Stilwell, Angus2024-07-052024-07-052022https://hdl.handle.net/2440/141534This item is only available electronically.Over recent years, an increase in cybersecurity breaches via SMS scams, or "smishing'; an SMS containing a malicious link or file (ACCC, 2022) has occurred. Despite data breaches often involving some form of human error, limited research has investigated human and behavioural aspects of smishing detection. Therefore, this study examined individuals' SMS scam detection, by investigating what features are used to evaluate their legitimacy. The study also examined the extent to which legitimacy assessments are affected by key external and individual difference factors; time pressure and participants' Information Security Awareness (ISA). Participants rated the legitimacy of SMS stimuli under either Fast (seven seconds) or Slow (21 seconds) stimulus presentation duration conditions. SMS stimuli varied in Sender legitimacy, Grammatical errors, and URL legitimacy. Participants also completed the Human Aspects of Information Security Questionnaire (HAIS-Q) (Parson's et al., 2017) to measure their ISA, and were divided into High versus Low ISA groups. Results indicated that people are sensitive to Sender legitimacy, Grammatical errors, and URL legitimacy, with Sender and Grammar altering the effect of URL. Additionally, time pressure increased legitimacy perception of scam and legitimate stimuli, and high ISA improved sensitivity in stimuli containing all scam features. Overall, this study contributes to the smishing literature by providing insight into how features, ISA and time pressure affect smishing detection. These results have implications in a literature, organisational, and public setting, of which may help to provide a safer mobile phone cyber-environment. Keywords: Smishing; scams; features; information security awareness; dual-process theory; heuristicsHonours; PsychologyThesis