The purpose of this paper is to test the protection motivation theory (PMT) in the context of fear appeal interventions to reduce the threat of phishing attacks. In addition, it was tested to what extent the model relations are equivalent across fear appeal conditions and across time.
A pre-test post-test design was used. In the pre-test, 1,201 internet users filled out an online survey and were presented with one of three fear appeal conditions: strong fear appeal, weak fear appeal and control condition. Arguments regarding vulnerability of phishing attacks and response efficacy of vigilant online information-sharing behaviour were manipulated in the fear appeals. In the post-test, data were collected from 786 internet users and analysed with partial least squares path modelling.
The study found that PMT model relations hold in the domain of phishing. Self-efficacy and fear were the most important predictors of protection motivation. In general, the model results were equivalent across conditions and across time.
It is important to consider online information-sharing behaviour because it facilitates the occurrence and success of phishing attacks. The results give practitioners more insight into important factors to address in the design of preventative measures to reduce the success of phishing attacks. Future research is needed to test how fear appeals work in real-world settings and over longer periods.
This paper is a substantial adaptation of a previous conference paper (Jansen and Van Schaik, 2017a, b).
This study is part of the Dutch Research Program on Safety and Security of Online Banking. This program is funded by the Dutch banking sector (represented by the Dutch Banking Association), the Police Academy and the Dutch National Police. The funders primarily took on a facilitating role in the entire research process and occasionally provided feedback on written materials, such as the questionnaire and the manuscript.
Jansen, J. and van Schaik, P. (2018), "Persuading end users to act cautiously online: a fear appeals study on phishing", Information and Computer Security, Vol. 26 No. 3, pp. 264-276. https://doi.org/10.1108/ICS-03-2018-0038Download as .RIS
Emerald Publishing Limited
Copyright © 2018, Emerald Publishing Limited