Because successful phishing attacks are expensive to society, it is imperative to understand how to promote protective behavior for IS end-users. Our research program in progress will extend IS Security research by empirically testing a theoretical hybrid continuum-stage model of protective behavior of IS end-users. The results of the first step of our research program confirmed that users progress through stages of preventive behavior, ranging from a denial stage (Stage 0), an awareness stage (Stage 1), and, finally, a coping and planning stage (Stage 2) over time. Thus, there is a need to understand how we can design and empirically test stage-appropriate interventions to move users from one stage to the next. Informed by the literature in health behavior change models, this proposed second phase of our research program will longitudinally monitor the effects of both simulated phishing attempts and stage-appropriate interventions in a field experiment.