Skip to main content
Kent Academic Repository

Employees’ Behavior in Phishing Attacks: What Individual, Organizational, and Technological Factors Matter?

Shahbaznezhad, Hamidreza, Kolini, Farzan, Rashidirad, Mona (2021) Employees’ Behavior in Phishing Attacks: What Individual, Organizational, and Technological Factors Matter? Journal of Computer Information Systems, 61 (6). pp. 539-550. ISSN 0887-4417. E-ISSN 2380-2057. (doi:10.1080/08874417.2020.1812134) (The full text of this publication is not currently available from this repository. You may be able to access a copy if URLs are provided) (KAR id:97208)

The full text of this publication is not currently available from this repository. You may be able to access a copy if URLs are provided. (Contact us about this Publication)
Official URL:
https://dx.doi.org/10.1080/08874417.2020.1812134

Abstract

Phishing, as a social engineering attack has become an increasing threat to organizations in cyberspace. To prevent this, a well-designed continuous security training and educational program needs to be established and enforced in organizations. Prior studies have focused on phishing attack from a limited view of technology countermeasure, e-mail’s characteristic, information processing, and securing individual’s behaviors to tackle existing gaps. In this research, we developed a theoretical model of factors that influence users in the clicking of phishing e-mails from a broader Socio-Technical perspective. We applied Protection Motivation Theory (PMT) and habit theory for investigating individual factors, Theory of Planned Behavior (TPB) and Deterrence Theory for investigating organizational and technological factors accordingly. The findings revealed habit and protective countermeasure positively affect clicking on phishing e-mails, whereas, no effect of the procedural countermeasures was evident. The results of this study can be used to design phishing simulation exercise and embedded training for vulnerable employees. © 2020 International Association for Computer Information Systems.

Item Type: Article
DOI/Identification number: 10.1080/08874417.2020.1812134
Uncontrolled keywords: Computer crime; Electronic mail, Educational program; Protection motivation theory; Simulation exercise; Social engineering; Socio-technical perspective; Technological factors; Theoretical modeling; Theory of Planned Behavior, Personnel training
Subjects: H Social Sciences
Divisions: Divisions > Kent Business School - Division > Department of Marketing, Entrepreneurship and International Business
Funders: University of Sussex (https://ror.org/00ayhx656)
Depositing User: Mona Rashidirad
Date Deposited: 03 Nov 2022 14:29 UTC
Last Modified: 05 Nov 2024 13:02 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/97208 (The current URI for this page, for reference purposes)

University of Kent Author Information

  • Depositors only (login required):

Total unique views for this document in KAR since July 2020. For more details click on the image.