Abstract

PurposeThis paper aims to review the behavioral phishing literature to understand why anti-phishing recommendations are not very effective and to propose ways of making the recommendations more effective. The paper also examines how the concept of stages from health communication and psychology can be used to make recommendations against phishing more effective.Design/methodology/approachThis literature review study focused on the behavioral phishing literature that has relied on human subjects. Studies were excluded for reasons that included lacking practical recommendations and human subjects.FindingsThe study finds that phishing research does not consider where victims are residing in qualitatively different stages. Consequently, the recommendations do not often match the specific needs of different victims. This study proposes a prototype for developing stage theories of phishing victims and identifies three stages of phishing victims from analyzing the previous phishing research.Research limitations/implicationsThis study relied on published research on phishing victims. Future research can overcome this problem by interviewing phishing victims. Further, the authors’ recommendation that phishing researchers categorize phishing victims into stages and develop targeted messages is not based on direct empirical evidence. Nonetheless, evidence from cancer research and health psychology suggests that targeted messaging is efficacious and cost-effective. Thus, the impact of targeted messaging in phishing could be quite large.Practical implicationsThe study recommends categorizing individuals into stages, based on their security knowledge and online behaviors, and other similar characteristics they may possess. A stage approach will consider that individuals who at one time clicked on a phishing link because they lacked the requisite security knowledge, after receiving security training, may click on a link because they are overconfident.Originality/valueThe paper explains why proposing anti-phishing recommendations, based on a “one-size fits all” approach has not been very effective (e.g. because it simplifies why people engage in different behaviors). The proposals introduce a new approach to designing and deploying anti-phishing recommendations based on the concept of stages.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.