Cyber-attack and privacy threats are very common on the Internet. Mainstream browsers like Google Chrome, Safari, and Firefox provide different types of warning systems when users are at risk of facing cyber security threats. Users are expected to assess cybersecurity risks and make rational decisions when they are conducting online transactions, accessing URLs, and downloading files from the Internet. However, as the “weakest link in the security chain” (Sasse et al., p. 122), people sometimes fail to detect threats. Previous research has explored the effectiveness of physical and structural cues and miscues (Darwish and Bataineh, 2012; Smith et al., 2016). They focused on Internet users’ ability to notice and interpret cues and miscues which are embedded in webpages or emails. Researchers have also looked at the impact of human factors on users’ ability to recognize fraudulent messages. They found that gender differences, human cognitive limitations, and individual differences affect our susceptibility to phishing and cyber-attacks (Dhamija et al., 2006; Downs et al., 2006). Although awareness and vigilance of cyber threats among Internet users has increased, hackers and phishers have become more sophisticated and are able better able to fabricate content. As a result, some phishing websites can easily evade filters (Dong et al., 2010). Phishers and hackers also exploit users’ susceptibility to deception by providing incentives such as monetary gains or rewards. Wright et al. (2014) found that phishers framed their phishing messages as gains or benefits to induce users’ vigilance. However, few studies have taken risks into consideration in examining how Internet users make trade-off decisions between the offered rewards and the risks involved. Therefore, this research is expected to fill an important gap in the literature by quantifying users’ perceived risks of cyber security threats.