The design and evaluation of a theory-based intervention to promote security behaviour against phishing

Abstract

Abstract This study examined the impact of fear appeal messages on user cognitions, attitudes, behavioural attentions and precautionary behaviour regarding online information-sharing to protect against the threat of phishing attacks. A pre-test post-test design was used in which 768 Internet users filled out an online questionnaire. Participants were grouped in one of three fear appeal conditions: strong-fear appeal, weak-fear appeal and control condition. Claims regarding vulnerability of phishing attacks and claims concerning response efficacy of protective online information-sharing behaviour were manipulated in the fear appeal messages. The study demonstrates positive effects of fear appeals on heightening end-users’ cognitions, attitudes and behavioural intentions. However, future studies are needed to determine how subsequent security behaviour can be promoted, as the effects on this crucial aspect were not directly observed. Nonetheless, we conclude that fear appeals have great potential to promote security behaviour by making end users aware of threats and simultaneously providing behavioural advice on how to mitigate these threats.