Phishing is a pervasive form of online fraud that causes billions in losses annually. Spear phishing is a highly targeted and successful type of phishing that uses socially engineered emails to defraud most of its recipients. Unfortunately, anti-phishing training campaigns struggle with effectively fighting this threat—partially because users see security as a secondary priority, and partially because users are rarely motivated to undergo lengthy training. An effective training approach thus needs to be non-disruptive and brief as to avoid being onerous, and yet, needs to inspire dramatic behavioral change. This is a tremendous, unsolved challenge that we believe can be solved through a novel application of theory: Using fear appeals and protection-motivation theory (PMT), we outline how brief training can educate users and evoke protection motivation. We further invoke construal-level theory (CLT) to explain how fear appeals can stimulate threat perceptions more quickly and more powerfully. This research-in-progress study further proposes a field experiment to verify the effectiveness of our proposed training approach in an ecologically valid environment. Overall, we (1) improve training based on PMT and CLT, (2) expand PMT for guiding fear appeal design; and (3) demonstrate a full application of CLT.
Schuetz, Sebastian Walter; Lowry, Paul Benjamin; and Thatcher, Jason Bennett, "DEFENDING AGAINST SPEAR PHISHING: MOTIVATING USERS THROUGH FEAR APPEAL MANIPULATIONS" (2016). PACIS 2016 Proceedings. 74.