Why don't people report phishing emails? Finding the reasons, improving motivations, and securing cyberspac

Posted on:2018-11-12

Degree:Ph.D

Type:Dissertation

University:State University of New York at Buffalo

Candidate:Kwak, Youngsun

Full Text:PDF

GTID:1478390020453456

Subject:Communication

Abstract/Summary:

Antiphishing training efforts are effective to the extent to which individuals are able to correctly identify phishing emails. Even for individuals with advanced knowledge in cyber security, however, it is hardly possible that individuals detect all types of phishing emails. Failure of detecting phishing emails can result in falling for phishing attacks. In this daunting situation, a plain reporting phishing emails can bring about a breakthrough into antiphishing efforts. However, the reporting rate of phishing emails is so far very low, and has been little studied in the social sciences. The current study aims to uncover motivational processes of engaging in reporting phishing emails using the Social Cognitive Theory with two antecedents---awareness of reporting phishing emails and cyber risk beliefs. Three models are examined, which are the social cognitive model of intent to report phishing emails as a baseline model, the baseline model with awareness of reporting phishing emails, and the baseline model with cyber risk beliefs, are tested individually using structural equation analysis of data from 386 college students at a large northeastern university in the United States. Interestingly enough, the concerted efforts of examining the three models reveal that intent to report phishing emails is driven by a proactive approach to cyber security which involves causal relationships among perceived antiphishing self-efficacy, concern for mishandling of reports, and self-reaction of meticulous attention to cyber security behaviors, which also indicate a doubtful mode of cognition and action. The similar results are found in the tests for the second and third model. In addition, the second model uncovers that awareness of reporting phishing emails has the strongest direct effect on intent to report phishing emails; the third model reemphasizes that intent to report phishing emails is driven by a doubtful mode of cognition and action. An unexpected finding reveals that a motivational process of intent not to report phishing emails is driven by a causal path among perceived antiphishing self-efficacy, positive intangible outcomes, and compliance with cyber security behavioral tips, which is called an avoidance/passive approach to cyber security. Implications for future research on the behavior of reporting phishing emails are discussed.

Keywords/Search Tags:

Phishing emails, Cyber security, Cyber risk beliefs

Related items

1	On The Research Of Data And Model-driven Dynamic Cyber-security Protection For Industrial Cyber-physical Systems
2	Interdependent risk and cyber security: An analysis of security investment and cyber insurance
3	Risk Analysis Of Power System Cyber Attack And Digital Watermark Based Cyber Security Defense
4	Research On Risk Management Of Cyber Security Project
5	Cyber Security Insurance And An Empirical Study On Influencing Factors Of Cyber Security Risk Perception
6	Research On Security Control Methods Of Cyber-Phyiscal System Under Cyber-attack
7	Research On Risk Assessment Of Industrial Cyber-Physical System Under Cyber-Attacks
8	Research And Implementation On Detecting Phishing Emails
9	Research On Cyber Security Management Analysis And Improvement Of A Company
10	The Analysis Of The U.S. Cyber Security Strategy Impact On China Cyber Security