Open Access
Subscription Access
Mobile Device Users’ Susceptibility To Phishing Attacks
The mobile device is one of the fasted growing technologies that is widely used in a diversifying sector. Mobile devices are used for everyday life, such as personal information exchange – chatting, email, shopping, and mobile banking, contributing to information security threats. Users' behavior can influence information security threats. More research is needed to understand users' threat avoidance behavior and motivation. Using Technology threat avoidance theory (TTAT), this study assessed factors that influenced mobile device users' threat avoidance motivations and behaviors as it relates to phishing attacks. From the data collected from 137 mobile device users using a questionnaire, the findings indicate that (1) mobile device users' perceived susceptibility and severity of phishing attacks have a significant correlation with a users' perception of the threat; (2) mobile device users' motivation to avoid a threat is correlated to a users' behavior in avoiding threat; and (3) a mobile device user's susceptibility to phishing attacks can be reduced by their perception of the threat. These findings reveal that a user's perception of threat increases if they perceive that the consequence of such threat to their mobile devices will be severe, thereby increasing a user's motivation and behavior to avoid phishing attack threats. This study is beneficial to mobile device users in personal and organizational settings.
Keywords
Phishing Attacks, Security Behavior, Technology Threat Avoidance, Avoidance Motivation, Mobile device users’ security behaviour.
User
Font Size
Information
- Chin, A. G., Etudo, U., & Harris, M. A. (2016). On mobile device security practices and training efficacy: an empirical study. Informatics in Education-An International Journal, 15, 235-252. doi:10.15388/infedu.2016.12
- Hewitt, B., Dolezel, D., & McLeod, A. (2017). Mobile device security: perspectives of future healthcare workers. Perspective in Health Information Management, 1-14.
- Vishwanath, A. (2016). Mobile device affordance: Explicating how smartphones influence the outcome of phishing attacks. Computers in Human Behavior, 63, 198-207.
- Shende, A., & Saveetha, D. (2016). Protection against phishing in mobile phones. International Journal of Computer Science and Information, 14, 228-233.
- Mouton, F., Malan, M., Kimpaa, K., & Venter, H. S. (2015). Necessity for ethics in social engineering research. Computers & Security, 55, 114-127.
- Purkait, S. (2012). Phishing counter measures and their effectiveness - literature review. Information Management & Computer Security, 20, 382-420.
- Liao, Q., & Li, Z. (2014). Portfolio optimization of computer and mobile botnets. Internal Journal Information Security, 13(1), 1-14.
- Vishwanath, A., Herath, T., Chen, R., Wang, J., & Rao, H. (2011). Why do people get phished? Testing individual differences in phishing vulnerabilities within an integrated, information processing model. Decision Support Systems, 51, 576-586.
- Greavu-Serban, V., & Serban, O. (2014). Social engineering a general approach. Informatica Economica, 18(2), 5-14.
- Liang, H., & Xue, Y. (2010). Understanding security behaviors in personal computer usage: A threat avoidance perspective. Journal of the Association for Information Systems, 11, 394–413.
- Arachchilage, N. A. G., Love, S., & Beznosov, K. (2016). Phishing threat avoidance behaviour: An empirical investigation. Computers in Human Behavior, 60, 185-197.
- Malisa, L., Kostiainen, K., & Capkun, S. (2017). Technical report: Detecting mobile application spoofing attacks by leveraging user visual similarity perception. In Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, 289-300.
- Jeske, D., Briggs, P., & Coventry, L. (2016). Exploring the relationship between impulsivity and decision-making on mobile devices. Personal and Ubiquitous Computing, 20, 545-557.
- La Polla, M., Martinelli, F., & Sgandurra, D. (2013). A survey on security for mobile devices. IEEE Communications Surveys & Tutorials, 15(1), 446-471.
- Foozy, C., Ahmad, R., & Abdollah, M. (2013). Phishing detection taxonomy for mobile device. International Journal of Computer Science, 10(1), 338-344.
- Krombholz, K., Hobel, H., Huber, M., & Weippl, E. (2015). Advanced social engineering attacks. Journal of Information Security and Applications, 22, 2214-2126.
- Jansson, K., & von Solms, R. (2013). Phishing for phishing awareness. Behaviour & Information Technology, 32, 584-593.
- Luga, C., Nurse, J., & Erola, A. (2016). Baiting the hook: factors impacting susceptibility to phishing attacks. Human-centric Computing and Information Sciences, 6(8), 1-20.
- Williams, E., Beardmore, A., & Joinson, A. (2017). Individual differences in susceptibility to online influence: A theoretical review. Computers in Human Behavior, 72, 412-421.
- Belanger, F., Collingnon, S., Enget, K., & Negangard, E. (2017). Determinants of early conformance with information security policies. Information & Management, 54, 887-901.
- Sommestad, T., Karlzen, H., & Hallberg, J. (2015). The sufficiency of the theory of planned behavior for explaining information security policy compliance. Information & Computer Security, 23, 200217.
- Tsai, H. Y. S., Jiang, M., Alhabash, S., LaRose, R., Rifon, N. J., & Cotten, S. R. (2016). Understanding online safety behaviors: A protection motivation theory perspective. Computers & Security, 59, 138-150.
- Lai, F., Li, D., & Hsieh, C. T. (2012). Fighting identity theft: The coping perspective. Decision Support Systems, 52, 353-363.
- Chen, Y., & Zahedi, F. M. (2016). Individuals’ internet security perceptions and behaviors: Polycontextual contrast between the United States and China. MIS Quarterly, 40(1), 205-222.
- Dang-Pham, D., & Pittayachawan, S. (2015). Comparing intention to avoid malware across contexts in a BYOD-enabled Australian university: A protection motivation theory approach. Computers & Security, 48, 281-297.
- Cheon, J., Lee, S., Crooks, S., & Song, J. (2012). An investigation of mobile learning readiness in higher education based on the theory of planned behavior. Computer & Education, 59, 1054-1064.
- Kautonen, T., Gelderen, M., & Fink, M. (2015). Robustness of the theory of planned behavior in predicting entrepreneurial intentions and actions. Entrepreneurship Theory and Practice, 655-647.
- Liang, H., & Xue, Y. (2009). Avoidance of information technology threats: A theoretical perspective. MIS Quarterly, 33(1), 71–90.
- Arachchilage, N. A. G., & Love, S. (2014). Security awareness of computer users: A phishing threat avoidance perspective. Computers in Human Behavior, 38, 304-312.
- Alsaleh, M., Alomar, N., & Alarifi, A. (2017). Smartphone users: Understanding how security mechanisms are perceived and new persuasive methods. PLOS ONE, 12(3), 1-35.
- Arachchilage, N. A. G. (2015). User-centred security education: A game design to thwart phishing attacks. 1-3.
- Young, D., Carpenter, D., & McLeod, A. (2016). Malware Avoidance Motivations and Behaviors: A Technology Threat Avoidance Replication. AIS Transactions on Replication Research, 2(1), 1-17.
- Lastdrager, E. E. (2014). Achieving a consensual definition of phishing based on a systematic review of the literature. Crime Science, 3(1), 1-10.
- Leukfeldt, E. R. (2014). Phishing for suitable targets in the Netherlands: routine activity theory and phishing victimization. Cyberpsychology, Behavior & Social Networking, 17, 551-555.
- Spanos, G., & Angelis, L. (2016). The impact of information security events to the stock market: A systematic literature review. Computers & Security, 58, 216-229.
- Harris, M. A., Furnell, S., & Patten, K. (2014). Comparing the mobile device security behavior of college students and information technology professionals. Journal of Information Privacy and Security, 10, 186-202.
- Wessel, S., Huber, M., Stumpf, F., & Eckert, C. (2015). Improving mobile device security with operating system-level virtualization. Computer & Security, 52, 207-220.
- Crossler, R., & Belanger, F. (2017). The mobile privacy-security knowledge gap model: Understanding behaviors. In Proceedings of the 50th Hawaii International Conference on System Sciences. 4071-4080.
- Lee, W. H., & Lee, R. B. (2015). Multi-sensor authentication to improve smartphone security. International Conference on Information Systems Security and Privacy, 1-11.
- Crawford, H., & Renaud, K. (2014). Understanding user perceptions of transparent authentication on a mobile device. Journal of Trust Management, 1(7), 1-29.
- Park, M., Choi, Y., Eom, J., & Chung, T. (2014). Dangerous Wi-Fi- access point: attacks to benign smartphone applications. Personal and Ubiquitous Computing, 18, 1373-1386.
- Kourouthanassis, P. E., & Giaglis, G. M. (2012). Introduction to the special issue mobile commerce: The past, present, and future of mobile commerce research. International Journal of Electronic Commerce, 16(4), 5-18.
- Wang, P., Gonzalez, M. C., Menezes, R., & Barabasi, A. (2013). Understanding the spread of malicious mobile-phone programs and their damage potential. International Journal of Information Security, 12, 383-392.
- Fernandes, D. A., Soares, L. F., Gomes, J. V., Freire, M., & Inacio, P. R. (2014). Security issues in cloud environments: A survey. International Journal of Information Security, 13, 113-170.
- Seo, S. H., Gupta, A., Sallam, A. M., Bertino, E., & Yim, K. (2014). Detecting mobile malware threats to homeland security through static analysis. Journal of Network and Computer Applications, 38, 43-53.
- Narain Singh, A., Gupta, M. P., & Ojha, A. (2014). Identifying factors of “organizational information security management”. Journal of Enterprise Information Management, 27, 644-667..
- Brody, R., Mulig, E., & Kimball, V. (2007). Phishing, pharming and identity theft. Academy of Accounting and Financial Studies Journal, 11(3), 43-55.
- Singleton, T. (2005). Don't get “hooked” by phishing scams. Journal of Corporate Accounting & Finance, 16(5), 21-28.
- Smedinghoff, T. J. (2005). Phishing: The legal challenges for business. Banking & Financial Services Policy Report, 24(4), 2-5.
- Aleroud, A., & Zhou, L. (2017). Phishing environments, techniques, and countermeasures: A survey. Computers & Security, 68, 160-196.
- Hutchings, A., & Hayes, H. (2008). Routine activity theory and phishing victimisation: Who gets caught in the net. Current Issues Criminal Justice, 20, 433.
- Oppliger, R., & Gajek, S. (2005). Effective protection against phishing and web spoofing. Communications and Multimedia Security, 3677, 32-41.
- Weaver, N., Paxson, V., Staniford, S., & Cunningham, R. (2003). A taxonomy of computer worms. In Proceedings of the 2003 ACM workshop on Rapid malcode, 11-18.
- Bullee, J. H., Montoya, L., Pieters, W., Junger, M., & Hartel, P. H. (2015). The persuasion and security awareness experiment: Reducing the success of social engineering attacks. Journal of Experimental Criminology, 11(1), 97-115.
- Shields, J., Gibson, C., & Smith, D. (2013). Building and sustaining effective individual computer security practices in the workplace and in personal computing. International Journal of Academic Research, 5, 284-291.
- Ng, B. Y., Kankanhalli, A., & Xu, Y. C. (2009). Studying users’ computer security behavior: A health belief perspective. Decision Support Systems, 46, 815-825..
- Imgraben, J., Engelbrecht, A., & Choo, K. R. (2014). Always connected, but are smart mobile users getting more security savvy? A survey of smart mobile device users. Behaviour & Information Technology, 33, 1347-1360.
- Faul, F., Erdfelder, E., Buchner, A., & Lang, A. (2009). Statistical power analyses using G*Power 3.1: Tests for correlation and regression analyses. Behavioral Research Methods, 41, 1149-1160.
- Sarmah, H., & Hazarika, B. (2012). Determination of reliability and validity measures of a questionnaire. Indian Journal of Education and Information Management, 1, 508-517.
- Golafshani, N. (2003). Understanding reliability and validity in qualitative research. The Qualitative Report, 8, 597-606.
- Sagarin, B., Ambler, J., & Lee, E. (2014). An ethical approach to peeking at data. Perspectives on Psychological Science, 9, 293-304.
- Scheau, M. C., Arsene, A., & Dinca, G. (2016). Phishing and e-commerce: An information security management problem. Journal of Defense Resources Management, 7(1), 129-140.
- Louk, M., Lim, H., & Lee, H. (2014). An analysis of security system for intrusion in smartphone environment. The Science World Journal, 2014, 1-12.
- Chen, Y., Ramamurthy, K., & Wen, K. (2015). Impacts of comprehensive information security programs on information security culture. The Journal of Computer Information Systems, 55(3), 11-19.
- Chen, T. C., Stepan, T., Dick, S., & Miller, J. (2014). An anti-phishing system employing diffused information. ACM Transactions on Information and System Security, 16(4), 1-31.
- Kirlappos, L., & Sasse, A. (2012). Security education against phishing: a modest proposal for a major rethink. IEEE Security and Privacy Magazine, 10(2), 24-32.
Abstract Views: 320
PDF Views: 144