It won’t happen to me: Promoting secure behaviour among internet users

Davinson, Nicola and Sillence, Elizabeth (2010) It won’t happen to me: Promoting secure behaviour among internet users. Computers in Human Behavior, 26 (6). pp. 1739-1747. ISSN 0747-5632

Full text not available from this repository. (Request a copy)
Official URL:


Fraudulent activity on the Internet, in particular the practice known as ‘Phishing’, is on the increase. Although a number of technology focussed counter measures have been explored user behaviour remains fundamental to increased online security. Encouraging users to engage in secure online behaviour is difficult with a number of different barriers to change. Guided by a model adapted from health psychology this paper reports on a study designed to encourage secure behaviour online. The study aimed to investigate the effects of education via a training program and the effects of risk level manipulation on subsequent self-reported behaviour online. The training program ‘Anti-Phishing Phil’ informed users of the common types of phishing threats and how to identify them whilst the risk level manipulation randomly allocated participants to either high risk or low risk of becoming a victim of online fraud. Sixty-four participants took part in the study, which comprised of 9 males and 55 females with an age range of 18–43 years. Participants were randomly allocated to one of four experimental groups. High threat information and/or the provision of phishing education were expected to increase self-reports of secure behaviour. Secure behaviour was measured at three stages, a baseline measure stage, an intention measure stage, and a 7-day follow-up measure stage. The results showed that offering a seemingly tailored risk message increased users’ intentions to act in a secure manner online regardless of whether the risk message indicated they were at high or low risk of fraud. There was no effect of the training programme on secure behaviour in general. The findings are discussed in relation to the model of behaviour change, information provision and the transferability of training.

Item Type: Article
Uncontrolled Keywords: security, risk perception, risk information, training, phishing
Subjects: G900 Others in Mathematical and Computing Sciences
Department: Faculties > Health and Life Sciences > Psychology
Depositing User: Ay Okpokam
Date Deposited: 09 Feb 2012 16:13
Last Modified: 12 Oct 2019 16:29

Actions (login required)

View Item View Item


Downloads per month over past year

View more statistics