Security awareness of computer users: A phishing threat avoidance perspective

• Investigated computer users’ self-efficacy to thwarting phishing attacks.
• A theoretical model derived from Technology Threat Avoidance Theory was used.
• Conceptual and procedural knowledge blend enhanced phishing avoidance behaviour.

Phishing is an online identity theft, which aims to steal confidential information such as username, password and online banking details from its victims. To prevent this, anti-phishing education needs to be considered. Therefore, the research reported in this paper examines whether conceptual knowledge or procedural knowledge has a positive effect on computer users’ self-efficacy to thwart phishing threats. In order to accomplish this, a theoretical model based on Liang and Xue’s (2010) Technology Threat Avoidance Theory (TTAT) has been proposed and evaluated. Data was collected from 161 regular computer users to elicit their feedback through an online questionnaire. The study findings revealed that the interaction effect of conceptual and procedural knowledge positively impacts on computer users’ self-efficacy, which enhances their phishing threat avoidance behaviour. It can therefore be argued that well-designed end-user security education contributes to thwart phishing threats.