Phishing threat avoidance behaviour: An empirical investigation

Nalin Asanka Gamagedara Arachchilage ; Steve Love ; Konstantin Beznosov

27 February 2016

Abstract: Abstract Phishing is an online identity theft that aims to steal sensitive information such as username, password and online banking details from its victims. Phishing education needs to be considered as a means to combat this threat. This paper reports on a design and development of a mobile game prototype as an educational tool helping computer users to protect themselves against phishing attacks. The elements of a game design framework for avoiding phishing attacks were used to address the game design issues. Our mobile game design aimed to enhance the users' avoidance behaviour through motivation to protect themselves against phishing threats. A think-aloud study was conducted, along with a pre- and post-test, to assess the game design framework though the developed mobile game prototype. The study results showed a significant improvement of participants' phishing avoidance behaviour in their post-test assessment. Furthermore, the study findings suggest that participants' threat perception, safeguard effectiveness, self-efficacy, perceived severity and perceived susceptibility elements positively impact threat avoidance behaviour, whereas safeguard cost had a negative impact on it.

Keyword(s): Usable security ; Security awareness ; Phishing threats ; Security education ; Mobile learning ; Game based learning

Published in: Nalin Asanka Gamagedara Arachchilage, Steve Love, Konstantin Beznosov, Phishing threat avoidance behaviour: An empirical investigation, Computers in Human Behavior, Volume 60, July 2016, Pages 185-197, ISSN 0747-5632:

The record appears in these collections:
Refereed Journal Papers
Usable Security

 Record created 2016-04-06, last modified 2016-04-06

Download fulltextPDF Download fulltextPDF (PDFA)
Rate this document:

Rate this document:
(Not yet reviewed)