Phishing threat avoidance behaviour: An empirical investigation

Phishing is an online identity theft that aims to steal sensitive information such as username, password and online banking details from its victims. Phishing education needs to be considered as a means to combat this threat. This paper reports on a design and development of a mobile game prototype...

Full description

Saved in:
Bibliographic Details
Published in:Computers in human behavior 2016-07, Vol.60, p.185-197
Main Authors: Arachchilage, Nalin Asanka Gamagedara, Love, Steve, Beznosov, Konstantin
Format: Article
Language:English
Subjects:
Avoidance
Design analysis
Education
Game based learning
Games
Human behavior
Mobile learning
Perception
Phishing
Phishing threats
Prototypes
Security awareness
Security education
Usable security
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Phishing is an online identity theft that aims to steal sensitive information such as username, password and online banking details from its victims. Phishing education needs to be considered as a means to combat this threat. This paper reports on a design and development of a mobile game prototype as an educational tool helping computer users to protect themselves against phishing attacks. The elements of a game design framework for avoiding phishing attacks were used to address the game design issues. Our mobile game design aimed to enhance the users' avoidance behaviour through motivation to protect themselves against phishing threats. A think-aloud study was conducted, along with a pre- and post-test, to assess the game design framework though the developed mobile game prototype. The study results showed a significant improvement of participants' phishing avoidance behaviour in their post-test assessment. Furthermore, the study findings suggest that participants' threat perception, safeguard effectiveness, self-efficacy, perceived severity and perceived susceptibility elements positively impact threat avoidance behaviour, whereas safeguard cost had a negative impact on it. •We developed a mobile game prototype to thwart phishing attacks.•Investigated what key elements should be addressed in the game.•The elements derived from a game design framework were incorporated.•Empirically investigated users' phishing threat avoidance behaviour.
ISSN:0747-5632
1873-7692
DOI:10.1016/j.chb.2016.02.065