Murdoch University Research Repository

Welcome to the Murdoch University Research Repository

The Murdoch University Research Repository is an open access digital collection of research
created by Murdoch University staff, researchers and postgraduate students.

Learn more

The influence of expected benefits and perceived costs on the performance of protective behaviours against email phishing threats

Bax, Samantha L.K. (2018) The influence of expected benefits and perceived costs on the performance of protective behaviours against email phishing threats. PhD thesis, Murdoch University.

[img]
Preview
PDF - Published Version
Download (3MB) | Preview

Abstract

Email phishing is the use of email communications to deceive individuals into providing their personal information to fraudulent versions of legitimate websites. These details can be used for identity theft, and often result in financial loss to the victim of email phishing. This research aims to investigate the reasons why individuals do not perform protective behaviours against email phishing threats. The reasons proposed in this study for not undertaking these behaviours relate to the benefits expected to be gained from not performing these behaviours, and the perceived costs for the actual performance of these behaviours. This research predicts that the benefits expected to be gained from a phishing email would encourage an individual to respond to it and thus, omit to perform the recommended protective behaviours. Furthermore, this research study predicts that the costs perceived to be incurred for the performance of protective behaviours against email phishing threats will discourage an individual from taking these actions. A research model based upon Protection Motivation Theory (PMT) (Rogers, 1983; Rogers & Prentice-Dunn, 1997) was proposed to support this study.

In order to achieve the objectives of this study, a mixed-methods research approach was used involving two phases. The first, qualitative, phase consisted of interviews with participants who could potentially be recipients of phishing emails. This phase aimed to gain a greater understanding of the roles played by the expected benefits and the perceived costs in relation to performing recommended email phishing protective behaviours. The findings of this phase indicated that, consistent with the literature, benefit-related factors including need and greed, compliance with authority, altruism, satisfaction of curiosity and diminishing concerns could potentially encourage individuals to respond to phishing emails. Two additional factors were also identified: automatic behaviour and fear of missing out (FoMO). Consistent with the response costs literature, potential costs in effort, costs in time and financial costs were identified as potentially influencing individuals to not perform protective behaviours against email phishing threats. Two other factors were also identified: costs of mis-identified phish, and loss of trust. The findings from the first phase of the research study were used to inform the development of the questionnaire used in the second phase.

The second phase of the research study tested the proposed research model. A questionnaire data collection method was used, and PLS-SEM was the technique used for data analysis. Of the eight hypotheses proposed, seven were supported. The hypothesis relating to perceived costs negatively influencing the intention to perform protective behaviours against email phishing threats was supported. However, the hypothesis relating to expected benefits negatively influencing the intention to perform protective behaviours against email phishing threats was not supported. Post hoc analysis suggested that expected benefits were instead associated with maladaptive behaviours. More research is required to further explore the relationship between expected benefits and the intentions to perform protective behaviours against email phishing. Furthermore, the relationship between maladaptive behaviours and the intentions to perform protective behaviours may also provide some insight into the undertaking of information security behaviours when there are potential maladaptive rewards available.

This research has contributed to knowledge relating to the mitigation of information security threats, and in particular email phishing. It has identified factors that may encourage individuals to not perform protective behaviours against email phishing threats, and factors that may discourage them from performing these protective behaviours. The outcomes of this research study provide important implications for both research and practice.

Item Type: Thesis (PhD)
Murdoch Affiliation: School of Engineering and Information Technology
Supervisor(s): McGill, Tanya and Hobbs, Val
URI: http://researchrepository.murdoch.edu.au/id/eprint/42410
Item Control Page Item Control Page

Downloads

Downloads per month over past year