Using stage theorizing to make anti-phishing recommendations more effective

Tambe Ebot, Alain Claude

doi:10.1108/ics-06-2017-0040

dc.contributor.author	Tambe Ebot, Alain Claude
dc.date.accessioned	2018-11-22T09:32:45Z
dc.date.available	2018-11-22T09:32:45Z
dc.date.issued	2018
dc.identifier.citation	Tambe Ebot, A. C. (2018). Using stage theorizing to make anti-phishing recommendations more effective. <i>Information and Computer Security</i>, <i>26</i>(4), 401-419. <a href="https://doi.org/10.1108/ics-06-2017-0040" target="_blank">https://doi.org/10.1108/ics-06-2017-0040</a>
dc.identifier.other	CONVID_28276455
dc.identifier.other	TUTKAID_78917
dc.identifier.uri	https://jyx.jyu.fi/handle/123456789/60281
dc.description.abstract	Purpose This paper aims to review the behavioral phishing literature to understand why anti-phishing recommendations are not very effective and to propose ways of making the recommendations more effective. The paper also examines how the concept of stages from health communication and psychology can be used to make recommendations against phishing more effective. Design/methodology/approach This literature review study focused on the behavioral phishing literature that has relied on human subjects. Studies were excluded for reasons that included lacking practical recommendations and human subjects. Findings The study finds that phishing research does not consider where victims are residing in qualitatively different stages. Consequently, the recommendations do not often match the specific needs of different victims. This study proposes a prototype for developing stage theories of phishing victims and identifies three stages of phishing victims from analyzing the previous phishing research. Research limitations/implications This study relied on published research on phishing victims. Future research can overcome this problem by interviewing phishing victims. Further, the authors’ recommendation that phishing researchers categorize phishing victims into stages and develop targeted messages is not based on direct empirical evidence. Nonetheless, evidence from cancer research and health psychology suggests that targeted messaging is efficacious and cost-effective. Thus, the impact of targeted messaging in phishing could be quite large. Practical implications The study recommends categorizing individuals into stages, based on their security knowledge and online behaviors, and other similar characteristics they may possess. A stage approach will consider that individuals who at one time clicked on a phishing link because they lacked the requisite security knowledge, after receiving security training, may click on a link because they are overconfident. Originality/value The paper explains why proposing anti-phishing recommendations, based on a “one-size fits all” approach has not been very effective (e.g. because it simplifies why people engage in different behaviors). The proposals introduce a new approach to designing and deploying anti-phishing recommendations based on the concept of stages.	fi
dc.format.mimetype	application/pdf
dc.language.iso	eng
dc.publisher	Emerald Publishing Limited
dc.relation.ispartofseries	Information and Computer Security
dc.rights	In Copyright
dc.subject.other	vaiheteoriat
dc.subject.other	stage theories
dc.title	Using stage theorizing to make anti-phishing recommendations more effective
dc.type	article
dc.identifier.urn	URN:NBN:fi:jyu-201811214811
dc.contributor.laitos	Informaatioteknologian tiedekunta	fi
dc.contributor.laitos	Faculty of Information Technology	en
dc.type.uri	http://purl.org/eprint/type/JournalArticle
dc.date.updated	2018-11-21T13:15:09Z
dc.type.coar	http://purl.org/coar/resource_type/c_dcae04bc
dc.description.reviewstatus	peerReviewed
dc.format.pagerange	401-419
dc.relation.issn	2056-4961
dc.relation.numberinseries	4
dc.relation.volume	26
dc.type.version	acceptedVersion
dc.rights.copyright	© Emerald Publishing Limited 2018
dc.rights.accesslevel	openAccess	fi
dc.subject.yso	verkkourkinta
dc.subject.yso	uhrit
dc.subject.yso	kohdeviestintä
dc.format.content	fulltext
jyx.subject.uri	http://www.yso.fi/onto/yso/p27723
jyx.subject.uri	http://www.yso.fi/onto/yso/p16056
jyx.subject.uri	http://www.yso.fi/onto/yso/p8550
dc.rights.url	http://rightsstatements.org/page/InC/1.0/?language=en
dc.relation.doi	10.1108/ics-06-2017-0040
dc.type.okm	A2

Aineistoon kuuluvat tiedostot

Nimi:: ebotics0620170040.pdf
Koko:: 15.03Mb
Tiedostomuoto:: PDF
Kuvaus:: Final Draft

Katso/Avaa

Aineisto kuuluu seuraaviin kokoelmiin

Informaatioteknologian tiedekunta [2127]

Näytä suppeat kuvailutiedot

Using stage theorizing to make anti-phishing recommendations more effective

Aineistoon kuuluvat tiedostot

Aineisto kuuluu seuraaviin kokoelmiin

Samankaltainen aineisto

Explaining two forms of Internet crime from two perspectives : toward stage theories for phishing and Internet scamming ﻿

Toward a stage theory of adaptive social media use : explaining change in facebook use ﻿

The success of communication in the Adventures of Joe Fin campaign : self-evaluated effects on health behaviour ﻿

Theorizing expectations as enablers of intangible assets in public relations : normative, predictive, and destructive ﻿

Theories of Context, Theorizing Context ﻿

Explaining two forms of Internet crime from two perspectives : toward stage theories for phishing and Internet scamming

Toward a stage theory of adaptive social media use : explaining change in facebook use

The success of communication in the Adventures of Joe Fin campaign : self-evaluated effects on health behaviour

Theorizing expectations as enablers of intangible assets in public relations : normative, predictive, and destructive

Theories of Context, Theorizing Context