Developing a measure of information seeking about phishing

Phishing e-mails are fraudulent e-mails used to gain access to sensitive information or secure computer systems. They persuade users to click on malicious links, download attachments, or provide sensitive information, such as usernames or passwords. One approach that aims to reduce people’s susceptibility to phishing is the provision of information to users regarding the phishing threat and the techniques used within phishing e-mails. In line with this, awareness campaigns are often used within organizations and wider society to raise awareness of phishing and encourage people to engage with protective information. In order to understand how current and future interventions regarding phishing may be consumed by users, as well as their potential impact on phishing susceptibility, it is important to conduct theoretically based research that provides a foundation to investigate these issues. This study provides a first step in addressing this by developing and validating a theoretically based survey measure across two studies centered upon the constructs of protection motivation theory (perceived vulnerability, severity, self-efficacy and response efficacy) to assess the factors that influence whether people choose to keep up to date with protective information about phishing.