How Do We Fight Email Phishing? (ICA2015 - San Juan, PR)

Enabling Protection Motivation in Heuristic-Systematic Defense against Email Phishing

• Weiai Wayne Xu, PhD Candidate, Department of Communication, SUNY- Buffalo• Arun Vishwanath, PhD, Associate Professor, Department of Communication, SUNY-Buffalo• Zhi Yang (Zed) Ngoh, Department of Communication, SUNY-Buffalo

2014: The year of cybersecurity

We are the moles!

What we know so far…

Based on heuristic-systematic processing model (HSM) (Chen & Chaiken, 1999)

Heuristic processing: bypass in-depth thinking and instead rely on heuristics, rules of thumbs, past experience, and instincts (for efficiency)

Systematic processing: scrutinize all elements and aspects of information presented (for accuracy)

Based on protection motivation theory (PMT) (Rogers,1975)

Severity

Vulnerability

Response efficacy

Self-efficacy

Protection enactment

What we know so far…

The integrated model

• 288 students• A simulated phishing email disguised to originate

from the university’s student ID card office. • The phishing email requested the participants to

provide personal information to update their credit card information

The experiment

The results

Theoretical implication: • It is one of the few studies that applies the PMT framework to an

email phishing context• The incorporation of both PMT and HSM

Practical insights: • Fear drives protection and more mindful internet behavior• Skills/knowledge (self-efficacy) matters

Takeaway