How do technology use patterns influence phishing susceptibility? A two-wave study of the role of reformulated locus of control

Abstract

ABSTRACT Phishing attacks continue to be a concern for academia and practice. Practitioners ranked phishing attacks second to data breaches in a recent industry survey. For scholars, interest in understanding the factors that influence phishing susceptibility, defined as user vulnerability to phishing attacks, continues to grow. While prior research has identified either state (situational cues) or trait (technology use) factors that influence users’ response to phishing attacks, little previous research has investigated simultaneously user control of both state and trait factors on susceptibility to phishing. Additionally, the influence of users’ automatic or routine technology use, user traits, on phishing susceptibility has not been examined. We investigate the effects of users’ control of both state and trait factors on phishing susceptibility. Our results offer several interesting insights. Specifically, while routine technology use trait decreases phishing susceptibility, automatic technology use trait increases phishing susceptibility. Furthermore, while situational cues are related to phishing susceptibility, only users’ automatic technology use is related to susceptibility to phishing under message sender situational cues. Our findings provide practical insights for developing countermeasures that incorporate the level of control into training programs that target trainees with customised training aimed at preventing successful phishing attacks.