Effect of Frame of Mind on Users' Deception Detection Attitudes and Behaviours

As the World Wide Web grows, the number and variety of deceptive attacks targeting online consumers likewise increases. Extant research has examined online deception from an information processing perspective, that is, how users process information when they encounter deceptive attacks. However, users’ ability to process information is based on what the users are thinking or their frame of mind while engaged with that information. Frame of mind has not been well studied in the security domain. This study proposes the effect of users’ frame of mind on their attitude towards online deception and their actual deception detection behaviour. Specifically, we propose that human information needs and the framing (positive or negative) of important information such as warnings are significant components of users’ frames of mind that impact their vulnerability to online attacks. We conclude the paper by discussing in detail the experimental setup and expected contributions from the analysis.

[1]  Mincong Tang,et al.  Building trust online: Interactions among trust building mechanisms , 2013, Inf. Manag..

[2]  Barbara H. Kwasnik,et al.  A Descriptive Study of the Functional Components of Browsing , 1992, Engineering for Human-Computer Interaction.

[3]  M. Workman Wisecrackers: A theory-grounded investigation of phishing and pretext social engineering threats to information security , 2008 .

[4]  S. Chaiken,et al.  The psychology of attitudes. , 1993 .

[5]  Paul Solomon,et al.  Looking for Information—A Survey of Research on Information Seeking, Needs, and Behavior , 2003, Information Retrieval.

[6]  Thomas D. Wilson,et al.  Human Information Behavior , 2000, Informing Sci. Int. J. an Emerg. Transdiscipl..

[7]  Gordon B. Davis,et al.  User Acceptance of Information Technology: Toward a Unified View , 2003, MIS Q..

[8]  H. Rao,et al.  An Exploration of the Design Features of Phishing Attacks , 2012 .

[9]  Pamela J. McKenzie A model of information practices in accounts of everyday-life information seeking , 2003, J. Documentation.

[10]  Jingguo Wang,et al.  Research Note - A Value-at-Risk Approach to Information Security Investment , 2008, Inf. Syst. Res..

[11]  James A. Senn,et al.  Research in Management Information Systems: The Minnesota Experiments , 1977 .

[12]  T. Cook,et al.  Quasi-experimentation: Design & analysis issues for field settings , 1979 .

[13]  Martín Abadi,et al.  deSEO: Combating Search-Result Poisoning , 2011, USENIX Security Symposium.

[14]  Fred D. Davis Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology , 1989, MIS Q..

[15]  N. Kshetri The Global Cybercrime Industry: Economic, Institutional and Strategic Perspectives , 2010 .

[16]  William L. Simon,et al.  The Art of Deception: Controlling the Human Element of Security , 2001 .

[17]  Eli Cohen,et al.  The perceived utility of information presented via electronic decision aids: A consumer perspective , 1996 .

[18]  Catherine Sheldrick Ross,et al.  Finding without seeking: the information encounter in the context of reading for pleasure , 1999, Inf. Process. Manag..

[19]  M. Zanna,et al.  Enhancing the effectiveness of tobacco package warning labels: a social psychological perspective. , 2002, Tobacco control.

[20]  Paul E. Johnson,et al.  Detecting deception: adversarial problem solving in a low base-rate world , 2001, Cogn. Sci..

[21]  T. D. Wilson,et al.  Models in information behaviour research , 1999, J. Documentation.

[22]  Kalervo Järvelin,et al.  Task complexity affects information seeking and use , 1995 .

[23]  Marcia J. Bates,et al.  Toward an integrated model of information seeking and searching , 2002 .

[24]  Marti A. Hearst,et al.  Why phishing works , 2006, CHI.

[25]  B. Xiao Product-related deceptive information practices in B2C e-commerce : formation, outcomes, and detection , 2010 .

[26]  Lech J. Janczewski,et al.  A Typology Of Social Engineering Attacks - An Information Science Perspective , 2012, PACIS.

[27]  Ritu Agarwal,et al.  Adoption of Electronic Health Records in the Presence of Privacy Concerns: The Elaboration Likelihood Model and Individual Persuasion , 2009, MIS Q..

[28]  Donald W. King,et al.  Communication by Engineers: A Literature Review of Engineers' Information Needs, Seeking Processes, and Use. , 1994 .

[29]  Rui Chen,et al.  An investigation of email processing from a risky decision making perspective , 2011, Decis. Support Syst..

[30]  Kent Marett,et al.  Deception detection under varying electronic media and warning conditions , 2004, 37th Annual Hawaii International Conference on System Sciences, 2004. Proceedings of the.

[31]  James B. Stiff,et al.  Truth Biases and Aroused Suspicion in Relational Deception , 1992 .

[32]  Alex Wang,et al.  Looking Without Seeing: Understanding Unsophisticated Consumers' Success and Failure to Detect Internet Deception , 2001, ICIS.

[33]  S. Grazioli,et al.  Success and failure in expert reasoning , 1992 .

[34]  Alexander J. Rothman,et al.  The Strategic Use of Gain- and Loss-Framed Messages to Promote Healthy Behavior: How Theory Can Inform Practice , 2006 .

[35]  Chun Wei Choo,et al.  A behavioral model of information seeking on the web: preliminary results of a study of how managers and IT specialists use the web , 1998 .

[36]  Sirkka L. Jarvenpaa,et al.  Perils of Internet fraud: an empirical investigation of deception and trust with experienced Internet consumers , 2000, IEEE Trans. Syst. Man Cybern. Part A.

[37]  I. Mann Hacking the Human: Social Engineering Techniques and Security Countermeasures , 2008 .

[38]  S. Grazioli Where Did They Go Wrong? An Analysis of the Failure of Knowledgeable Internet Consumers to Detect Deception Over the Internet , 2004 .

[39]  Joseph Menn Fatal system error : the hunt for the new crime lords who are bringing down the Internet , 2010 .

[40]  L. Fleischer Telling Lies Clues To Deceit In The Marketplace Politics And Marriage , 2016 .

[41]  I. Ajzen,et al.  Attitude-behavior relations: A theoretical analysis and review of empirical research. , 1977 .

[42]  Michael Workman,et al.  A test of interventions for security threats from social engineering , 2008, Inf. Manag. Comput. Secur..

[43]  Schneider,et al.  All Frames Are Not Created Equal: A Typology and Critical Analysis of Framing Effects. , 1998, Organizational behavior and human decision processes.

[44]  S. Chaiken Heuristic versus systematic information processing and the use of source versus message cues in persuasion. , 1980 .

[45]  Markus Jakobsson,et al.  What Instills Trust? A Qualitative Study of Phishing , 2007, Financial Cryptography.

[46]  George Kingsley Zipf,et al.  Human behavior and the principle of least effort , 1949 .

[47]  William C. Gaidis,et al.  The Use of Vivid Stimuli to Enhance Comprehension of the Content of Product Warning Messages , 1989 .

[48]  R. Tibshirani,et al.  Association between cellular-telephone calls and motor vehicle collisions. , 1997, The New England journal of medicine.

[49]  A. Tversky,et al.  Judgment under Uncertainty: Heuristics and Biases , 1974, Science.

[50]  I. Ajzen The theory of planned behavior , 1991 .

[51]  Pauline Bowen,et al.  Information Security Training Requirements: A Role- and Performance-Based Model [DRAFT] , 2009 .

[52]  Detmar W. Straub,et al.  Trust and TAM in Online Shopping: An Integrated Model , 2003, MIS Q..

[53]  Rui Chen,et al.  Why do people get phished? Testing individual differences in phishing vulnerability within an integrated, information processing model , 2011, Decis. Support Syst..

[54]  Anol Bhattacherjee,et al.  Influence Processes for Information Technology Acceptance: An Elaboration Likelihood Model , 2006, MIS Q..

[55]  A. Rubin Media uses and effects: A uses-and-gratifications perspective. , 1994 .

[56]  A. Tversky,et al.  The framing of decisions and the psychology of choice. , 1981, Science.

[57]  Morten Hertzum,et al.  Trust in information sources: seeking information from people, documents, and virtual agents , 2002, Interact. Comput..

[58]  Robert W. Zmud,et al.  Inducing Sensitivity to Deception in Order to Improve Decision Making Performance: A Field Study , 2002, MIS Q..

[59]  Izak Benbasat,et al.  The Effects of Trust-Assuring Arguments on Consumer Trust in Internet Stores: Application of Toulmin's Model of Argumentation , 2006, Inf. Syst. Res..