This paper aims to investigate the influence of message involvement, suspicion and phishing awareness on users’ susceptibility to phishing attacks through the theoretical lens of the truth-default theory.
An online scenario-based survey was conducted, simulating an employment search scenario. Data drawn from some 232 users are analyzed using moderated mediation analysis.
This study revealed that message involvement increases users’ susceptibility to phishing. However, suspicion partially counteracts the influence of message involvement. Moreover, phishing awareness plays a dual role. While it deters users from responding, it also makes knowledgeable users less vigilant against messages perceived to be personally appealing.
This paper contributes to the literature on information security behavior by examining factors that affect user susceptibility. Additionally, education and training programs can use insights from this paper to develop actionable behaviors that foster vigilant online practices.
To the best of the authors’ knowledge, this paper is among the first to investigate how message involvement and suspicion jointly shape phishing susceptibility, ascertaining whether and why message involvement is a salient psychological weakness. It examines the indirect moderating effect of phishing awareness. This provides insights for explaining the inconsistent findings of previous studies that focus on the direct relationship between awareness and susceptibility.
