Impact of Information Seeking and Warning Frames on Online Deception:A Quasi-Experiment

ABSTRACT As the World Wide Web grows, the number and variety of online deceptive attacks likewise increases. Extant research examines online deception from an information processing perspective. However, users’ ability to process information is partly based on their information seeking modes. Information seeking has not been well studied in the security domain. Accordingly, this study explores the effect of users’ information seeking modes on their deception detection behavior. Specifically, we propose that human information needs and the framing of important information such as warnings significantly impact users’ vulnerability to online deception. Results suggest that users are more vulnerable to deception when they are actively seeking information compared with when seeking information passively and that warning frames have a positive effect on users’ attitude toward dealing with online deception. The findings also suggest that users’ attitudes and behaviors are not aligned.

[1]  L. Janczewski,et al.  Social Engineering Preparedness of Online Banks: An Asia-Pacific Perspective , 2013 .

[2]  I. Ajzen The theory of planned behavior , 1991 .

[3]  Pamela J. McKenzie A model of information practices in accounts of everyday-life information seeking , 2003, J. Documentation.

[4]  M. Sherif,et al.  The psychology of attitudes. , 1946, Psychological review.

[5]  Jeffrey Barlow,et al.  Fatal System Error. The Hunt for the New Crime Lords Who Are Bringing Down the Internet , 2010 .

[6]  Thomas D. Wilson,et al.  Human Information Behavior , 2000, Informing Sci. Int. J. an Emerg. Transdiscipl..

[7]  Fred D. Davis Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology , 1989, MIS Q..

[8]  A. Rubin Media uses and effects: A uses-and-gratifications perspective. , 1994 .

[9]  T. Cook,et al.  Quasi-experimentation: Design & analysis issues for field settings , 1979 .

[10]  J. Burgoon,et al.  Interpersonal Deception Theory , 1996 .

[11]  Lech J. Janczewski,et al.  A Typology Of Social Engineering Attacks - An Information Science Perspective , 2012, PACIS.

[12]  Indranil Bose,et al.  Assessing anti-phishing preparedness: A study of online banks in Hong Kong , 2008, Decis. Support Syst..

[13]  Alexander J. Rothman,et al.  The Strategic Use of Gain- and Loss-Framed Messages to Promote Healthy Behavior: How Theory Can Inform Practice , 2006 .

[14]  Alexander J. Rothman,et al.  Shaping perceptions to motivate healthy behavior: the role of message framing. , 1997, Psychological bulletin.

[15]  Marcia J. Bates,et al.  Toward an integrated model of information seeking and searching , 2002 .

[16]  Serge Vaudenay,et al.  Proceedings of the Cryptology in Africa 1st international conference on Progress in cryptology , 2008 .

[17]  Anol Bhattacherjee,et al.  Influence Processes for Information Technology Acceptance: An Elaboration Likelihood Model , 2006, MIS Q..

[18]  Ritu Agarwal,et al.  Adoption of Electronic Health Records in the Presence of Privacy Concerns: The Elaboration Likelihood Model and Individual Persuasion , 2009, MIS Q..

[19]  M. Zanna,et al.  Enhancing the effectiveness of tobacco package warning labels: a social psychological perspective. , 2002, Tobacco control.

[20]  Kalervo Järvelin,et al.  Task Complexity Affects Information Seeking and Use , 1995, Inf. Process. Manag..

[21]  Sharon M. Gray Looking for Information: A Survey of Research on Information Seeking, Needs, and Behavior. , 2003 .

[22]  N. Kshetri The Global Cybercrime Industry , 2010 .

[23]  Hock-Hai Teo,et al.  The Role of Push-Pull Technology in Privacy Calculus: The Case of Location-Based Services , 2009, J. Manag. Inf. Syst..

[24]  Pauline Bowen,et al.  Information Security Training Requirements: A Role- and Performance-Based Model [DRAFT] , 2009 .

[25]  Chun Wei Choo,et al.  A behavioral model of information seeking on the web: preliminary results of a study of how managers and IT specialists use the web , 1998 .

[26]  T. D. Wilson,et al.  Models in information behaviour research , 1999, J. Documentation.

[27]  Barbara H. Kwasnik,et al.  A Descriptive Study of the Functional Components of Browsing , 1992, Engineering for Human-Computer Interaction.

[28]  E. Brunswik Perception and the Representative Design of Psychological Experiments , 1957 .

[29]  Alex Wang,et al.  Looking Without Seeing: Understanding Unsophisticated Consumers' Success and Failure to Detect Internet Deception , 2001, ICIS.

[30]  Martin Fishbein,et al.  The AB Scales , 1962 .

[31]  S. Grazioli,et al.  Success and failure in expert reasoning , 1992 .

[32]  James B. Stiff,et al.  Truth Biases and Aroused Suspicion in Relational Deception , 1992 .

[33]  Kent Marett,et al.  Group Deception in Computer-Supported Environments , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[34]  Detmar W. Straub,et al.  Trust and TAM in Online Shopping: An Integrated Model , 2003, MIS Q..

[35]  Rui Chen,et al.  Why do people get phished? Testing individual differences in phishing vulnerability within an integrated, information processing model , 2011, Decis. Support Syst..

[36]  Gordon B. Davis,et al.  User Acceptance of Information Technology: Toward a Unified View , 2003, MIS Q..

[37]  David Ellis,et al.  A behavioural model for information retrieval system design , 1989, J. Inf. Sci..

[38]  S. Grazioli Where Did They Go Wrong? An Analysis of the Failure of Knowledgeable Internet Consumers to Detect Deception Over the Internet , 2004 .

[39]  Kent Marett,et al.  Deception detection under varying electronic media and warning conditions , 2004, 37th Annual Hawaii International Conference on System Sciences, 2004. Proceedings of the.

[40]  Catherine Sheldrick Ross,et al.  Finding without seeking: the information encounter in the context of reading for pleasure , 1999, Inf. Process. Manag..

[41]  James A. Senn,et al.  Research in Management Information Systems: The Minnesota Experiments , 1977 .

[42]  Martín Abadi,et al.  deSEO: Combating Search-Result Poisoning , 2011, USENIX Security Symposium.

[43]  N. Kshetri The Global Cybercrime Industry: Economic, Institutional and Strategic Perspectives , 2010 .

[44]  William L. Simon,et al.  The Art of Deception: Controlling the Human Element of Security , 2001 .

[45]  Robert W. Zmud,et al.  Inducing Sensitivity to Deception in Order to Improve Decision Making Performance: A Field Study , 2002, MIS Q..

[46]  Niels Provos,et al.  The Ghost in the Browser: Analysis of Web-based Malware , 2007, HotBots.

[47]  A. Tversky,et al.  Judgment under Uncertainty: Heuristics and Biases , 1974, Science.

[48]  Kevin Townsend R&D: The art of social engineering , 2010 .

[49]  George Kingsley Zipf,et al.  Human behavior and the principle of least effort , 1949 .

[50]  William C. Gaidis,et al.  The Use of Vivid Stimuli to Enhance Comprehension of the Content of Product Warning Messages , 1989 .

[51]  L. Fleischer Telling Lies Clues To Deceit In The Marketplace Politics And Marriage , 2016 .

[52]  I. Ajzen,et al.  Attitude-behavior relations: A theoretical analysis and review of empirical research. , 1977 .

[53]  Judee K. Burgoon,et al.  Interpersonal Deception Theory , 1996 .

[54]  S. Chaiken Heuristic versus systematic information processing and the use of source versus message cues in persuasion. , 1980 .

[55]  Markus Jakobsson,et al.  What Instills Trust? A Qualitative Study of Phishing , 2007, Financial Cryptography.