Pattinson, M.Jerram, C.Parsons, K.McCormac, A.Butavicius, M.Clarke, N.2012-08-312012-08-312012Information Management and Computer Security, 2012; 20(1):18-280968-5227http://hdl.handle.net/2440/72956PURPOSE: The purpose of this paper is to investigate the behaviour response of computer users when either phishing e-mails or genuine e-mails arrive in their inbox. The paper describes how this research was conducted and presents and discusses the findings. DESIGN/METHODOLOGY/APPROACH: This study was a scenario-based role-play experiment that involved the development of a web-based questionnaire that was only accessible by invited participants when they attended a one-hour, facilitated session in a computer laboratory. FINDINGS: The findings indicate that overall, genuine e-mails were managed better than phishing e-mails. However, informed participants managed phishing e-mails better than not-informed participants. Other findings show how familiarity with computers, cognitive impulsivity and personality traits affect behavioural responses to both types of e-mail. RESEARCH LIMITATIONS/IMPLICATIONS : This study does not claim to evaluate actual susceptibility to phishing emails. The subjects were University students and therefore the conclusions are not necessarily representative of the general population of e-mail users. PRACTICAL IMPLICATIONS: The outcomes of this research would assist management in their endeavours to improve computer user behaviour and, as a result, help to mitigate risks to their organisational information systems. ORIGINALITY/VALUE : The literature review indicates that this paper addresses a genuine gap in the research.en© Emerald Group Publishing LimitedJournal article002011820110.1108/096852212112191732-s2.0-8485865681124975Pattinson, M. [0000-0002-6129-436X]Jerram, C. [0000-0002-4884-0709]Parsons, K. [0000-0001-7040-8376]