网络安全网络钓鱼攻击背景下的设备和风险规避行为

IF 27 1区管理学 Q1 INFORMATION SCIENCE & LIBRARY SCIENCE

International Journal of Information Management Pub Date : 2025-05-19 DOI:10.1016/j.ijinfomgt.2025.102919

Naama Ilany-Tzur , Lior Fink

{"title":"网络安全网络钓鱼攻击背景下的设备和风险规避行为","authors":"Naama Ilany-Tzur , Lior Fink","doi":"10.1016/j.ijinfomgt.2025.102919","DOIUrl":null,"url":null,"abstract":"<div><div>Phishing has been the most common type of cybercrime in recent years. The fact that successful phishing attempts require victims to collaborate with their attackers highlights the importance of identifying factors that influence users’ avoidance behavior. Drawing from evidence that mobile users process information differently than personal computer (PC) users, this research suggests that the device used may influence users’ risk-avoidance behavior, as manifested in their tendency to avoid clicking on potentially risky messages. Indeed, three studies suggest that mobile users are more risk-avoidant than PC users. Specifically, analyzing data from a cybersecurity company regarding ∼500,000 URL requests in a sample of household networks, we show that mobile devices are less likely than PCs to access unsafe URLs. Next, in two online controlled experiments in which device and URL risk levels were randomly assigned, we show that mobile users are less likely than PC users to click on a URL in a phishing-like message. Notably, this difference is observed for lower-risk URLs, whereas PC and mobile users display similar risk-avoidance tendencies in the presence of highly risky URLs. This work contributes to the mobile use literature, as well as to developing information systems theory regarding technology-threat avoidance, by showing that the device used is a contextual factor influencing users’ susceptibility to phishing attacks.</div></div>","PeriodicalId":48422,"journal":{"name":"International Journal of Information Management","volume":"84 ","pages":"Article 102919"},"PeriodicalIF":27.0000,"publicationDate":"2025-05-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Device and risk-avoidance behavior in the context of cybersecurity phishing attacks\",\"authors\":\"Naama Ilany-Tzur , Lior Fink\",\"doi\":\"10.1016/j.ijinfomgt.2025.102919\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Phishing has been the most common type of cybercrime in recent years. The fact that successful phishing attempts require victims to collaborate with their attackers highlights the importance of identifying factors that influence users’ avoidance behavior. Drawing from evidence that mobile users process information differently than personal computer (PC) users, this research suggests that the device used may influence users’ risk-avoidance behavior, as manifested in their tendency to avoid clicking on potentially risky messages. Indeed, three studies suggest that mobile users are more risk-avoidant than PC users. Specifically, analyzing data from a cybersecurity company regarding ∼500,000 URL requests in a sample of household networks, we show that mobile devices are less likely than PCs to access unsafe URLs. Next, in two online controlled experiments in which device and URL risk levels were randomly assigned, we show that mobile users are less likely than PC users to click on a URL in a phishing-like message. Notably, this difference is observed for lower-risk URLs, whereas PC and mobile users display similar risk-avoidance tendencies in the presence of highly risky URLs. This work contributes to the mobile use literature, as well as to developing information systems theory regarding technology-threat avoidance, by showing that the device used is a contextual factor influencing users’ susceptibility to phishing attacks.</div></div>\",\"PeriodicalId\":48422,\"journal\":{\"name\":\"International Journal of Information Management\",\"volume\":\"84 \",\"pages\":\"Article 102919\"},\"PeriodicalIF\":27.0000,\"publicationDate\":\"2025-05-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Information Management\",\"FirstCategoryId\":\"91\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0268401225000519\",\"RegionNum\":1,\"RegionCategory\":\"管理学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"INFORMATION SCIENCE & LIBRARY SCIENCE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Information Management","FirstCategoryId":"91","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0268401225000519","RegionNum":1,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"INFORMATION SCIENCE & LIBRARY SCIENCE","Score":null,"Total":0}

引用次数: 0

摘要

网络钓鱼是近年来最常见的网络犯罪类型。成功的网络钓鱼尝试需要受害者与攻击者合作，这一事实突出了识别影响用户回避行为的因素的重要性。有证据表明，移动用户处理信息的方式与个人电脑（PC）用户不同，这项研究表明，所使用的设备可能会影响用户的风险规避行为，这表现在他们倾向于避免点击潜在的风险信息。事实上，有三项研究表明，手机用户比PC用户更倾向于规避风险。具体来说，通过分析一家网络安全公司关于家庭网络样本中约50万个URL请求的数据，我们发现移动设备访问不安全URL的可能性低于pc。接下来，在两个随机分配设备和URL风险级别的在线控制实验中，我们发现移动用户比PC用户更不可能点击类似网络钓鱼的邮件中的URL。值得注意的是，这种差异是在低风险url中观察到的，而PC和移动用户在高风险url中表现出类似的风险规避倾向。通过表明所使用的设备是影响用户对网络钓鱼攻击易感性的上下文因素，这项工作有助于移动使用文献，以及开发有关技术威胁避免的信息系统理论。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Device and risk-avoidance behavior in the context of cybersecurity phishing attacks

Phishing has been the most common type of cybercrime in recent years. The fact that successful phishing attempts require victims to collaborate with their attackers highlights the importance of identifying factors that influence users’ avoidance behavior. Drawing from evidence that mobile users process information differently than personal computer (PC) users, this research suggests that the device used may influence users’ risk-avoidance behavior, as manifested in their tendency to avoid clicking on potentially risky messages. Indeed, three studies suggest that mobile users are more risk-avoidant than PC users. Specifically, analyzing data from a cybersecurity company regarding ∼500,000 URL requests in a sample of household networks, we show that mobile devices are less likely than PCs to access unsafe URLs. Next, in two online controlled experiments in which device and URL risk levels were randomly assigned, we show that mobile users are less likely than PC users to click on a URL in a phishing-like message. Notably, this difference is observed for lower-risk URLs, whereas PC and mobile users display similar risk-avoidance tendencies in the presence of highly risky URLs. This work contributes to the mobile use literature, as well as to developing information systems theory regarding technology-threat avoidance, by showing that the device used is a contextual factor influencing users’ susceptibility to phishing attacks.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

International Journal of Information Management INFORMATION SCIENCE & LIBRARY SCIENCE-

CiteScore

53.10

自引率

6.20%

发文量

111

审稿时长

24 days

期刊介绍： The International Journal of Information Management (IJIM) is a distinguished, international, and peer-reviewed journal dedicated to providing its readers with top-notch analysis and discussions within the evolving field of information management. Key features of the journal include: Comprehensive Coverage: IJIM keeps readers informed with major papers, reports, and reviews. Topical Relevance: The journal remains current and relevant through Viewpoint articles and regular features like Research Notes, Case Studies, and a Reviews section, ensuring readers are updated on contemporary issues. Focus on Quality: IJIM prioritizes high-quality papers that address contemporary issues in information management.