The Moderating Role of Thoughtfully Reflective Decision-Making on the Relationship between Information Security Messages and SMiShing Victimization: An Experiment

Security messages, as a form of information security awareness training, are designed to encourage individuals to make an informed security decision, reducing their susceptibility to online victimization. To date, no known study has assessed the effectiveness of security messages or whether the effectiveness of these messages varies based on the recipients' characteristics. Using a randomized controlled trial, this study tests the efficacy of security messages on reducing SMiShing victimization, then assesses whether thoughtfully reflective decision-making (TRDM) moderates the effect of these messages on victimization by launching simulated attacks against participants of the study. Findings reveal that neither security messages nor TRDM directly affect SMiShing victimization. However, security messages effectively prevent victimization when the message recipient has higher TRDM levels. The interaction between TRDM and security messages demonstrates the relevance of criminological theory and the importance of interdisciplinary scholarship in understanding how human behavior influences the effectiveness of cybersecurity practices.