Help
Cart
Skip main navigation

Available Issues

April 10, 2013 - April 2, 2026

Available Issues

April 10, 2013 - April 2, 2026

Coping Responses in Phishing Detection: An Investigation of Antecedents and Consequences

Published Online:17 Apr 2017https://doi.org/10.1287/isre.2016.0680

References

  • Albrechtsen JS, Meissner CA, Susa KJ (2009) Can intuition improve deception detection performance? J. Experiment. Soc. Psych. 45(4):1052–1055.CrossrefGoogle Scholar
  • Anandarajan M, Paravastu N, Arinze B, D’Ovdio R (2012) Online identity theft: A longitudinal study of individual threat-response and coping behaviors. J. Inform. System Security 8(2): 43–69.Google Scholar
  • Anandpara V, Dingman A, Jakobsson M, Liu D (2007) Phishing IQ tests measure fear, not ability. Dietrich S, Dhamija R, eds. Proc. 11th Internat. Conf. Financial Cryptography and 1st Internat. Conf. Usable Security (Springer-Verlag, Berlin Heidelberg), 362–366.CrossrefGoogle Scholar
  • Anderson CL, Agarwal R (2010) Practicing safe computing: A multimethod empirical examination of home computer user security behavioral intentions. MIS Quart. 34(3):613–643.CrossrefGoogle Scholar
  • APWG (2010) Consumer advice: How to avoid phishing scams. Anti-Phishing Working Group. http://www.antiphishing.org/resources/overview/avoid-phishing-scams.Google Scholar
  • APWG (2014) Phishing activity trends report, 1st Quarter 2014. https://docs.apwg.org/reports/apwg_trends_report_q1_2014.pdf.Google Scholar
  • Arkers HR (1991) Costs and benefits of judgment errors: Implications for debiasing. Psych. Bull. 110(3):486–498.CrossrefGoogle Scholar
  • Bandura A (1982) Self-efficacy mechanism in human agency. Amer. Psych. 37(2):122–147.CrossrefGoogle Scholar
  • Beaudry A, Pinsonneault A (2010) The other side of acceptance: Studying the direct and indirect effects of emotions on information technology use. MIS Quart. 34(4):689–710.CrossrefGoogle Scholar
  • Bettman JJ, Johnson EJ, Payne JW (1990) A componential analysis of cognitive effort in choice. Organ. Behav. Human Decision Processes 45(1):111–139.CrossrefGoogle Scholar
  • Boss SR, Galletta DF, Lowry PB, Moody GD, Polak P (2015) What do systems users have to fear? Using fear appeals to engender threats and fear that motivate protective security behaviors. MIS Quart. 39(4):837–864.CrossrefGoogle Scholar
  • Caputo DD, Pfleeger SL, Freeman JD, Johnson ME (2014) Going spear phishing: Exploring embedded training and awareness. IEEE Security Privacy 12(1):2–12.CrossrefGoogle Scholar
  • Champion VL, Skinner CS, Menon U (2004) A breast cancer fear scale: psychometric development. J. Health Psych. 9(6):753–762.CrossrefGoogle Scholar
  • Chen R, Wang J, Herath T, Rao HR (2011) An investigation of email processing from a risky decision making perspective. Decision Support Systems 52(1):73–81.CrossrefGoogle Scholar
  • Churchill GA Jr (1979) A paradigm for developing better measures of marketing constructs. J. Marketing Res. 16(1):64–73.CrossrefGoogle Scholar
  • Compeau DR, Higgins CA (1995) Computer self-efficacy: Development of a measure and initial test. MIS Quart. 19(2):189–211.CrossrefGoogle Scholar
  • Cranor LF (2008) A framework for reasoning about the human in the loop. Churchill E, Dhamija R, eds. Proc. 1st Conf. Usability, Psych., Security (USENIX Association, Berkeley, CA).Google Scholar
  • Crossler RE, Johnston AC, Lowry PB, Hu Q, Warkentin M, Baskerville R (2013) Future directions for behavioral information security research. Comput. Security 32(1):90–101.CrossrefGoogle Scholar
  • Dhamija R, Tygar JD, Hearst M (2006) Why phishing works. Grinter R, Rodden T, Aoki P, Cutrell E, Jeffries R, Olson G, eds. SIGCHI Conf. (ACM, New York), 581–590.CrossrefGoogle Scholar
  • Dodge RC Jr, Carver C, Ferguson AJ (2007) Phishing for user security awareness. Comput. Security 26(1):73–80.CrossrefGoogle Scholar
  • Downs JS, Holbrook MB, Cranor LF (2006) Decision strategies and susceptibility to phishing. Cranor LF, ed. Proc. Second Sympos. Usable Privacy Security (ACM, New York), 79–90.CrossrefGoogle Scholar
  • Downs JS, Holbrook M, Cranor LF (2007) Behavioral response to phishing risk. Proc. Anti-Phishing Working Groups 2007 eCrime Researchers Summit, Pittsburgh, 37–44.CrossrefGoogle Scholar
  • El-Din RS, Cairns P, Clark J (2014) Mobile users’ strategies for managing phishing attacks. J. Management Strategy 5(2):70–81.CrossrefGoogle Scholar
  • Endler NS, Parker JDA (1990) Multidimensional assessment of coping: A critical evaluation. J. Personality Soc. Psych. 58(5):844–854.CrossrefGoogle Scholar
  • Floyd DL, Prentice-Dunn S, Rogers RW (2000) A meta-analysis of research on protection motivation theory. J. Appl. Soc. Psych. 30(2):407–429.CrossrefGoogle Scholar
  • Fornell C, Larcker DF (1981) Evaluating structural equation models with unobservable variables and measurement error. J. Marketing Res. 18(1):39–50.CrossrefGoogle Scholar
  • Furnell S (2007) Phishing: Can we spot the signs? Comput. Fraud Security 2007(3):10–15.CrossrefGoogle Scholar
  • Garbarino EC, Edell JA (1997) Cognitive effort, affect, and choice. J. Consumer Res. 24(2):147–158.CrossrefGoogle Scholar
  • Gefen D, Rigdon EE, Straub D (2011) An update and extension to SEM guidelines for administrative and social science research. MIS Quart. 35(2):iii–xiv.CrossrefGoogle Scholar
  • Gupta S, Kumaraguru P (2014) Emerging phishing trends and effectiveness of the anti-phishing landing page. https://arxiv.org/pdf/1406.3682.Google Scholar
  • Hann IH, Hui KL, Lee SYT, Png IPL (2007) Overcoming online information privacy concerns: An information-processing theory approach. J. Management Inform. Systems 24(2):13–42.CrossrefGoogle Scholar
  • Hee S, Levine T (2010) A probability model of accuracy in deception detection experiments. Comm. Monographs 68(2):201–210.Google Scholar
  • Herath T, Chen R, Wang J, Banjara K, Wilbur J, Rao HR (2012) Security services as coping mechanisms: An investigation into user intention to adopt an email authentication service. Inform. Systems J. 24(1):61–84.CrossrefGoogle Scholar
  • Hong J (2012) The state of phishing attacks. Comm. ACM 55(1):74–81.CrossrefGoogle Scholar
  • Jagatic TN, Johnson NA, Jakobsson M, Menczer F (2007) Social phishing. Comm. ACM 50(10):94–100.CrossrefGoogle Scholar
  • Jakobsson M, Myers S, eds. (2006) Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft (Wiley, Hoboken, NJ).CrossrefGoogle Scholar
  • Johnson EJ, Payne JW (1985) Effort and accuracy in choice. Management Sci. 31(4):395–414.LinkGoogle Scholar
  • Johnston AC, Warkentin M (2010) Fear appeals and information security behaviors: An empirical study. MIS Quart. 34(3):549–566.CrossrefGoogle Scholar
  • Johnston AC, Warkentin M, Siponen M (2015) An enhanced fear appeal rhetorical framework: Leveraging threats to the human asset through sanctioning rhetoric. MIS Quart. 39(1):113–134.CrossrefGoogle Scholar
  • Kumaraguru P (2009) PhishGuru: A system for educating users about semantic attacks. Doctoral dissertation, Carnegie Mellon University, Pittsburgh.Google Scholar
  • Kumaraguru P, Sheng S, Acquisti A (2008) Lessons from a real world evaluation of anti-phishing training. Proc. Anti-Phishing Working Groups 2008 eCrime Researchers Summit, Atlanta.CrossrefGoogle Scholar
  • Kumaraguru P, Sheng S, Acquisti A, Cranor LF, Hong J (2010) Teaching Johnny not to fall for phish. ACM Trans. Internet Tech. 10(2): 1–31.CrossrefGoogle Scholar
  • Lai F, Li D, Hsieh C-T (2012) Fighting identity theft: The coping perspective. Decision Support Systems 52(2):353–363.CrossrefGoogle Scholar
  • Lazarus RS, Folkman S (1984) Stress, Appraisal, and Coping (Springer, New York).Google Scholar
  • Lee KJ, Song IY (2007) Investigating information structure of phishing emails based on persuasive communication perspective. J. Digital Forensics, Security Law 2(3):29–44.Google Scholar
  • Lerner JS, Tetlock PE (2003) Bridging individual, interpersonal, and institutional approaches to judgment and decision making: The impact of accountability on cognitive bias. Schneider SL, Shanteau J, eds. Emerging Perspectives on Judgment and Decision Research (Cambridge University Press, New York), 431–457.CrossrefGoogle Scholar
  • Levine TR, ed. (2014) Encyclopedia of Deception (Sage, Thousand Oaks, CA).CrossrefGoogle Scholar
  • Levine TR, Kim RK, Park HS, Hughes M (2006) Deception detection accuracy is a predictable linear function of message veracity base-rate: A formal test of Park and Levine’s probability model. Comm. Monographs 73(3):243–260.CrossrefGoogle Scholar
  • Liang H, Xue Y (2009) Avoidance of information technology threats: A theoretical perspective. MIS Quart. 33(1):71–90.CrossrefGoogle Scholar
  • Liang H, Xue Y (2010) Understanding security behaviors in personal computer usage: A threat avoidance perspective. J. Assoc. Inform. Systems 11(7):394–413.Google Scholar
  • Liu G, Xiang G, Pendleton BA, Hong JI, Liu W (2011) Smartening the crowds: Computational techniques for improving human verification to fight phishing scams. Cranor LF, ed. Proc. 7th Sympos. Usable Privacy Security (ACM, New York), Article 8.CrossrefGoogle Scholar
  • Luo XR, Zhang W, Burd S, Seazzu A (2013) Investigating phishing victimization with the heuristic-systematic model: A theoretical framework and an exploration. Comput. Security 38(1):28–38.CrossrefGoogle Scholar
  • MacKinnon DP, Warsi G, Dwyer JH (1995) A simulation study of mediated effect measures. Multivariate Behav. Res. 30(1):41–62.CrossrefGoogle Scholar
  • Masip J, Alonso H, Garrido E, Anton C (2005) Generalized communicative suspicion (GCS) among police officers: Accounting for the investigator bias effect. J. Appl. Soc. Psych. 35(5):1046–1066.CrossrefGoogle Scholar
  • Matthews G, Campbell SE (1998) Task-induced stress and individual differences in coping. Proc. Human Factors Ergonomics Soc. 42nd Annual Meeting, Vol. 42(11) (Sage, Thousand Oaks, CA), 821–825.CrossrefGoogle Scholar
  • Matthews G, Hillyard EJ, Campbell SE (1999) Metacognition and maladaptive coping as components of test anxiety. Clinical Psych. Psychotherapy 6(2):111–125.CrossrefGoogle Scholar
  • Matthews G, Zeidner M, Roberts RD (2007) Emotional Intelligence: Science and Myth (MIT Press, Cambridge, MA).Google Scholar
  • Matthews G, Warm JS, Reinerman LE, Langheim LK, Saxby DJ (2010) Task engagement, attention, and executive control. Gruszka A, Matthews G, Szymura B, eds. Handbook of Individual Differences in Cognition: Attention, Memory, and Executive Control (Springer, New York), 205–230.CrossrefGoogle Scholar
  • Matthews G, Emo AK, Funke G, Zeidner M, Roberts RD, Costa PTJ, Schulze R (2006) Emotional intelligence, personality, and task-induced stress. J. Experiment. Psych.: Appl. 12(2):96–107.CrossrefGoogle Scholar
  • Matthews G, Campbell SE, Falconer S, Joyner LA, Huggins J, Gilliland K, Grier R, Warm JS (2002) Fundamental dimensions of subjective state in performance settings: Task engagement, distress, and worry. Emotion 2(4):315–340.CrossrefGoogle Scholar
  • Microsoft (2010) How to recognize phishing e-mails or links. https://www.microsoft.com/en-us/safety/online-privacy/phishing-symptoms.aspx.Google Scholar
  • Mohebzada JG, Zarka AE, Bhojani AH, Darwish A (2012) Phishing in a university community: Two large scale phishing experiments. 2012 Internat. Conf. Innovations Inform. Tech., Abu Dhabi, Al-Ain, UAE, 249–254.CrossrefGoogle Scholar
  • Moody G, Galletta DF, Walker J, Dunn BK (2011) Which phish get caught? An exploratory study of individual susceptibility to phishing. Internat. Conf. Inform. Systems.Google Scholar
  • Nunally JC (1978) Psychometric Theory (McGraw-Hill, New York).Google Scholar
  • Pattinson M, Jerram C, Parsons K, McCormac A, Butavicius M (2012) Why do some people manage phishing e-mails better than others? Inform. Management Comput. Security 20(1):18–28.CrossrefGoogle Scholar
  • Payne JW (1982) Contingent decision behavior. Psych. Bull. 92(2): 382–402.CrossrefGoogle Scholar
  • Petter S, Straub D, Rai A (2007) Specifying formative constructs in information systems research. MIS Quart. 31(4):623–656.CrossrefGoogle Scholar
  • Piquero NL, Cohen MA, Piquero AR (2011) How much is the public willing to pay to be protected from identity theft? Justice Quarterly 28(3):437–459.CrossrefGoogle Scholar
  • Popova L (2012) The extended parallel process model: Illuminating the gaps in research. Health Ed. Behav. 39(4):455–473.CrossrefGoogle Scholar
  • Public Safety Canada (2009) Phishing: A new form of identity theft. https://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/archive-phshng/index-en.aspx.Google Scholar
  • Ringle CM, Wende S, Will S (2005) SmartPLS 2.0 (M3) beta. SmartPLS, Hamburg, Germany.Google Scholar
  • Rippetoe PA, Rogers RW (1987) Effects of components of protection-motivation theory on adaptive and maladaptive coping with a health threat. J. Personality Soc. Psych. 52(3):596–604.CrossrefGoogle Scholar
  • Rogers RW (1975) A protection motivation theory of fear appeals and attitude change. J. Psych. 91(1):93–114.CrossrefGoogle Scholar
  • RSA (2012) Phishing and the social world. https://www.emc.com/collateral/fraud-report/online-fraud-report-1012.pdf.Google Scholar
  • Scheier MF, Carver CS, Bridges MW (1994) Distinguishing optimism from neuroticism (and trait anxiety, self-mastery, and self-esteem): A reevaluation of the life 39 orientation test. J. Personality Soc. Psych. 67(6):1063–1078.CrossrefGoogle Scholar
  • Shaw TH, Matthews G, Warm JS, Finomore VS, Silverman L, Costa PT Jr (2010) Individual differences in vigilance: Personality, ability and states of stress. J. Res. Personality 44(3):297–308.CrossrefGoogle Scholar
  • Sheng S (2009) A policy analysis of phishing countermeasures. Doctoral dissertation, Carnegie Mellon University, Pittsburgh.Google Scholar
  • Sheng S, Holbrook M, Kumaraguru P, Cranor LF, Downs J (2010) Who falls for phish? A demographic analysis of phishing susceptibility and effectiveness of interventions. Mynatt E, ed. Proc. 28th Internat. Conf. Human Factors Comput. Systems (ACM, New York), 1–10.Google Scholar
  • Sheng S, Magnien B, Kumaraguru P, Acquisti A, Cranor LF, Hong J, Nunge E (2007) Anti-phishing phil: the design and evaluation of a game that teaches people not to fall for phish. Cranor LF, ed. Proc. 3rd Sympos. Usable Privacy Security (SOUPS 2007), Vol. 229 (ACM, New York), 88–99.CrossrefGoogle Scholar
  • Siegel-Jacobs K, Yates JF (1996) Effects of procedural and outcome accountability on judgment quality. Organ. Behav. Human Decision Processes 66:1–17.CrossrefGoogle Scholar
  • Symantec (2014) Internet security threat report 2014. http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_v19_21291018.en-us.pdf.Google Scholar
  • Todd P, Benbasat I (1999) Evaluating the impact of DSS, cognitive effort, and incentives on strategy selection. Inform. Systems Res. 10(4):356–374.LinkGoogle Scholar
  • Todd P, Benbasat I (2000) Inducing compensatory information processing through decision aids that facilitate effort reduction: An experimental assessment. J. Behav. Decision Making 13(1):91–106.CrossrefGoogle Scholar
  • Vinzi VE, Chin WW, Henseler J, Wang H (2010) Handbook of Partial Least Squares (Springer, New York).CrossrefGoogle Scholar
  • Vishwanath A, Herath T, Chen R, Wang J, Rao HR (2011) Why do people get phished? Testing individual differences in phishing vulnerability within an integrated, information processing model. Decision Support Systems 51(3):576–586.CrossrefGoogle Scholar
  • Wang J, Chen R, Herath T, Rao HR (2009) Visual e-mail authentication and identification services: An investigation of the effects on e-mail use. Decision Support Systems 48:92–102.CrossrefGoogle Scholar
  • Wang J, Herath T, Chen R, Vishwanath A, Rao HR (2012) Phishing susceptibility: An investigation into the processing of a targeted spear phishing email. IEEE Trans. Professional Comm. 55(4): 345–362.CrossrefGoogle Scholar
  • Webster DM, Richter L, Kruglanski AW (1996) On leaping to conclusions when feeling tired: Mental fatigue effects on impressional primacy. J. Experiment. Soc. Psych. 52:181–195.CrossrefGoogle Scholar
  • Wilfong JD (2006) Computer anxiety and anger: The impact of computer use, computer experience, and self-efficacy beliefs. Comput. Human Behav. 22:1001–1011.CrossrefGoogle Scholar
  • Witte K (1992) Putting the fear back into fear appeals: The extended parallel process model. Comm. Monographs 59:329–349.CrossrefGoogle Scholar
  • Witte K, Allen M (2000) A meta-analysis of fear appeals: Implications for effective public health campaigns. Health Ed. Behav. 27(5):591–615.CrossrefGoogle Scholar
  • Workman M (2008) Wisecrackers: A theory-grounded investigation of phishing and pretext social engineering threats to information security. J. Amer. Soc. Inform. Sci. Tech. 59(4):662–674.CrossrefGoogle Scholar
  • Wright AJ (2010) The impact of perceived risk on risk-reducing behaviours. French D, Vedhara K, Kaptein AA, Weinman J, eds. Health Psychology (Blackwell, Oxford, UK), 111–121.Google Scholar
  • Wright RT, Marett K (2010) The influence of experiential and dispositional factors in phishing: An empirical investigation of the deceived. J. Management Inform. Systems 27(1):273–303.CrossrefGoogle Scholar
  • Wright RT, Jensen ML, Thatcher JB, Dinger M, Marett K (2014) Influence techniques in phishing attacks: An examination of vulnerability and resistance. Inform. Systems Res. 25(2):385–400.Google Scholar
  • Zeidner M, Saklofske D (1996) Adaptive and maladaptive coping. Zeidner M, Endler NS, eds. Handbook of Coping: Theory, Research, Applications (Wiley, New York), 505–531.Google Scholar
  • Zhang L, McDowell WC (2009) Am I really at risk? Determinants of online users’ intentions to use strong passwords. J. Internet Commerce 8(3–4):180–197.CrossrefGoogle Scholar
Previous
Back to Top
Next
INFORMS site uses cookies to store information on your computer. Some are essential to make our site work; Others help us improve the user experience. By using this site, you consent to the placement of these cookies. Please read our Privacy Statement to learn more.
Agree