PDF iconDownload This Paper
Open PDF in Browser
Add Paper to My Library
Permalink
Using these links will ensure access to this page indefinitely
Copy URL

Defending Against Spear-Phishing: Motivating Users Through Fear Appeal Manipulations

20th Pacific Asia Conference on Information Systems (PACIS 2016), Chiayi, Taiwan, June 27–July 1

12 Pages Posted: 31 Oct 2016

See all articles by Sebastian Schuetz

Sebastian Schuetz

City University of Hong Kong (CityU) - Department of Information Systems

Paul Benjamin Lowry

Virginia Tech - Pamplin College of Business

Jason Thatcher

affiliation not provided to SSRN

Date Written: June 27, 2016

Abstract

Phishing is a pervasive and growing form of online fraud that causes billions in losses annually. Spear-phishing is a highly targeted and successful type of phishing that uses social engineering to craft emails that appear genuine. Multiple studies consistently reported that more than 70 percent of participants fell for such sophisticated spear-phishing attacks. Unfortunately, anti-phishing training campaigns struggle to effectively educate users on how to detect such spear-phishing emails — partially because security is seen as a secondary task outside their normal work, and partially because users are rarely motivated to undergo lengthy training. An effective training approach thus needs to be non-disruptive and brief as to avoid being onerous, and yet, needs to inspire dramatic behavioral change. This is a tremendous, unsolved challenge that we believe can be solved through a novel application of theory. Namely, we turn to fear appeals and protection-motivation theory (PMT) to explain how brief training — delivered in form of a fear appeal — can educate users and evoke protection motivation. As training has to be brief and effective, we further integrate construal-level theory (CLT) to explain how fear appeals can quickly and powerfully evoke mental representations (construals) that effectively stimulate threat perceptions. We plan to conduct a field experiment to test our hypotheses and verify the effectiveness of our proposed training measures in an ecologically valid environment. Our contributions encompass: (1) providing effective and brief anti-phishing training based on fear appeals and PMT; (2) expanding PMT with CLT to guide fear appeal design; (3) demonstrate a full application of CLT.

Keywords: Security, Spear-phishing, Training, Fear Appeals, Protection Motivation Theory, Construal Level Theory

Suggested Citation

Schuetz, Sebastian and Lowry, Paul Benjamin and Thatcher, Jason, Defending Against Spear-Phishing: Motivating Users Through Fear Appeal Manipulations (June 27, 2016). 20th Pacific Asia Conference on Information Systems (PACIS 2016), Chiayi, Taiwan, June 27–July 1, Available at SSRN: https://ssrn.com/abstract=2861410

Sebastian Schuetz

City University of Hong Kong (CityU) - Department of Information Systems ( email )

83 Tat Chee Avenue
Kowloon
Hong Kong

Paul Benjamin Lowry (Contact Author)

Virginia Tech - Pamplin College of Business ( email )

1016 Pamplin Hall
Blacksburg, VA 24061
United States

Jason Thatcher

affiliation not provided to SSRN

PDF iconDownload This Paper
Open PDF in Browser

Do you have negative results from your research you’d like to share?

Submit Negative Results

Paper statistics

Downloads
389
Abstract Views
1,597
Rank
141,481
44 References
PlumX Metrics

Related eJournals