This study investigates users’ coping responses in the process of phishing email detection. Three common responses are identified based on the coping literature: task-focused coping, emotion-focused coping (i.e., worry and self-criticism), and avoidance coping. The three responses are used to conceptualize a higher-order construct, coping adaptiveness, that resides on a continuum between maladaptive coping and adaptive coping (manifested as increased task-focused coping and decreased emotion-focused coping and avoidance coping). Drawing on the extended parallel process model and behavioral decision-making literature, this paper examines the antecedents (i.e., perceived phishing threat, perceived detection efficacy, and phishing anxiety) and behavioral consequences (i.e., detection effort and detection accuracy) of coping adaptiveness. A survey experiment with 547 U.S. consumers was conducted. The results show that perceived detection efficacy increases coping adaptiveness. Partially mediated by phishing anxiety, perceived phishing threat decreases coping adaptiveness. Coping adaptiveness positively impacts the two objective measures in the study, detection effort and detection accuracy. The results also suggest that coping adaptiveness and detection effort have different effects on false positives compared to false negatives: detection effort fully mediates the effect of coping adaptiveness on false positive rate (or detection accuracy related to legitimate emails), but has no impact on false negatives (or detection accuracy related to phishing emails), unlike coping adaptiveness. A post hoc analysis on coping responses reveals two patterns of coping among subjects, throwing more light on coping in phishing detection. Theoretical and practical implications are discussed.
The Impact of Workload on Phishing Susceptibility: An Experiment
Phishing is when social engineering is used to deceive a person into sharing sensitive information or downloading...