Fake-website detection tools: Identifying elements that promote individuals’ use and enhance their performance

Journal of the Association for Information Systems

Volumn 16, Issue 6, 2015, Pages 448-484

  Zahedi, Fatemeh Mariam ^a,d,f   Abbasi, Ahmed ^b,e   Chen, Yan ^c,f  

^a UNIVERSITY OF WISCONSIN   (United States)

^b UNIVERSITY OF VIRGINIA   (United States)

^c AUBURN UNIVERSITY AT MONTGOMERY   (United States)

^d INDIANA UNIVERSITY   (United States)

^e UNIVERSITY OF ARIZONA   (United States)

^f UNIVERSITY OF WISCONSIN MILWAUKEE   (United States)

Author keywords

Concocted Websites; Detection Tool; Experimental Design; Protection Motivation Theory; Protective IT Artifact; Spoofed Websites

Indexed keywords

DESIGN OF EXPERIMENTS; INSPECTION EQUIPMENT; MOTIVATION; STATISTICS; TENSORS;

COPING MECHANISMS; DETECTION TOOLS; ON-LINE SECURITIES; ONLINE PHARMACIES; PROTECTION MOTIVATION THEORY; PROTECTIVE IT ARTIFACT; RESEARCH METHODS; SECURITY THREATS;

WEBSITES;

EID: 84932163324     PISSN: 15369323     EISSN: 15583457     Source Type: Journal    
DOI: 10.17705/1jais.00399     Document Type: Article

References (129)

1. Abbasi, A., & Chen, H. (2009a). A comparison of tools for detecting fake websites. IEEE Computer, 42(10), 78-86.
2. Abbasi, A., & Chen, H. (2009b). A comparison of fraud cues and classification methods for fake escrow website detection. Information Technology and Management, 10(2), 83-101.
3. Abbasi, A., Zhang, Z., Zimbra, D., Chen, H., & Nunamaker, J. F., Jr. (2010). Detecting fake websites: The contribution of statistical learning theory. MIS Quarterly, 34(3), 435-461.
4. Abbasi, A., Zahedi, F. M., Kaza, S. (2012). Detecting fake medical websites using recursive trust labeling. ACM Transactions on Information Systems, 30(4), 1-36.
5. Abu-Nimeh, S., Nappa, D., Wang, X., & Nair, S. (2007). A comparison of machine learning techniques for phishing detection. In Proceedings of the Anti-Phishing Working Groups 2nd Annual Ecrime Researchers Summit (Pp. 60-69).
6. Adipat, B., Zhang, D., & Zhou, L. (2011). The effects of tree-view based presentation adaptation on mobile Web browsing. MIS Quarterly, 35(1), 99-122.
7. Airoldi, E., & Malin, B. (2004). Data mining challenges for electronic safety: The case of fraudulent intent detection in e-mails. Paper presented at the Workshop on Privacy and Security Aspects of Data Mining.
8. Akhawe, D., & Felt, A. P. (2013). Alice in warningland: A large-scale field study of browser security warning effectiveness. In Proceedings of the 22nd USENIX Security Symposium.
9. An, B. (2010). 14 arrested for making, selling fake drugs via bogus military medical websites. Xinhua Net. Retrieved from http://big5.xinhuanet.com/gate/big5/news.xinhuanet.com/ english2010/china/2010-02/05/c_13165317.htm
10. Anderson, C. L., & Agarwal, R. (2010). Practicing safe computing: A multimethod empirical examination of home computer user security behavioral intentions. MIS Quarterly, 34(3), 613-643.
11. Anderson, J., & Gerbing, D. (1982). Some methods for respecifying measurement models to obtain unidimensional construct measurement. Journal of Marketing Research, 19(4), 453-460.
12. Angst, C. M., & Agarwal R. (2009). Adoption of electronic health records in the presence of privacy concerns: The elaboration likelihood model and individual persuasion. MIS Quarterly, 33(2), 339-370.
13. Armin, J. (2010). Internet drug rings and their “killer” online pharmacies. Internet Evolution. Retrieved from http://www.internetevolution.com/author.asp?section_id=717&doc_id=191640
14. Bagozzi, R. P. (2011). Measurement and meaning in information systems and organizational research: Methodological and philosophical foundations. MIS Quarterly, 35(2), 261-292.
15. Bandura, A. (1982). Self-efficacy mechanism in human agency. American Psychologist, 37(2), 122-147.
16. Bandura, A. (1997). Self-efficacy: The exercise of control. New York: Macmillan.
17. Bandura, A., Adams, N. E., & Beyer, J. (1977). Cognitive processes mediating behavioral change. Journal of Personality and Social Psychology, 35(3), 125-139.
18. Bansal, G., Zahedi, F. M., & Gefen, D. (2010). The impact of personal dispositions on information sensitivity, privacy concern and trust in disclosing health information online. Decision Support Systems, 49(2), 138-150.
19. Bansal, G., Zahedi, F. M., & Gefen, D. (2008). The moderating influence of privacy concern on the efficacy of privacy assurance mechanisms for building trust: A multiple-context investigation. In Proceedings of 29th International Conference on Information Systems.
20. Basagiannis, S., Katsaros, P., Pombortsis, A., & Alexiou, N. (2009). Probabilistic model checking for the quantification of DoS security threats. Computer and Security, 28(6), 450-465.
21. Bentler, P. M. (1992). On the fit of models to covariances and methodology to the bulletin. Psychological Bulletin, 112(3), 400-404.
22. Bentler P. M., & Bonnett, D.G. (1980). Significance tests and goodness of fit in the analysis of covariance structures. Psychological Bulletin, 88(3), 588-606.
23. Biros, D. P, George, J. F., & Zmud, R. W. (2002). Inducing sensitivity to deception in order to improve decision making performance: A field study. MIS Quarterly, 26(2), 119-144.
24. Bliss, J. P., Gilson, R. D., & Deaton, J. E. (1995). Human probability matching behavior in response to alarms of varying reliability. Ergonomics, 38(11), 2300-2312.
25. Boudreau, M.-C., Gefen, D., & Straub, D. W. (2001). Validation in information systems research: A state-of-the-art assessment. MIS Quarterly, 25(1), 1-16.
26. Bravo-Lillo, C., Cranor, L. F., Downs, J. S., & Komanduri, S. (2011). Bridging the gap in computer security warnings: A mental model approach. IEEE Security and Privacy, 9(2), 18-26.
27. Browne, M. W., & Cudeck, R. (1993). Alternative ways of assessing model fit. In K. A. Bollen & J. S. Long (Eds.), Testing structural equation models (pp. 445-455). Newbury Park, CA: Sage.
28. Camp, L. J. (2009). Mental models of privacy and security. IEEE Technology and Society Magazine, 28(3), 37-46.
29. Cavusoglu, H., Mishra, B., & Raghunathan, S. (2005). The value of intrusion detection systems in information technology security architecture. Information Systems Research, 16(1), 28-46.
30. Center for Disease Control. (2010). Prescription drug use continues to increase: U.S. prescription drug data for 2007-2008 (NCHS Data Brief No. 42).
31. Chen, Y., & Zahedi, F. M. (2009). Internet users’ security behaviors and trust. In Proceedings of the Pre-ICIS Workshop on Information Security and Privacy.
32. Chen, Y., Zahedi, M., & Abbasi, A. (2011). Interface design elements for anti-phishing systems. In H. Jain, A. P. Sinha, & P. Vitharana (Eds.), Service-oriented perspectives in design science research (Vol. 6629, pp. 253-265). Berlin: Springer-Verlag.
33. Chen, Z., Zhang, X., Leung, K., & Zhou, F. (2010). Exploring the interactive effect of time control and justice perception on job attitudes. The Journal of Social Psychology, 150(2), 181-197.
34. Chin W.W., Johnson, N., & Schwarz, A. (2008). A fast form approach to measuring technology acceptance and other constructs. MIS Quarterly, 32(4), 687-703.
35. Chou, N., Ledesma, R., Teraguchi, Y., Boneh, D., & Mitchell, J. C. (2004). Client-side defense against Web-based identity theft. In Proceedings of the Network and Distributed System Security Symposium.
36. Chua, C. E. H., & Wareham, J. (2004). Fighting Internet auction fraud: An assessment and proposal. IEEE Computer, 37(10), 31-37.
37. Cranor, L. F. (2008). A framework for reasoning about the human in the loop. In Proceedings of the 1st Conference on Usability, Psychology, and Security (pp. 1-15).
38. Compeau, D. R., & Higgins, C. A. (1995). Computer self-efficacy: Development of a measure and initial test. MIS Quarterly, 9(2), 189-211.
39. Davis, F. (1989). Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS Quarterly, 13(3), 319-340.
40. DePaulo, B. M., Stone, J. I., & Lassiter, G. D. (1985). Deceiving and Detecting Deceit. In B. R. Schlenker (Ed.), The self and social life, New York, NY: McGraw-Hill Book Company.
41. Dhamija, R., Tygar, J. D., & Hearst, M. (2006). Why phishing works. In Proceedings of the ACM Conference on Computer Human Interaction (pp. 581-590).
42. Dinev, T. (2006). Why spoofing is serious internet fraud. Communications of the ACM, 49(10), 76-82.
43. Dinev, T., & Hu, Q. (2007). The centrality of awareness in the formation of user behavioral intention toward protective information technologies. Journal of AIS, 8(7), 386-408.
44. Downs, J. S., Holbrook, M. B., & Cranor, L. F. (2006). Decision strategies and susceptibility to phishing. In Proceedings of the Second Symposium on Usable Privacy and Security (pp. 79-90).
45. Downs, J. S., Holbrook, M., & Cranor, L. F. (2007). Behavioral response to phishing risk. In Proceedings of the ACM Anti-Phishing Working Groups 2nd Annual Ecrime Researchers Summit (pp. 37-44).
46. Easton, G. (2007). Clicking for pills. British Medical Journal, 334(7583), 14-15.
47. Edworthy, J. (1997). Cognitive compatibility and warning design. International Journal of Cognitive Ergonomics, 1(3), 193-209.
48. Egelman, S., Cranor, L. F., & Hong, J. (2008). You've been warned: An empirical study of the effectiveness of Web browser phishing warnings. In Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems (pp. 1065-1074).
49. Floyd, D. L., Prentice-Dunn, S., & Rogers, R. W. (2000). A meta-analysis of research on protection motivation theory. Journal of Applied Social Psychology, 30(2), 407-429.
50. Fornell, C., & Larcker, D. F. (1981). Evaluating structural equation models with unobservable variables and measurement error. Journal of Marketing Research, 18(1), 39-50.
51. Francis-Smythe, J. A., & Robertson, I. T. (2003). The importance of time congruity in the organization. Applied Psychology, 52(2), 298-321.
52. Gartner. (2011). Magic quadrant for web fraud detection.
53. Gefen, D., Straub, D. W., & Boudreau, M.-C. (2000). Structural equation modeling and regression: Guidelines for research practice. Communications of the Association for Information Systems, 4, 1-79.
54. Grazioli, S., & Jarvenpaa, S. L. (2000). Perils of internet fraud: An empirical investigation of deception and trust with experienced internet consumers. IEEE Transactions on Systems, Man, and Cybernetics: Part A, 20(4), 395-410.
55. Grazioli, S., & Jarvenpaa, S. L. (2003). Consumer and business deception on the Internet: Content analysis of documentary evidence. International Journal of Electronic Commerce, 7(4), 93-118.
56. Greenberg, A. (2008). Pharma’s black market boom. Forbes.com.
57. Gyongyi, Z., & Garcia-Molina, H. (2005). Spam: It’s not just for inboxes anymore. IEEE Computer, 38(10), 28-34.
58. Herzberg, A., & Jbara, A. (2008). Security and identification indicators for browsers against spoofing and phishing attacks. ACM Transactions on Internet Technology, 8(4), 1-36.
59. Hong, W., Chan, F. Y. K., Thong, J. Y. L., Chasalow, L. C., & Dhillon, G. (2014). A framework and guidelines for context-specific theorizing in information systems research. Information Systems Research, 35(1), 111-136.
60. Hu, L., & Bentler, P. M. (1999). Cut-off criteria for fit indexes in covariance matrix analysis: Conventional criteria versus new alternatives. Structural Equation Modeling, 6(1), 1-55.
61. Hung, S. Y. (2003). Expert versus novice use of the executive support systems: An empirical study. Information and Management, 40(3), 177-189.
62. Igbaria, M., Zinatelli, N., Cragg, P., & Cavaye A. L. M. (1997). Personal computing acceptance factors in small firms: A structural equation model. MIS Quarterly, 21(3), 279-302.
63. Jagatic, T. N., Johnson, N. A., Jakobsson, N., & Menczer, F. (2007). Social Phishing. Communications of the ACM, 50(10), 94-100.
64. Javelin Strategy. (2014). 2014 identity fraud report: Card data breaches and inadequate consumer password habits fuel disturbing fraud trends. Retrieved from https://www.javelinstrategy.com/brochure/314
65. Johns, G. (2006). The essential impact of context on organizational behavior. Academy of Management Review, 31(2), 386-408.
66. Johnson, P. E., Grazioli, S., Jamal, K., & Berryman, G. (2001). Detecting deception: Adversarial problem solving in a low base rate world. Cognitive Science, 25(3), 355-392.
67. Johnston, A. C., & Warkentin, M. (2010). Fear appeals and information security behaviors: An empirical study. MIS Quarterly, 34(3), 549-566.
68. Jonsson, I.-M., Harris, H., & Nass, C. (2008). How accurate must an in-car information system be? Consequences of accurate and inaccurate information in cars. In Proceeding of the 26th Annual SIGCHI Conference on Human Factors in Computing Systems (pp. 1665-1674).
69. Kramer, J., Noronha, S., & Vergo, J. (2000). A user-centered design approach to personalization. Communications of the ACM, 43(8), 45-48.
70. Krebs, B. (2005). Few online “Canadian pharmacies” based in Canada, FDA says. WashingtonPost.com.
71. Kumaraguru, P. (2009). A system for educating users about semantic attacks (Doctoral Dissertation). Carnegie Mellon University.
72. Kumaraguru, P., Sheng, S., Aquisti, A., Cranor, L. F., & Hong, J. (2010). Teaching Johnny not to fall for phish. ACM Transactions on Internet Technology, 10(2), 1-31.
73. Li, L., & Helenius, M. (2007). Usability evaluation of anti-phishing toolbars. Journal in Computer Virology, 3(2), 163-184.
74. Lam, C. Y., & Lee, M. K. O. (2006). Digital inclusiveness—longitudinal study of internet adoption by older adults. Journal of Management Information Systems, 22(4), 177-306.
75. Lau, R. Y. K., Liao, S. Y., Kwok, R. C., Xu, K., Xia, Y., & Li, Y. (2011). Text mining and probabilistic language modeling for online review spam detection. ACM Transactions on MIS, 2(4), 1-25.
76. Lee, W., Fan, W., Miller, M., Stolfo, S., & Zadok, E. (2002). Toward cost-sensitive modeling for intrusion detection and response. Journal of Computer Security, 10(1/2), 5-22.
77. Lennon, M. (2011). Cisco: Targeted attacks cost organizations $1.29 billion annually. Security Week.
78. Leonard, L. N. K., & Cronan, T. P. (2001). Illegal, inappropriate, and unethical behavior in an information technology context: A study to explain influences. Journal of the Association for Information Systems, 1(12), 1-31.
79. Liang, H., & Xue, Y. (2009). Avoidance of information technology threats: A theoretical perspective. MIS Quarterly, 33(1), 71-90.
80. Liang, H., & Xue, Y. (2010). Understanding security behaviors in personal computer usage: A threat avoidance perspective. Journal of the Association for Information Systems, 11(7), 394-413.
81. Macan, T. H. (1994). Time management: Test of a process model. Journal of Applied Psychology, 79, 381-391.
82. Malhotra, N. K., Kim, S. S., & Agarwal, J. (2004). Internet users’ information privacy concern (IUIPC): The construct, the scale, and a causal model. Information Systems Research, 15(4), 336-355.
83. Maris, D. (2012). Who is popping all those pills? Forbes Magazine.
84. Marks, R., & Allegrante, J. P. (2005). A review and synthesis of research evidence for self-efficacy-enhancing interventions for reducing chronic disability: Implications for health education practice (part II). Health Promotion Practice, 6(2), 148-156.
85. McAfee. (2011a). Guide to online banking safety for carefree, confident, and conservative customers. Retrieved from https://blogs.mcafee.com/consumer/guide-to-online-banking-safety
86. McAfee. (2011b). McAfee threats report: Fourth quarter 2010. Retrieved from http://www.mcafee.com /us/about/news/2011/q1/20110208-01.aspx
87. McKnight, D. H., Choudhury, V., & Kacmar, C. (2002). Developing and validating trust measures for e-commerce: An integrative typology. Information Systems Research, 13(3), 334-359.
88. Milne, S., Sheeran, P., & Orbell, S. (2000). Prediction and intervention in health-related behavior: A meta-analytic review of protection motivation theory. Journal of Applied Social Psychology, 30(1), 106-143.
89. Moore, G. C., & Benbasat, I. (1991). Development of an instrument to measure the perceptions of adopting an information technology innovation. Information Systems Research, 2(3), 192-222.
90. Muthén, B. O., & Muthén, L. (2003). The comprehensive modeling program for applied researchers user guide. Los Angeles, CA: Muthén & Muthén.
91. Nunnally, J. (1978). Psychometric theory. New York: McGraw-Hill.
92. Orizio, G., Merla, A., Schulz, P. J., & Gelatti, U. (2011). Quality of online pharmacies and websites selling prescription drugs: A systematic review. Journal of Medical Internet Research, 13(3), e74.
93. Parasuraman, R., & Miller, C. A. (2004). Trust and etiquette in high-criticality automated systems. Communications of the ACM, 47(4), 51-55.
94. Pavlou, P. A., & Fygenson, M. (2006). Understanding and predicting electronic commerce adoption: An extension of the theory of planned behavior. MIS Quarterly, 30(1), 115-143.
95. Podsakoff, P. M., MacKenzie, S. B., & Lee, J.-Y. (2003). Common method biases in behavioral research: A critical review of the literature and recommended remedies. Journal of Applied Psychology, 88(5), 879-903.
96. Ramzan, Z., & Wuest, C. (2007). Phishing attacks: Analyzing trends in 2006. In Proceedings of the 4th Conference on Email and Anti-Spam.
97. Rice, S. (2009). Examining single- and multiple-process theories of trust in automation. The Journal of General Psychology, 136(3), 303-319.
98. Rippetoe, P. A., & Rogers, R. W. (1987). Effects of components of protection-motivation theory on adaptive and maladaptive coping with a health threat. Journal of Personality and Social Psychology, 52(3), 596-604.
99. Rogers, R. W. (1975). A protection motivation theory of fear appeals and attitude change. Journal of Psychology, 91, 93-114.
100. Rogers, R. W. (1983). Cognitive and psychological processes in fear appeals and attitude change: A revised theory of protected motivation. In J. T. Cacioppo & R. E. Petty (Eds.), Social psychophysiology: A source book. New York, NY: The Guilford Press.
101. Rovira, E., McGarry, K., & Parasuraman, R. (2002). Effects of unreliable automation on decision making in command and control. In Human Factors and Ergonomics Society Annual Meeting Proceedings (pp. 428-432).
102. SAP. (2013). The mobile consumer insights on global trends impacting mobile momentum and customer engagement. Retrieved from http://www.sap.com/pc/tech/mobile /featured/offers/mobile-consumer-behaivor-report.html
103. Schneier, B. (2000). Semantic network attacks. Communications of the ACM, 43(12), 168.
104. Segars, A. H. (1997). Assessing the unidimensionality of measurement: A paradigm and illustration within the context of information systems research. Omega, 25(1), 107-121.
105. Smerecnik, C. M. R., Mesters, I., de Vries, N. K., & de Vries, H. (2009). Alerting the general population to genetic risks: The value of health messages communicating the existence of genetic risk factors for public health promotion. Health Psychology, 28(6), 734-745.
106. Song, J., & Zahedi, F. M. (2005). A theoretical approach to Web design in e-commerce: A belief reinforcement model. Management Science, 51(8), 1219-1235.
107. Straub, D. W. (1989). Validating instruments in MIS research. MIS Quarterly, 13(2), 147-169.
108. Straub, D., Boudreau, M.-C., & Gefen, D. (2004). Validation guidelines for IS positivist research. Communication of AIS, 13, 380-426.
109. Straub, D. W., Limayem, M., & Karahanna E. (1995). Measuring system usage: Implications for IS theory testing. Management Science, 41(8), 1328-1342.
110. Straub, D. W., & Welke, R. J. (1998). Coping with systems risk: Security planning models for management decision making. MIS Quarterly, 22(4), 441-469.
111. Strecher, V. J., DeVellis, B. M., Becker, M. H., & Rosenstock, I. M. (1986). The role of self-efficacy in achieving health behavior change. Health Education Quarterly, 13(1), 73-91.
112. Sturges, J. W., & Rogers, R. W. (1996). Preventive health psychology from a developmental perspective: An extension of protection motivation theory. Health Psychology, 15(3), 158-166.
113. Sunshine, J., Egelman, S., Almuhimedi, H., Atri, N., & Cranor, L. F. (2009). Crying wolf: An empirical study of SSL warning effectiveness. In Proceedings of the 18th USENIX Security Symposium.
114. Vance, A., Elie-Dit-Cosaque, C., & Straub, D. W. (2008). Examining trust in information technology artifacts: The effects of system quality and culture. Journal of Management Information Systems, 24(4), 73-100.
115. Vaughan-Nichols, S. J. (2011). Internet Explorer gains Web browser market share from Firefox. ZDNet. Retrieved from http://www.zdnet.com/blog/networking/internet-explorer-gains-web-browser-market-share-from-firefox/743
116. Venkatesh, V., Morris, M., Davis, G., & Davis, F. (2003). User acceptance of information technology: Toward a unified view. MIS Quarterly, 27(3), 425-478.
117. Virta, J. L., Jacobson, S. H., & Kobza, J. E. (2003). Analyzing the cost of screening selectee and non-selectee baggage. Risk Analysis, 23(5), 897-907.
118. Weinstein, N. D. (1988). The precaution adoption process. Health Psychology, 7(4), 355-386.
119. Whetten, D. A. (2009). An examination of the interface between context and theory applied to the study of Chinese organizations. Management and Organization Review, 5(1), 29-55.
120. Whetten, D. A., Felin, T., & King, B. G. (2009). The practice of theory borrowing in organizational studies: Current issues and future directions. Journal of Management, 35(3), 537-563.
121. White, R. W., & Horvitz, E. (2009). CyberChondria: Studies of the escalation of medical concerns in Web search. ACM Transactions on Information Systems, 27(4), 1-37.
122. Willis, P. (2009). Fake anti-virus software catches 43 million users’ credit cards. Digital Journal. Retrieved from www.digitaljournal.com/article/280746
123. Witte K., Cameron, K. A., McKeon, J. K., & Berkowitz, J. M. (1996). Predicting risk behaviors: Development and validation of a diagnostic scale. Journal of Health Communication, 1(4), p317-342.
124. Wu, M., Miller, R. C., & Garfunkel, S. L. (2006). Do security toolbars actually prevent phishing attacks? In Proceedings of the Conference on Human Factors in Computing Systems (pp. 601-610).
125. Xiang, G., Hong, J., Rose, C. P., & Cranor, L. (2011). Cantina+: A feature-rich machine learning framework for detecting phishing web sites. ACM Transactions on Information and System Security, 14(2).
126. Xiao, B., & Benbasat, I. (2011). Product-related deception in e-commerce: A theoretical perspective. MIS Quarterly, 35(1), 169-196.
127. Yue, W. T., & Çakanyildirim, M. (2007). Intrusion prevention in information systems: Reactive and proactive responses. Journal of Management Information Systems, 24(1), 329-353.
128. Zahedi, F. M., & Song, J. (2008). Dynamics of trust revision: Using health infomediaries. Journal of Management Information Systems, 24(4), 225-248.
129. Zhang, Y., Egelman, S., Cranor, L., & Hong, J. (2007). Phinding phish: Evaluating anti-phishing tools. In Proceedings of the 14th Annual Network and Distributed System Security Symposium.