Fishing for phishy messages: predicting phishing susceptibility through the lens of cyber-routine activities theory and heuristic-systematic model

Abstract

Read online

Abstract Mobile phishing has emerged as one of the most severe cybercrime threats; thus, research must examine the factors affecting people’s likelihood of becoming instant messaging phishing targets. In this study, we draw on the cyber-routine activity theory (Cyber-RAT) and heuristic-systematic model (HSM) to predict Gen-Zers’ phishing susceptibility. Based on online survey data (n = 361), the proposed research model was validated via structural equation modeling conducted with SmartPLS 4. Findings indicate that engaging in online risky behavior (social media: instant messaging, vocational, and leisure activities) increases Gen-Zers’ exposure to phishers, increasing their likelihood of becoming instant messaging phishing targets. Phishing messages with a desirable or relevant topic (high message involvement) significantly impact Gen-Zers’ phishing susceptibility. Gen-Zers’ phishing susceptibility is also influenced by phishing messages with persuasive cues. While knowledge of the phishing domain does not directly influence Gen-Zers’ susceptibility to phishing attacks, it significantly motivated them to adopt effective online security management practices on social instant messaging platforms. This paper discusses how these findings implicate online users and inform agencies to promote knowledge for understanding and detecting phishing attacks to avoid victimization.