ABSTRACT
User susceptibility to phishing messages on social media is a growing information security concern. Contingency factors that can influence this susceptibility and the theoretical mechanisms through which they operate need more scholarly attention. To bridge this gap, we present a temptation and restraint (TR) model (a specific manifestation of the dual–system theory) of social media phishing susceptibility, which explains it as an outcome of a struggle between users’ temptation toward engaging with a social media phishing message and their cognitive and behavioral restraint against it. The balance in this struggle is a function of various situational contingencies. First, via a Delphi study, we identify four key situational contingency factors in the context of social media that can influence this balance: (1) poor sleep quality, (2) social media ostracism, (3) source likability, and (4) fear appeals. Next, via five randomized controlled experiments using an ostensible social media paradigm with social media users, we show that the TR model explains (a) why and how users engage with social media phishing messages, and (b) when users are more or less susceptible to it based on key situational contingency factors. Our findings offer a nuanced perspective on social media phishing susceptibility, elucidate the fundamental roles of situational contingencies in the genesis of social media phishing victimization, and delineate important directions for future research in this area
Disclosure statement
No potential conflict of interest was reported by the author(s).
Supplementary material
Supplemental data for this article can be accessed online at https://doi.org/10.1080/07421222.2023.2196779.
Notes
1 We repeated the ecological validity assessment in Studies 2-5 and found similar results: no significant difference from the midpoint.
2 There is a variety of pseudo R2 measures for reporting explained variance in a categorical dependent variable. Consistent with prior studies (e.g., [87]), we report Cox-Snell pseudo R2 values.
3 Consistent with prior research (e.g., [Citation17] and [87]), p-values between 0.05 and 0.10 are considered “marginally” significant.
4 Analyses using non-standardized (raw) predictor values generated similar results.
Additional information
Notes on contributors
Hamed Qahri-Saremi
Hamed Qahri-Saremi ([email protected]; corresponding author) is an Assistant Professor of Computer Information Systems at the College of Business, Colorado State University. He holds a PhD in Business Administration with a concentration on Information Systems from the DeGroote School of Business, McMaster University. His research addresses users’ behaviors on digital platforms including social media, user-generated content, and computer-mediated communication. Dr. Qahri-Saremi’s work has appeared in the journals representing the information systems, management, and communication fields, such as Journal of Management Information Systems, European Journal of Information Systems, Information Systems Journal, Journal of Strategic Information Systems, Information & Management, Internet Research, and New Media & Society. He has served on the editorial boards of various journals and conferences in information systems. His research has been featured in numerous media outlets worldwide, such as The Washington Post and Psychology Today.
Ofir Turel
Ofir Turel ([email protected]) is a Professor of Information Systems Management at the University of Melbourne, and a Scholar in Residence at the Brain and Creativity Institute, Department of Psychology at the University of Southern California. He has published over 190 journal papers in outlets such MIS Quarterly, Journal of Management Information Systems, MIT Sloan Management Review, Communications of the ACM, Journal of the AIS, and others. Dr. Turel has been recognized in the top 2 percent of researchers worldwide in a study conducted by Stanford University. His research has been also featured in numerous media outlets, including The Wall Street Journal, The Washington Post, The Daily Mail, CBC, C|net, Times Higher Education, The Rolling Stone, and TV and radio stations, globally.