Determinants of Phishing Risk Awareness among Thai University Academic Staff

Main Article Content

Pita Jarupunphol
Wichidtra Sudjarid
Wipawan Buathong

Abstract

Background/problem: Phishing involves deceiving individuals into disclosing sensitive information. It poses a significant threat to academic institutions, impacting their security, financial stability, reputation, and operational efficiency.


Objective/purpose: This research examined phishing risk awareness among academic staff at two Thai universities and investigated the factors influencing phishing threat awareness using the technology acceptance model (TAM).


Design and Methodology: The study’s sample comprised 400 participants, evenly distributed with 200 individuals selected from each of two universities, each employing approximately 450 academic staff members. Data were collected using an online questionnaire.


Results: The results demonstrated correlations between perceived ease of use (PEOU) and perceived usefulness (PU) (ꞵ = .52, p < .001), PEOU and attitude towards using (ATT) (ꞵ = .25, p < .001), PU and ATT
 (ꞵ = .57, p < .001), and ATT and phishing observation behavior (USE) (ꞵ = .14, p = .01). The relationship between phishing observation behavior (USE) and phishing risk awareness (PHA) was found insignificant (ꞵ = -.09, p = .20). However, the influences of perceived risk (PR) on USE (ꞵ = .15, p < .001) and PHA (ꞵ = .17, p < .001) were more pronounced.


Conclusion and Implications: This indicates that the awareness of phishing threats is more linked to the individual’s risk perception rather than direct observation of phishing incidents. This suggests that enhancing phishing risk awareness should focus on educating individuals about the risks of phishing rather than increasing the visibility of phishing attempts.

Downloads

Download data is not yet available.

Article Details

How to Cite
Jarupunphol, P., Sudjarid, W., & Buathong, W. (2024). Determinants of Phishing Risk Awareness among Thai University Academic Staff. The Journal of Behavioral Science, 19(2), 44–58. Retrieved from https://so06.tci-thaijo.org/index.php/IJBS/article/view/269175
Section
Research Articles

References

Abroshan, H., Devos, J., Poels, G., & Laermans, E. (2021). Phishing happens beyond technology: The effects of human behaviors and demographics on each step of a phishing process. IEEE Access, 9, 44928–44949. https://doi.org/10.1109/ACCESS.2021.3066383

Ajzen, I. (1991). The theory of planned behavior. Organisational Behavior and Human Decision Processes, 50(2), 179–211. https://doi.org/10.1016/0749-5978(91)90020-T

Beu, N., Jayatilaka, A., Zahedi, M., Babar, M. A., Hartley, L., Lewinsmith, W., & Baetu, I. (2023). Falling for phishing attempts: An investigation of individual differences that are associated with behavior in a naturalistic phishing simulation. Computers & Security, 131, 103313. https://doi.org/10.1016/j.cose.2023.103313

Cronbach, L. (1951). Coefficient alpha and the internal structure of tests. Psychomerika, 16, 297–334. https://doi.org/10.1007/BF02310555

Davis, F. D. (1989). Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS Quarterly, 13(3), 319–340. https://doi.org/10.2307/249008

Davis, F. D. (1993). User acceptance of information technology: System characteristics, user perceptions and behavioral impacts. International Journal of Man-Machine Studies, 38(3), 475–487. https://doi.org/10.1006/imms.1993.1022

Diaz, A., Sherman, A. T., & Joshi, A. (2020). Phishing in an academic community: A study of user susceptibility and behavior. Cryptologia, 44, 53–67. https://doi.org/10.1080/01611194.2019.1623343

Fishbein, M., & Ajzen, I. (2009). Predicting and changing behavior: The reasoned action approach. Psychology Press. https://doi.org/10.4324/9780203838020

Gavett, B. E., Zhao, R., John, S. E., Bussell, C. A., Roberts, J. R., & Yue, C. (2017). Phishing suspiciousness in older and younger adults: The role of executive functioning. PLoS ONE, 12(2), 1-16. https://doi.org/10.1371/journal.pone.0171620

Hanif, Y., & Lallie, H. S. (2021). Security factors on the intention to use mobile banking applications in the UK older generation (55+). A mixed-method study using modified UTAUT and MTAM - with perceived cyber security, risk, and trust. Technology in Society, 67, 101693. https://doi.org/10.1016/j.techsoc.2021.101693

Hillman, D., Harel, Y., & Toch, E. (2023). Evaluating organizational phishing awareness training on an enterprise scale. Computers & Security, 132, 103364. https://doi.org/10.1016/j.cose.2023.103364

Hong, X., Zhang, M., & Liu, Q. (2021). Preschool teachers’ technology acceptance during the Covid-19: An adapted technology acceptance model. Frontiers in Psychology, 12, 691492. https://doi.org/10.3389/fpsyg.2021.691492

Kasperson, J., Kasperson, R., Pidgeon, N., & Slovic, P. (2003). The social amplification of risk: Assessing fifteen years of research and theory. The Social Amplification of Risk (pp. 13–46). Cambridge University Press. https://doi.org/10.1017/CBO9780511550461.002

Khlaisang, J., Teo, T., & Huang, F. (2021). Acceptance of a flipped smart application for learning: A study among Thai university students. Interactive Learning Environments, 29(5), 772–789. https://doi.org/10.1080/10494820.2019.1612447

Lai, P. C., & Zainal, A. B. A. (2015). Perceived risk as an extension to TAM model: Consumers’ intention to use a single platform e-payment. Australian Journal of Basic and Applied Sciences, 9, 323–331. https://doi.org/10.1177/2319510X18776405

Leesa-Nguansuk, S. (2022). Thailand leads in e-shop phishing. Bangkok Post. https://www.bangkokpost.com/business/2341932/thailand-leads-in-e-shop-phishing

Musuva, P. M. W., Getao, K. W., & Chepken, C. K. (2019). A new approach to modelling the effects of cognitive processing and threat detection on phishing susceptibility. Computers in Human Behavior, 94, 154–175. https://doi.org/10.1016/j.chb.2018.12.036

Mutahar, A. M., Aldholay, A., Isaac, O., Jalal, A. N., & Kamaruddin, F. E. B. (2022). The moderating role of perceived risk in the technology acceptance model (TAM): The context of mobile banking in developing countries. In M. Al-Emran, M. A. Al-Sharafi, M. N. Al-Kabi, & K. Shaalan (Eds.), Proceedings of International conference on emerging technologies and intelligent systems (pp. 389–403). Springer. https://doi.org/10.1007/978-3-030-82616-1_34

Naagas, M. A., Mique, E. L., Palaoag, T. D., & Dela Cruz, J. S. (2018). Defense-through-deception network security model: Securing university campus network from DOS/DDOS attack. Bulletin of Electrical Engineering and Informatics, 7(4), 593–600. https://doi.org/10.11591/eei.v7i4.1349

NCSA Annual Report 2022. (2023). National cyber security agency. https://drive.ncsa.or.th/s/5pNCYTM9sQ46SZF

Orunsolu, A., Afolabi, O., Sodiya, S., & Akinwale, A. (2018). A users’ awareness study and influence of socio-demography perception of anti-phishing security tips. Acta Informatica Pragensia, 7(2), 138–151. https://doi.org/10.18267/j.aip.119

Park, E. S., & Park, M. S. (2020). Factors of the technology acceptance model for construction IT. Applied Sciences, 10(22), 8299. https://doi.org/10.3390/app10228299

Parsons, K., Delfabbro, P., Lillie, M., & Butavicius, M. (2019). Predicting susceptibility to social influence in phishing e-mails. International Journal of Human-Computer Studies, 128, 17–26. https://doi.org/10.1016/j.ijhcs.2019.02.007

Parsons, K., McCormac, A., Pattinson, M., Butavicius, M., & Jerram, C. (2013). Phishing for the truth: A scenario-based experiment of users’ behavioural response to e-mails. In L. J. Janczewski, & H. B. Wolfe, S. Shenoi (Eds.), Security and privacy protection in information processing systems, SEC 2013, Advances in information and communication technology (vol. 405). Springer. https://doi.org/10.1007/978-3-642-39218-4_27

Patterson, C. M., Nurse, J. R. C., & Franqueira, V. N. L. (2023). Learning from cyber security incidents: A systematic review and future research agenda. Computers & Security, 132, 103309. https://doi.org/10.1016/j.cose.2023.103309

R Core Team (2023). R: A language and environment for statistical computing. R Foundation for Statistical Computing. https://www.R-project.org

Rahimi, B., Nadri, H., Afshar, H. L., & Timpka, T. (2018). A systematic review of the technology acceptance model in health informatics. Applied Clinical Informatics, 9(3), 604–634. https://doi.org/10.1055/s-0038-1668091

Riantini, R. E., & Wandrial, S. (2018). Adoption of e-banking services in south Tangerang using technology acceptance model (TAM) approach. Pertanika Journal of Social Sciences & Humanities, 26(T), 161–172. http://www.pertanika.upm.edu.my/pjssh/browse/regular-issue?article=JSSH-T0718-2018

Ribeiro, L., Guedes, I. S., & Cardoso, C. S. (2024). Which factors predict susceptibility to phishing? An empirical study. Computers & Security, 136, 103558. https://doi.org/10.1016/j.cose.2023.103558

Rosseel, Y. (2012). Lavaan: An R package for structural equation modeling. Journal of Statistical Software, 48(2), 1–36. https://doi.org/10.18637/jss.v048.i02

Seuwou, P., Banissi, E., & Ubakanma, G. (2016). User acceptance of information technology: A critical review of technology acceptance models and the decision to invest in information security. In H. Jahankhani, A. Carlile, D. Emm, A. Hosseinian-Far, G. Brown, G. Sexton, & A. Jamal (Eds.), Global security, safety and sustainability—The security challenges of the connected world (pp. 230–251). Springer International Publishing. https://doi.org/10.1007/978-3-319-51064-4_19

Shi, D., Lee, T., & Maydeu-Olivares, A. (2019). Understanding the model size effect on SEM fit indices. Educational and Psychological Measurement, 79(2), 310–334. https://doi.org/10.1177/0013164418783530

Shi, D., & Maydeu-Olivares, A. (2020). The effect of estimation methods on SEM fit indices. Educational and Psychological Measurement, 80(3), 421–445. https://doi.org/10.1177/0013164419885164

Slovic, P. (1987). Perception of risk. Science, 236, 280–285. https://doi.org/10.1126/science.3563507

Tian, C., Jensen, M. L., & Durcikova, A. (2023). Phishing susceptibility across industries: The differential impact of influence techniques. Computers & Security, 135, 103487. https://doi.org/10.1016/j.cose.2023.103487

Tuah, N. M., Yoag, A., Nizam, D. M., & Chin, C. W. (2022). A dashboard-based system to manage and monitor the progression of undergraduate IT degree final year projects. Pertanika Journal of Science and Technology, 30(1), 235–256. https://doi.org/10.47836/pjst.30.1.13

Vandebos, G. (2015). APA dictionary of psychology (2nd ed.). American Psychological Association.

Venkatesh, V., Thong, J. Y. L., & Xu, X. (2016). Unified theory of acceptance and use of technology: A synthesis and the road ahead. Journal of the Association for Information Systems, 17(5), 328–376. https://doi.org/10.17705/1jais.00428

Vukovic, M., Pivac, S., & Kundid, D. (2019). Technology acceptance model for the Internet banking acceptance in Split. Business Systems Research, 10(2), 124–140. https://doi.org/10.2478/bsrj-2019-022

Yamane, T. (1973). Statistics: An introductory analysis (3rd ed.). Harper and Row.