Document Type : Articles


1 Arba Minch University

2 Ethiopian Civil Service University


Despite Emails and websites being widely used for communication, collaboration, and day-to-day activity, not all online users have the same knowledge and skills when determining the credibility of visited websites and email content. As a result, phishing, an identity theft cyber-attack that targets humans rather than computers, was born to harvest internet users' confidential information by taking advantage of human behavior and hurting an organization's continuity, reputation, and credibility. Because the success of phishing attacks depends on human behavior, using the Health-Belief Model, the study's objective is to examine significant factors that influence online users' security behavior in the context of Email and website-based phishing attacks. The model included eight predictor variables and was validated using quantitative data from 138 academic staff. The study findings exhibit that 4 out of 8 predictor variables, namely Perceived-Barriers, Perceived-Susceptibility, Self-efficacy, and Security-Awareness, are statistically significant in determining users' security behavior. The study's outcome is to assist in the appropriate design of both online and offline content for cyber security awareness programs, focusing on Email and website-based phishing attacks.


Arachchilage, N. A. G. & Love, S. (2014). Security awareness of computer users: A phishing threat avoidance perspective. Computers in Human Behavior, 38, 304-312.
Baadel, S. & Lu, J. (2019). Data Analytics: Intelligent Anti-Phishing Techniques Based on Machine Learning. Journal of Information and Knowledge Management, 18(1),1-20.
Chen, M., Wang, R., Schneider, J. K., Tsai, C., Jiang, D. D., Hung, M. & Lin, L. (2011). Using the health belief model to understand caregiver factors influencing childhood influenza vaccinations. Journal of Community Health Nursing, 28(1), 29–40.
Claar, C. L. (2011). The adoption of computer security: An analysis of home personal computer user behavior using the health belief model. Utah State University. Retrieved from
Collett, D. (1991) Modelling Binary Data. Texts in Statistical Science Series, Chapman and Hall, London
Cronbach, L. J. & Meehl, P. E. (1955). Construct validity in psychological test. Psychological Bulletin, 52, 281–302.
Edwards, K. (2015). Examining the security awareness, information privacy, and the security behaviors of home computer users. Doctoral dissertation, Nova Southeastern University. Retrieved from
EUC (2020). Survey on scams and fraud experienced by consumers. European Union Commission Fact Sheet, 1-47.
Fagerland, M. W. & Hosmer, D. W. (2017). How to test for goodness of fit in ordinal logistic regression models. Stata Journal, 17(3), 668–686.
Frauenstein, E. D. (2014). A framework to mitigate phishing threats. Doctoral Dissertation, Nelson Mandela Metropolitan University, 1- 262. Retrieved from
Hair, J. F., Hult, G. T. M., Ringle, C. M. & Sarstedt, M. (2017). A Primer on Partial Least Squares Structural Equation Modeling (PLS-SEM). New York: Sage Publications, 1-390.
Kathrine, G. J. W., Praise, P. M., Rose, A. A. & Kalaivani, E. C. (2019). Variants of phishing attacks and their detection techniques. In Proceedings of the International Conference on Trends in Electronics and Informatics, ICOEI 2019, 255–259.
Kirlappos, I. & Sasse, M. A. (2012). Security Education against Phishing: A Modest Proposal for a Major Rethink. IEEE Security & Privacy Magazine, 10(2), 24–32.
Krol, K., Moroz, M. & Sasse, M. A. (2012). Don't work. Can't work? Why it's time to rethink security warnings. In  Seventh International Conference on Risks and Security of Internet and Systems (CRiSIS).
Li, L., Xu, L., He, W., Chen, Y. & Chen, H. (2016). Cyber Security Awareness and Its Impact on Employee's Behavior. In 10th International Conference on Research and Practical Issues of  Enterprise Information Systems (CONFENIS), Vienna, Austria, 103-111. Retrieved from
Ng, B., Kankanhalli, A. & Xu, Y. (2009). Studying users' computer security behavior: A health belief perspective. Decision Support Systems, 46, 815-825.
Patil, S. & Dhage, S. (2019). A methodical overview on phishing detection along with an organized way to construct an anti-phishing framework. In Fifth International Conference on Advanced Computing & Communication Systems (ICACCS) (pp. 588-593). IEEE.
Pharris, L. J. (2019). Social engineering: How US businesses strengthen the weakest link against cybersecurity threats. Liberty University, 1-216. Retrieved from
PhishLabs. (2019). 2019 Phishing Trends and Intelligence Report: The Growing Social Engineering Threat. PhishLabs, Annual Report, 1-30. Retrieved from
PhishMe. (2016). Q1 2016 Malware Review.  PhishMe Intelligence, 2016 1st Quarter Active Threat Reports, 1–15. Retrieved from
Proofpoint (2020). State of the Phish: An in-depth look at user awareness, vulnerability and resilience, Annual Report, 1-48.
Rea, L. M. & Parker, R. A. (2005). Designing & Conducting Survey Research: A Comprehensive Guide (3rd ed.). Hoboken, NJ: John Wiley & Sons, Inc.
Rosenstock, I. M. (1974). The Health Belief Model and Preventive Health Behavior. Health Education Monographs, 2(4), 354–386.
Schneier. B. (2000). Semantic Attacks: The Third Wave of Network Attacks. Crypto-Gram Newsletter. Retrieved from
Smith, H. J., Milberg, S. J. & Burke, S. J. (1996). Information privacy: Measuring individuals' concerns about organizational practices. MIS Quarterly: Management Information Systems, 20(2), 167–195.
Son, J. Y. & Kim, S. S. (2008). Internet users' information privacy-protective responses: A Taxonomy and a nomological model. MIS Quarterly: Management Information Systems, 32(3), 503–529.
Triwidyati, H. & Tentama, F. (2020). Validity and Reliability Construct of Subjective Well-being Scale. International Journal of Sciences: Basic and Applied Research, 51(2), 191–200. Retrieved from
Williams, C. K., Madupalli, R., Karahanna, E. & Duncan, B.K. (2014). Explaining Users' Security Behaviors with the Security Belief Model. Journal of Organizational and End User Computing, 26(3), 23-46.
Williams, E. J., Hinds, J. & Joinson, A. N. (2018). Exploring susceptibility to phishing in the workplace. International Journal of Human Computer Studies, 120, 1–13.