Password security: a case history
Communications of the ACM
What makes Web sites credible?: a report on a large quantitative study
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Factors influencing the adoption of Internet banking
Journal of the AIS
E-privacy in 2nd generation E-commerce: privacy preferences versus actual behavior
Proceedings of the 3rd ACM conference on Electronic Commerce
"Trust me, I'm an online vendor": towards a model of trust for e-commerce system design
CHI '00 Extended Abstracts on Human Factors in Computing Systems
Shiny happy people building trust?: photos on e-commerce websites and consumer trust
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
How do users evaluate the credibility of Web sites?: a study with over 2,500 participants
Proceedings of the 2003 conference on Designing for user experiences
Personalisation and trust: a reciprocal relationship?
Designing personalized user experiences in eCommerce
Personalization versus Privacy: An Empirical Examination of the Online Consumer's Dilemma
Information Technology and Management
Privacy practices of Internet users: self-reports versus observed behavior
International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
A framework for understanding trust factors in web-based health advice
International Journal of Human-Computer Studies
Consumer reactions to electronic shopping on the world wide web
International Journal of Electronic Commerce
Going online for health advice: Changes in usage and trust practices over the last five years
Interacting with Computers
Anti-Phishing Phil: the design and evaluation of a game that teaches people not to fall for phish
Proceedings of the 3rd symposium on Usable privacy and security
Individual Trust in Online Firms: Scale Development and Initial Test
Journal of Management Information Systems
Behavioral response to phishing risk
Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit
Getting users to pay attention to anti-phishing education: evaluation of retention and transfer
Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit
Promoting personal responsibility for internet safety
Communications of the ACM - Urban sensing: out of the woods
Research on purified internet environment for college students
ICICA'12 Proceedings of the Third international conference on Information Computing and Applications
Cyber security games: a new line of risk
ICEC'12 Proceedings of the 11th international conference on Entertainment Computing
International Journal of Human-Computer Studies
Hi-index | 0.00 |
Fraudulent activity on the Internet, in particular the practice known as 'Phishing', is on the increase. Although a number of technology focussed counter measures have been explored user behaviour remains fundamental to increased online security. Encouraging users to engage in secure online behaviour is difficult with a number of different barriers to change. Guided by a model adapted from health psychology this paper reports on a study designed to encourage secure behaviour online. The study aimed to investigate the effects of education via a training program and the effects of risk level manipulation on subsequent self-reported behaviour online. The training program 'Anti-Phishing Phil' informed users of the common types of phishing threats and how to identify them whilst the risk level manipulation randomly allocated participants to either high risk or low risk of becoming a victim of online fraud. Sixty-four participants took part in the study, which comprised of 9 males and 55 females with an age range of 18-43years. Participants were randomly allocated to one of four experimental groups. High threat information and/or the provision of phishing education were expected to increase self-reports of secure behaviour. Secure behaviour was measured at three stages, a baseline measure stage, an intention measure stage, and a 7-day follow-up measure stage. The results showed that offering a seemingly tailored risk message increased users' intentions to act in a secure manner online regardless of whether the risk message indicated they were at high or low risk of fraud. There was no effect of the training programme on secure behaviour in general. The findings are discussed in relation to the model of behaviour change, information provision and the transferability of training.