Abstract

Phishing e-mails are fraudulent e-mails used to gain access to sensitive information or secure computer systems. They persuade users to click on malicious links, download attachments or provide sensitive information, such as usernames or passwords. One approach that aims to reduce people’s susceptibility to phishing is the provision of information to users regarding the phishing threat and the techniques used within phishing e-mails. In line with this, awareness campaigns are often used within organizations and wider society to raise awareness of phishing and encourage people to engage with protective information. However, the potential effectiveness of such approaches in reducing susceptibility remains uncertain. In particular, there is a lack of research investigating (i) whether the propensity to access such information may in itself influence susceptibility to phishing and (ii) the different factors that motivate people to engage with information in the first place. In order to understand how current and future interventions regarding phishing may be consumed by users, as well as their potential impact on phishing susceptibility, it is important to conduct theoretically based research that provides a foundation to investigate these issues. This study provides a first step in addressing this by developing and validating a theoretically based survey measure across two studies centred upon the constructs of protection motivation theory (perceived vulnerability, severity, self-efficacy and response efficacy) to assess the factors that influence whether people choose to keep up to date with protective information about phishing. This survey measure is then used within Study 2 to provide an initial investigation of the role of these constructs in (i) self-reported user intentions to keep up to date with phishing techniques in the future and (ii) phishing discrimination ability, assessed using a phishing quiz. Overall, higher perceived threat severity, self-efficacy and response efficacy were associated with greater intentions, while greater perceived vulnerability was associated with lower intentions. No relationship was found with phishing discrimination ability. By understanding the factors that influence user intention to maintain knowledge and seek information about phishing threats, it will be possible to ensure that, as effective interventions are developed, their potential impact can be maximized.

中文翻译：

---

制定衡量网络钓鱼信息的措施

摘要

网上诱骗电子邮件是用于获取敏感信息或安全计算机系统的欺诈性电子邮件。他们说服用户单击恶意链接，下载附件或提供敏感信息，例如用户名或密码。一种旨在减少人们对网络钓鱼的敏感性的方法是向用户提供有关网络钓鱼威胁和网络钓鱼电子邮件中使用的技术的信息。为此，组织和更广泛的社会经常使用提高意识的活动来提高网络钓鱼的意识并鼓励人们使用保护性信息。但是，这种方法在降低药敏性方面的潜在效果仍然不确定。特别是，缺乏研究来调查（i）获取此类信息的倾向本身是否会影响网络钓鱼的易感性，以及（ii）首先促使人们使用信息的各种因素。为了了解用户可能如何使用当前和将来的网络钓鱼干预措施，以及它们对网络钓鱼敏感性的潜在影响，进行基于理论的研究为研究这些问题提供基础非常重要。这项研究通过针对以保护动机理论（感知脆弱性，严重程度，自我效能和响应效能）以评估影响人们是否选择了解网络钓鱼防护信息的因素。然后，在研究2中使用此调查措施对这些构造在以下方面的作用进行初步调查：（i）自我报告的用户意图，以便随时了解最新的网络钓鱼技术；以及（ii）网络钓鱼辨别能力，使用网络钓鱼测验。总体而言，较高的感知威胁严重性，自我效能和响应效率与较高的意图相关，而较高的感知脆弱性与较低的意图相关。没有发现与网络钓鱼识别能力的关系。通过了解影响用户维护知识和寻求网络钓鱼威胁信息的因素，