References
- Abbasi, A., Zhang, Z., Zimbra, D., & Chen, H. (2010). Detecting fake websites: The contribution of statistical learning theory. MIS Quarterly, 34(3), 435–461. https://doi.org/10.2307/25750686
- Accenture (2019) The cost of cybercrime. Retrieved 25 April, 2020 from https://www.accenture.com/us-en/insights/security/cost-cybercrime-study
- Agarwal, R., & Karahanna, E. (2000). Time flies when you’re having fun: Cognitive absorption and beliefs about information technology usage. MIS Quarterly, 24(4), 665–694. https://doi.org/10.2307/3250951
- Akbar, N. (2014) Analysing Persuasion principles in phishing emails. Masters Thesis. University of Twente.
- Algarni, A., XU, Y., & Chan, T. (2014) Social engineering in social networking sites: The art of impersonation. In 2014 IEEE International Conference on Services Computing pp 797–804, IEEE, Anchorage, AK, USA.
- Algarni, A., XU, Y., & Chan, T. (2017). An empirical study on the susceptibility to social engineering in social networking sites: The case of Facebook. European Journal of Information Systems, 26(6), 661–687. https://doi.org/10.1057/s41303-017-0057-y
- Anderson, C. L., & Agarwal, R. (2010). Practicing safe computing: A multimethod empirical examination of home computer user security behavioral intentions. MIS Quarterly, 34(3), 613–643. https://doi.org/10.2307/25750694
- Bhattacherjee, A., & Sanford, C. (2006). Influence processes for information technology acceptance: An elaboration likelihood model. MIS Quarterly, 30(4), 805–825. https://doi.org/10.2307/25148755
- Bose, I., & Leung, A. C. M. (2007). Unveiling the mask of phishing: Threats, preventive measures, and responsibilities. Communications of the Association for Information Systems, 19(24), 544–566. https://doi.org/10.17705/1CAIS.01924
- Boss, S. R., Galletta, D. F., Lowry, P. B., Moody, G. D., & Polak, P. (2015). What do systems users have to fear? Using fear appeals to engender threats and fear that motivate protective security behaviors. MIS Quarterly, 39(4), 837–864. https://doi.org/10.25300/MISQ/2015/39.4.5
- Brumfield, C. (2020) Beware malware-laden emails offering COVID-19 information, US secret service warns. CSO. Retrieved 24 April, 2020 from https://www.csoonline.com/article/3536696/us-secret-service-warns-of-malicious-emails-offering-covid-19-information.html
- Chen, R., Wang, J., Herath, T., & Rao, H. R. (2011). An investigation of email processing from a risky decision making perspective. Decision Support Systems, 52(1), 73–81. https://doi.org/10.1016/j.dss.2011.05.005
- Cialdini, R. B. (2001). Influence: Science and practice (4th ed.). Allyn and Bacon.
- Cialdini, R. B., & Goldstein, N. J. (2004). Social influence: Compliance and conformity. Annual Review of Psychology, 55(1), 591–621. https://doi.org/10.1146/annurev.psych.55.090902.142015
- Cialdini, R.B. (2009). Influence: The psychology of persuasion (Kindle ed.). HarperCollins.
- Ciardhuáin, S. Ó. (2004). An Extended Model of Cybercrime Investigations. International Journal of Digital Evidence, 3(1), 1–22. https://dblp.org/rec/journals/ijde/Ciardhuain04
- Cimpanu, C. (2020) FBI says cybercrime reports quadrupled during COVID-19 pandemic. Retrieved 20 April, 2020 from https://www.zdnet.com/article/fbi-says-cybercrime-reports-quadrupled-during-covid-19-pandemic/
- Clough, J. (2010). Principles of Cybercrime. Cambridge University Press.
- Cohen, L. E., & Felson, M. (1979). Social change and crime rate trends: A routine activity approach. American Sociological Review, 44(4), 588–608. https://doi.org/10.2307/2094589
- Crabtree, B. F., & Miller, W. L. (1992). A template approach to text analysis: Developing and using codebooks. In B. F. Crabtree & W. L. Miller (Eds.), Doing qualitative research (pp. 93–109). Sage Publications.
- D’Arcy, J., Gupta, A., Tarafdar, M., & Turel, O. (2014). Reflecting on the “dark side” of information technology use. Communications of the Association for Information Systems, 35(5), 109–118. https://doi.org/10.17705/1CAIS.03505
- Dillard, J., & Peck, E. (2006). Persuasion and the structure of affect. Human Communication Research, 27(1), 38–68. https://doi.org/10.1111/j.1468-2958.2001.tb00775.x
- Eysenbach, G. (2002). Infodemiology: The epidemiology of (mis)information. The American Journal of Medicine, 113(9), 763–765. https://doi.org/10.1016/S0002-9343(02)01473-0
- Eysenbach, G. (2011). Infodemiology and Infoveillance. American Journal of Preventive Medicine, 40(5), S154–S158. https://doi.org/10.1016/j.amepre.2011.02.006
- Fereday, J., & Muir-Cochrane, E. (2006). Demonstrating rigor using thematic analysis: A hybrid approach of inductive and deductive coding and theme development. International Journal of Qualitative Methods, 5(1), 80–92. https://doi.org/10.1177/160940690600500107
- Ferreira, A., Coventry, L., & Lenzini, G. (2015). Principles of Persuasion in social engineering and their use in phishing. In T. Tryfonas & I. Askoxylakis (Eds.), Human aspects of information security, privacy, and trust (pp. 36–47). Springer International Publishing.
- Gigerenzer, G., & Todd, P. M. (1999). Simple heuristics that make us smart. Oxford University Press.
- Gleeson, K. (2011). Polytextual thematic analysis for visual data. In P. Reavey (Ed.), Visual methods in psychology: Using and interpreting images in qualitative research (pp. 314–329). Psychology Press.
- Gordon, S., & Ford, R. (2006). On the definition and classification of cybercrime. Journal in Computer Virology, 2(1), 13–20. https://doi.org/10.1007/s11416-006-0015-z
- Hart, J. (2009). Remote working: Managing the balancing act between network access and data security. Computer Fraud & Security, 2009(11), 14–17. https://doi.org/10.1016/S1361-3723(09)70141-1
- Holt, T. J., & Bossler, A. M. (2008). Examining the applicability of lifestyle-routine activities theory for cybercrime victimization. Deviant Behavior, 30(1), 1–25. https://doi.org/10.1080/01639620701876577
- Holt, T. J., Van Wilsem, J., Van De Weijer, S., & Leukfeldt, R. (2020). Testing an integrated self-control and routine activities framework to examine malware infection victimization. Social Science Computer Review, 38(2), 187–206. https://doi.org/10.1177/0894439318805067
- Hovland, C. I., & Weiss, W. (1951). The influence of source credibility on communication effectiveness. The Public Opinion Quarterly, 15(4), 635–650. https://doi.org/10.1086/266350
- Jagatic, T. N., Johnson, N. A., Jakobsson, M., & Menczer, F. (2007). Social phishing. Communications of the ACM, 50(10), 94–100. https://doi.org/10.1145/1290958.1290968
- Jalali, M. S., Siegel, M., & Madnick, S. (2019). Decision-making and biases in cybersecurity capability development: Evidence from a simulation game experiment. The Journal of Strategic Information Systems, 28(1), 66–82. https://doi.org/10.1016/j.jsis.2018.09.003
- Jensen, M. L., Dinger, M., Wright, R. T., & Thatcher, J. B. (2017). Training to mitigate phishing attacks using mindfulness techniques. Journal of Management Information Systems, 34(2), 597–626. https://doi.org/10.1080/07421222.2017.1334499
- Krombholz, K., Hobel, H., Huber, M., & Weippl, E. (2015). Advanced social engineering attacks. Journal of Information Security and Applications, 22, 113–122. https://doi.org/10.1016/j.jisa.2014.09.005
- Kumaran, N., & Lugani, S. (2020) Identity and security. Protecting businesses against cyber threats during COVID-19 and beyond. Retrieved 20 April, 2020 from https://cloud.google.com/blog/products/identity-security/protecting-against-cyber-threats-during-covid-19-and-beyond
- Lee, A. S., & Baskerville, R. L. (2003). Generalizing generalizability in information systems research. Information Systems Research, 14(3), 221–243. https://doi.org/10.1287/isre.14.3.221.16560
- Luo, X., Brody, R., Seazzu, A., & Burd, S. (2011). Social engineering: The neglected human factor for information security management. Information Resources Management Journal, 24(3), 1–8. https://doi.org/10.4018/irmj.2011070101
- Luo, X., Zhang, W., Burd, S., & Seazzu, A. (2013). Investigating phishing victimization with the heuristic–systematic model: A theoretical framework and an exploration. Computers & Security, 38, 28–38. https://doi.org/10.1016/j.cose.2012.12.003
- Maimon, D., & Louderback, E. R. (2019). Cyber-dependent crimes: An interdisciplinary review. Annual Review of Criminology, 2(1), 191–216. https://doi.org/10.1146/annurev-criminol-032317-092057
- Mckenna, B., Myers, M. D., & Newman, M. (2017). Social media in qualitative research: Challenges and recommendations. Information and Organization, 27(2), 87–99. https://doi.org/10.1016/j.infoandorg.2017.03.001
- Miethe, T. D., Stafford, M. C., & Sloane, D. (1990). Lifestyle changes and risks of criminal victimization. Journal of Quantitative Criminology, 6(4), 357–376. https://doi.org/10.1007/BF01066676
- Milgram, S. (1974). Obedience to authority. Harper.
- Mitnick, K. D., & Simon, W. L. (2003). The art of deception: Controlling the human element of security. John Wiley & Sons, Inc.
- Moneva, A., Miró-Llinares, F., & Hart, T. C. (2020). Hunter or prey? Exploring the situational profiles that define repeated online harassment victims and offenders. Deviant Behavior, 1–16. https://doi.org/10.1080/01639625.2020.1746135
- Morgan, S. (2017) Is cybercrime the greatest threat to every company in the world? CSO. Retrieved 24 April, 2020 from https://www.csoonline.com/article/3210912/is-cybercrime-the-greatest-threat-to-every-company-in-the-world.html
- Morgan, S. (2019) Official annual cybercrime report. Cybersecurity Ventures. Retrieved 24 April, 2020 from https://www.herjavecgroup.com/the-2019-official-annual-cybercrime-report/
- Muncaster, P. (2020) Cyber-attacks up 37% over past month as #COVID19 bites. Infosecurity Magazine. Retrieved 25 April, 2020 from https://www.infosecurity-magazine.com/news/cyberattacks-up-37-over-past-month
- Myagmar, S., AJ, L., & Yurcik, W. (2005) Threat modeling as a basis for security requirements. In Symposium on requirements engineering for information security (SREIS), paris, france, pp 1–8.
- Myers, M. D. (2009). Qualitative research in business and management (1st ed.). Sage Publications.
- Ngo, F. T., & Paternoster, R. (2011). Cybercrime victimization: An examination of individual and situational level factors. International Journal of Cyber Criminology, 5(1), 773–793.
- Ngwenyama, O. K., & Lee, A. S. (1997). Communication richness in electronic mail: Critical social theory and the contextuality of meaning. MIS Quarterly, 21(2), 145–167. https://doi.org/10.2307/249417
- Orbach, B. (2018). Con men and their enablers: The anatomy of confidence games. Social Research: An International Quarterly, 85(4), 795–822. https://muse.jhu.edu/article/716115
- Petty, R. E., & Cacioppo, J. T. (1986). The elaboration likelihood model of persuasion. In L. Berkowitz (Ed.), Advances in experimental social psychology (pp. 123–205). Academic Press.
- Pfleeger, S. L., Sasse, M. A., & Furnham, A. (2014). From weakest link to security hero: Transforming staff security behavior. Journal of Homeland Security and Emergency Management, 11(4), 489–510. https://doi.org/10.1515/jhsem-2014-0035
- Richins, M. L. (1997). Measuring emotions in the consumption experience. Journal of Consumer Research, 24(2), 127–146. https://doi.org/10.1086/209499
- Ruddin, L. P. (2006). You can generalize stupid! social scientists, bent flyvbjerg, and case study methodology. Qualitative Inquiry, 12(4), 797–812. https://doi.org/10.1177/1077800406288622
- Segura, J. (2020) Online credit card skimming increased by 26 percent in March. accessed 20 April, 2020 from https://blog.malwarebytes.com/cybercrime/2020/04/online-credit-card-skimming-increases-by-26-in-march/
- Sheng, S., Holbrook, M., Kumaraguru, P., Cranor, L. F., & Downs, J. (2010) Who falls for phish?: A demographic analysis of phishing susceptibility and effectiveness of interventions. In Proceedings of the 28th international conference on Human factors in computing systems - CHI ’10 p. 373, ACM Press, Atlanta, GA, USA.
- Shi, F. (2020) Coronavirus-related phishing. Retrieved 10 April, 2020 from https://blog.barracuda.com/2020/03/26/threat-spotlight-coronavirus-related-phishing/
- Sørensen, H. T., Sabroe, S., & Olsen, J. (1996). A framework for evaluation of secondary data sources for epidemiological research. International Journal of Epidemiology, 25(2), 435–442. https://doi.org/10.1093/ije/25.2.435
- Stajano, F., & Wilson, P. (2011). Understanding scam victims: Seven principles for systems security. Communications of the ACM, 54(3), 70–75. https://doi.org/10.1145/1897852.1897872
- Sussman, S. W., & Siegal, W. S. (2003). Informational influence in organizations: An integrated approach to knowledge adoption. Information Systems Research, 14(1), 47–65. https://doi.org/10.1287/isre.14.1.47.14767
- Wang, J., Chen, R., Herath, T., & Rao, H. R. (2009). Visual e-mail authentication and identification services: An investigation of the effects on e-mail use. Decision Support Systems, 48(1), 92–102. https://doi.org/10.1016/j.dss.2009.06.012
- Westerman, D., Spence, P. R., & Van Der Heide, B. (2014). Social media as information source: Recency of updates and credibility of information. Journal of Computer-Mediated Communication, 19(2), 171–183. https://doi.org/10.1111/jcc4.12041
- Witte, K. (1992). Putting the fear back into fear appeals: The extended parallel process model. Communication Monographs, 59(4), 329–349. https://doi.org/10.1080/03637759209376276
- Workman, M. (2008). Wisecrackers: A theory-grounded investigation of phishing and pretext social engineering threats to information security. Journal of the American Society for Information Science and Technology, 59(4), 662–674. https://doi.org/10.1002/asi.20779
- World Economic Forum (2019) The global risks report 2019. World Economic Forum. Retrieved 25 April, 2020 from https://www.weforum.org/reports/the-global-risks-report-2019
- Wright, R., Chakraborty, S., Basoglu, A., & Marett, K. (2010). Where did they go right? Understanding the deception in phishing communications. Group Decision and Negotiation, 19(4), 391–416. https://doi.org/10.1007/s10726-009-9167-9
- Wright, R. T., Jensen, M. L., Thatcher, J. B., Dinger, M., & Marett, K. (2014). Research note —Influence techniques in phishing attacks: An examination of vulnerability and resistance. Information Systems Research, 25(2), 385–400. https://doi.org/10.1287/isre.2014.0522
- Wright, R. T., & Marett, K. (2010). The influence of experiential and dispositional factors in phishing: An empirical investigation of the deceived. Journal of Management Information Systems, 27(1), 273–303. https://doi.org/10.2753/MIS0742-1222270111
- Yar, M. (2005). The novelty of ‘cybercrime’: An assessment in light of routine activity theory. European Journal of Criminology, 2(4), 407–427. https://doi.org/10.1177/147737080556056
- Yue, W. T., Wang, Q.-H., & Hui, K.-L. (2019). See no evil, hear no evil? Dissecting the impact of online hacker forums. MIS Quarterly, 43(1), 73–95. https://doi.org/10.25300/MISQ/2019/13042
- Zarocostas, J. (2020). How to fight an infodemic. The Lancet, 395(10225), 676. https://doi.org/10.1016/S0140-6736(20)30461-X
- Zimbardo, P. (2008). The Lucifer effect: Understanding how good people turn evil. Random House.