Understanding responses to phishing in Saudi Arabia via the theory of planned behaviour

Saudi Arabia has seen an enormous growth in Internet usage over the past few years. With increasing adoption of this technology has come a rise in cyber crime, often enabled through use of social engineering. Phishing is a prime example, aiming to deceive users into revealing personal data. The paper describes efforts to understand individuals’ responses to phishing attacks through application of the Theory of Planned Behaviour (TPB). It reports a survey that considers three common social engineering persuading strategies, Authority, Social Proof and Scarcity. Results show correlations between these strategies and TPB. In particular, between attitude and intention to respond under the Authority strategy; subjective norms and intention to respond under the Social Proof strategy; and subjective norms and intention to respond under the Scarcity strategy.