice; End users; Phishing; Process theory; Theoretical perspective
Read and print from thousands of top scholarly journals.
Already have an account? Log in
Bookmark this article. You can see your Bookmarks on your DeepDyve Library.
To save an article, log in first, or sign up for a DeepDyve account if you don’t already have one.
Copy and paste the desired citation format or use the link below to download a file formatted for EndNote
Access the full text.
Sign up today, get DeepDyve free for 14 days.
All DeepDyve websites use cookies to improve your online experience. They were placed on your computer when you launched this website. You can change your cookie settings through your browser.