Advanced search
Publication Cover
Journal of Management Information Systems Volume 27, 2010 - Issue 1
Journal homepage
1,141
Views
137
CrossRef citations to date
0
Altmetric
Original Article

The Influence of Experiential and Dispositional Factors in Phishing: An Empirical Investigation of the Deceived

Ryan T. Wright Department of Technology, Innovation, and Entrepreneurship, University of San Francisco
&
Kent Marett Mississippi State University
Pages 273-303 | Published online: 08 Dec 2014

References

  • Ahuja, M. K., and Thatcher, J. B. Moving beyond intentions and toward the theory of trying: Effects of work environment and gender on post-adoption information technology use. MIS Quarterly, 29, 3 (2005), 427-459.
  • Bellovin, S. M. Spamming, phishing, authentication, and privacy. Communications of the ACM, 47, 12 (2004), 144.
  • Berghel, H. Phishing mongers and posers. Communications of the ACM, 49, 4 (2006), 21-25.
  • Biros, D.; George, J.; and Zmud, R. Inducing sensitivity to deception in order to improve decision making performance: A field study. MIS Quarterly, 26, 2 (2002), 119-144.
  • Bond, C. F., and DePaulo, B. M. Accuracy of deception judgments. Personality and Social Psychology Review, 10, 3 (2006), 214-234.
  • Brown, T. A. Confirmatory Factory Analysis for Applied Research. New York: Guilford Press, 2006.
  • Buller, D., and Burgoon, J. K. Interpersonal deception theory. Communication Theory, 6, 3 (1996), 203-242.
  • Burgoon, J.; Bonito, J.; and Kam, K. Communication and trust under face-to-face and mediated conditions: Implications for leading from a distance. In S. Weisband and L. Atwater (eds.), Leadership at a Distance. Mahwah, NJ: Lawrence Erlbaum, 2004.
  • Burgoon, J.; Buller, D.; Ebesu, A.; and Rockwell, P. Interpersonal deception: V. Accuracy in deception detection. Communication Monographs, 61, 4 (1994), 303-325.
  • Carlson, J. R., and George, J. Media appropriateness in the conduct and discovery of deceptive communication: The relative influence of richness and synchronicity. Group Decision and Negotiation, 13, 2 (2004), 191-210.
  • Carlson, J. R., and Zmud, R. Channel expansion theory and the experiential nature of media richness perceptions. Academy of Management Review, 42, 2 (1999), 153-170.
  • Carlson, J. R.; George, J. F.; Burgoon, J. K.; Adkins, M.; and White, C. H. Deception in computer-mediated communication. Group Decision and Negotiation, 13, 1 (2004), 5-28.
  • Charki, M., and Josserand, E. Online reverse auctions and the dynamics of trust. Journal of Management Information Systems, 24, 4 (Spring 2008), 175-197.
  • Compeau, D. R., and Higgins, C. A. Application of social cognitive theory to training for computer skills. Information Systems Research, 6, 2 (1995), 118-143.
  • Compeau, D. R., and Higgins, C. A. Computer self-efficacy: Development of a measure and initial test. MIS Quarterly, 19, 2 (1995), 189-211.
  • Cooper, R., and Kahai, S. Exploring the core concepts of media richness theory: The impact of cue multiplicity and feedback immediacy on decision quality. Journal of Management Information Systems, 20, 1 (Summer 2003), 263-299.
  • Dennis, A. R.; Fuller, R. M.; and Valacich, J. S. Media, tasks, and communication processes: A theory of media synchronicity. MIS Quarterly, 32, 3 (2008), 575-600.
  • DePaulo, B.; Lindsay, J. J.; Malone, B. E.; Muhlenbruck, L.; Charlton, K.; and Cooper, H. Cues to deception. Psychological Bulletin, 129, 1 (2003), 74-118.
  • Dhamija, R.; Tygar, J. D.; and Hearst, M. Why phishing works. In R. Grinter, T. Rodden, P. Aoki, E. Cutrell, R. Jeffries, and G. Olson (eds.), Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. New York: ACM Press, 2006, pp. 581-590.
  • Dinev, T., and Hart, P. Internet privacy concerns and social awareness as determinants of intention to transact. International Journal of Electronic Commerce, 10, 2 (Winter 2005-6), 7-29.
  • Downs, J.; Holbrook, M.; and Cranor, L. Decision strategies and susceptibility to phishing. In L. F. Cranor (ed.), Proceedings of the Second Symposium on Usable Privacy and Security (SOUPS). New York: ACM Press, 2006.
  • Ekman, P.; O'Sullivan, M.; Friesen, W.; and Scherer, K. Face, voice, and body in detecting deceit. Journal of Nonverbal Behavior, 15, 2 (1991), 125-135.
  • Everard, A., and Galletta, D. F. How presentation flaws affect perceived site quality, trust, and intention to purchase from an online store. Journal of Management Information Systems, 22, 3 (2005), 55-95.
  • Evers, J. Security expert: User education is pointless. CNET News, 2009 (available at http://news.cnet.com/2100-7350_3-6125213.html
  • Featherman, M. S., and Pavlou, P. A. Predicting e-services adoption: A perceived risk facets perspective. International Journal of Human-Computer Studies, 59, 4 (2003), 451-474.
  • Fornell, C., and Larcker, D. F. Evaluating structural equations models with unobservable variables and measurement error. Journal of Marketing Research, 18, 1 (1981), 39-50.
  • Fu, A. Y.; Wenyin, L.; and Deng, X. T. Detecting phishing Web pages with visual similarity assessment based on earth mover's distance (EMD). IEEE Transactions on Dependable and Secure Computing, 3, 4 (2006), 301-311.
  • Gabrieal, I. J., and Nyshadham, E. A cognitive map of people's online risk perceptions and attitudes: An empirical study. In R. H. Sprague (ed.), Proceedings of the 41st Annual Hawaii International Conference on System Sciences. Los Alamitos, CA: IEEE Computer Society Press, 2008 (available at www.computer.org/portal/web/csdl/doi/10.1109/HICSS.2008.6
  • Gartner survey shows phishing attacks escalated in 2007; More than $3 billion lost to these attacks. Press Release Gartner, Stamford, CT, December 17, 2007 (available at www.gartner.com/it/page.jsp?id=565125
  • Gefen, D.; Benbasat, I.; and Pavlou, P. A research agenda for trust in online environments. Journal of Management Information Systems, 24, 4 (Spring 2008), 275-286.
  • Gefen, D.; Straub, D.; and Boudreau, M. Structural equation modeling and regression: Guidelines for research practice. Communications of the AIS, 4, 7 (2000), 1-77.
  • George, J. F., and Carlson, J. R. Group support systems and deceptive communications. In R. H. Sprague (ed.), Proceedings of the 32nd Annual Hawaii International Conference on System Sciences. Los Alamitos, CA: IEEE Computer Society Press, 1999, pp. 1-10.
  • Goldsmith, J., and Wu, T. Who Controls the Internet? Illusions of a Borderless World. New York: Oxford University Press, 2006.
  • Gone phishing … A brief on anti-phishing exercise. New York State Office of Cyber Security & Critical Infrastructure Coordination, New York, 2005.
  • Goth, G. Phishing attacks rising, but dollar losses down. IEEE Security & Privacy, 3, 1 (2005), 8.
  • Grazioli, S., and Jarvenpaa, S. Perils of Internet fraud: An empirical investigation of deception and trust with experienced Internet consumers. IEEE Transactions on System, Man, and Cybernetics, 30, 4 (2000), 395-410.
  • Grazioli, S., and Jarvenpaa, S. Consumer and business deception on the Internet: Content analysis of documentary evidence. International Journal of Electronic Commerce, 7, 4 (Summer 2003), 93-118.
  • Greenberg, J. The college sophomore as guinea pig: Setting the record straight. Academy of Management Review, 12, 1 (1987), 157-159.
  • Gretzel, U., and Fesenmaier, D. R. Persuasion in recommender systems. International Journal of Electronic Commerce, 11, 2 (Winter 2006-7), 81-100.
  • Gulati, R., and Gargiulo, M. Where do interorganizational networks come from? American Journal of Sociology, 104, 1 (1999), 1439-1493.
  • Hair, J. F., Jr.; Anderson, R. E.; Tatham, R. L.; and Black, W. C. Multivariate Data Analysis with Readings. Englewood Cliffs, NJ: Prentice Hall, 1998.
  • Hess, T.; Fuller, M.; and Mathew, J. Involvement and decision-making performance with a decision aid: The influence of social multimedia, gender, and playfulness. Journal of Management Information Systems, 22, 3 (Winter 2005-6), 15-54.
  • Hoffman, D., Novak, T., and Peralta, M. Building consumer trust online. Communications of the ACM, 42, 4 (1999), 80-85.
  • Hsieh, J. J. P.-A.; Rai, A.; and Keil, M. Understanding digital inequality: Comparing continued use behavioral models of the socio-economically advantaged and disadvantaged. MIS Quarterly, 32, 1 (2008), 97-126.
  • Hughes, C., and Gibson, M. L. Students as surrogates for managers in a decision-making environment: An experimental study. Journal of Management Information Systems, 8, 2 (Fall 1991), 153-166.
  • Jagatic, T. N.; Johnson, N. A.; Jakobsson, M.; and Menczer, F. Social phishing. Communications of the ACM, 50, 10 (2007), 94-100.
  • Jarvenpaa, S. L., and Todd, P. Consumer reactions to electronic shopping on the World Wide Web. International Journal of Electronic Commerce, 2, 1 (Fall 1997), 59-88.
  • Jarvenpaa, S. L.; Tractinsky, N.; and Saarinen, L. Consumer trust in an Internet store: A cross-cultural validation. Journal of Computer-Mediated Communication, 5, 2 (2000), 45-71.
  • Jessup, L., and Valacich, J. Information Systems Today. Upper Saddle River, NJ: Pearson Prentice Hall, 2005.
  • Kacmar, M.; Ratcliff, S.; and Ferris, G. Employment interview research: Internal and external validity. In R. W. Eeder and G. R. Ferris (eds.), The Employment Interview: Theory, Research, and Practice. Newbury Park, CA: Sage, 1989, 32-42.
  • Kline, T. Psychological Testing: A Practical Approach to Design and Evaluation. London: Sage, 2005.
  • Kumaraguru, P.; Rhee, Y.; Acquisti, A.; Cranor, L.; Hong, J.; and Nunge, E. Protecting people from phishing: The design and evaluation of an embedded training email systems. In B. Begole, S. Payne, E. Churchill, R. St. Amant, D. Gilmore, and M. B. Rosson (eds.), Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. New York: ACM Press, 2007.
  • Larcom, G., and Elbirt, A. J. Gone phishing. IEEE Technology and Society Magazine, 25, 3 (2006), 52-55.
  • Lewicki, R.; McAllister, D.; and Bies, R. Trust and distrust: New relationships and realities. Academy of Management Review, 23, 3 (1998), 438-458.
  • Liu, W.; Deng, X.; Huang, G.; and Fu, A. Y. An antiphishing strategy based on visual similarity assessment. IEEE Internet Computing, 10, 2 (2006), 58-65.
  • Malhotra, N. K.; Kim, S. S.; and Agarwal, J. Internet users' information privacy concerns (IUIPC): The construct, the scale, and a causal model. Information Systems Research, 15, 4 (2004), 336-355.
  • Mayer, R. C.; Davis, J. H.; and Schoorman, F. D. An integrative model of organizational trust. Academy of Management Review, 20, 3 (1995), 709-734.
  • McKnight, D. H., and Chervany, N. What trust means in e-commerce customer relationships: An interdisciplinary conceptual typology. International Journal of Electronic Commerce, 6, 2 (Winter 2001-2), 35-59.
  • McKnight, D. H.; Choudhury, V.; and Kacmar, C. Developing and validating trust measures for e-commerce: An integrative typology. Information Systems Research, 13, 3 (2002), 334-359.
  • McKnight, D. H.; Kacmar, C.; and Choudhury, V. Dispositional trust and distrust distinctions in predicting high- and low-risk Internet expert advice site perceptions. e-Service Journal, 3, 2 (2004), 35-58.
  • McKnight, D. H.; Kacmar, C.; and Choudhury, V. Whoops … Did I use the wrong construct to predict e-commerce trust? Modeling the risk-related effects of trust versus distrust concepts. In R. H. Sprague (ed.), Proceedings of the 36th Annual Hawaii International Conference on System Sciences. Los Alamitos, CA: IEEE Computer Society Press, 2003 (available at www.hicss.hawaii.edu/HICSS36/HICSSpapers/INCRM04.pdf
  • McKnight, H.; Cummings, L. L.; and Chervany, N. Initial trust formation in new organizational relationships. Academy of Management Review, 23, 3 (1998), 473-490.
  • Miller, G. R., and Stiff, J. B. Deceptive Communication. London: Sage, 1993.
  • Mitnick, K. D., and Simon, W. The Art of Intrusion. Indianapolis: Wiley, 2005.
  • Muthen, B. Goodness of fit with categorical and other non-normal variables. In K. A. Bollen and J. S. Long (eds.), Testing Structural Equation Models. Newbury Park, CA: Sage, 1993, 205-243.
  • Muthen, L. K., and Muthen, B. Mplus User's Guide. Los Angeles: Muthen & Muthen, 2007.
  • Nicholson, D.; Nicholson, J.; Parboteeah, V.; and Valacich, J. Using distraction-conflict theory to measure the effects of distractions on individual task performance in a wireless mobile environment. In R. H. Sprague (ed.), Proceedings of the 38th Annual Hawaii International Conference on System Sciences. Los Alamitos, CA: IEEE Computer Society Press, 2005 (available at www.computer.org/portal/web/csdl/doi/10.1109/HICSS.2005.657
  • Nunnally, J. C., and Bernstein, I. H. Psychometric Theory. New York: McGraw-Hill, 1994.
  • Park, H. S.; Levine, T.; McCornack, S.; Morrison, K.; and Ferrara, M. How people really detect lies. Communication Monographs, 69, 2 (2002), 144-157.
  • Phishing activity trends report. Anti-Phishing Working Group. Chicago, 2006.
  • Protecting against phishing by implementing strong two-factor authentication. White Paper, RSA Security, Bedford, MA, 2008.
  • Rao, S., and Lim, J. The impact of involuntary cues on media effects. In R. H. Sprague (ed.), Proceedings of the 33rd Annual Hawaii International Conference of System Sciences. Los Alamitos, CA: IEEE Computer Society Press, 2000.
  • Santhanam, R.; Sasidharan, S.; and Webster, J. Using self-regulatory learning to enhance e-learning-based information technology training. Information Systems Research, 19, 1 (2008), 26-47.
  • Sheng, S.; Magnien, B.; Kumaraguru, P.; Acquisti, A.; Cranor, L. F.; Hong, J.; and Nunge, E. Anti-phishing Phil: The design and evaluation of a game that teaches people not to fall for phish. In L. F. Cranor (ed.), Proceedings of the Third Symposium on Usable Privacy and Security (SOUPS). New York: ACM Press, 2007.
  • Sitkin, S., and Pablo, A. Reconceptualizing the determinants of risk behavior. Academy of Management Review, 17, 1 (1992), 9-38.
  • Sitkin, S., and Weingart, L. Determinants of risky decision-making behavior: A test of the mediating role of risk perceptions and propensity. Academy of Management Journal, 38, 6 (1995), 1573-1592.
  • Spurling, P. Promoting security awareness and commitment. Information Management & Computer Security, 3, 2 (1995), 20-26.
  • Stanton, J. M.; Stam, K. R.; Mastrangelo, P.; and Jolton, J. Analysis of end user security behaviors. Computers & Security, 24, 2 (2005), 124-133.
  • Straub, D. W. Effective IS security: An empirical study. Information Systems Research, 1, 2 (1990), 255-277.
  • Straub, D. W., and Welke, R. J. Coping with systems risk: Security planning models for management decision making. MIS Quarterly, 22, 4 (1998), 441-469.
  • Vrij, A. Detecting Lies and Deceit: The Psychology of Lying and the Implications for Professional Practice. Chichester, UK: John Wiley & Sons, 2000.
  • Weber, E., and Milliman, R. Perceived risk attitudes: Relating risk perception to risky choice. Management Science, 43, 2 (1997), 123-145.
  • Webster, J., and Ahuja, J. S. Enhancing the design of web navigation systems: The influence of user disorientation on engagement and performance. MIS Quarterly, 30, 3 (2006), 661-678.
  • Wu, M.; Miller, R. C.; and Garfinkel, S. L. Do security toolbars actually prevent phishing attacks? In R. Grinter, T. Rodden, P. Aoki, E. Cutrell, R. Jeffries, and G. Olson (eds.), Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. New York: ACM Press, 2006.
  • Yao, M. Z.; Rice, R. E.; and Wallis, K. Predicting user concerns about online privacy. Journal of the American Society for Information Science & Technology, 58, 5 (2007), 710-722.
  • Zhou, L. An empirical investigation of deception behavior in instant messaging. IEEE Transactions on Professional Communication, 48, 2 (2005), 147-160.
  • Zhou, L.; Burgoon, J. K.; Twitchell, D. P.; Qin, T.; and Nunamaker, J. R., Jr. A comparison of classification methods for predicting deception in computer-mediated communication. Journal of Management Information Systems, 20, 4 (Spring 2004), 139-166.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.