Purpose ‐ The purpose of this paper is to investigate the behaviour response of computer users when either phishing e-mails or genuine e-mails arrive in their inbox. The paper describes how this research was conducted and presents and discusses the findings. Design/methodology/approach
‐ This study was a scenario-based role-play experiment that involved the development of a web-based questionnaire that was only accessible by invited participants when they attended a one-hour, facilitated session in a computer laboratory. Findings ‐ The findings indicate
that overall, genuine e-mails were managed better than phishing e-mails. However, informed participants managed phishing e-mails better than not-informed participants. Other findings show how familiarity with computers, cognitive impulsivity and personality traits affect behavioural responses
to both types of e-mail. Research limitations/implications ‐ This study does not claim to evaluate actual susceptibility to phishing emails. The subjects were University students and therefore the conclusions are not necessarily representative of the general population of e-mail
users. Practical implications ‐ The outcomes of this research would assist management in their endeavours to improve computer user behaviour and, as a result, help to mitigate risks to their organisational information systems. Originality/value ‐ The literature
review indicates that this paper addresses a genuine gap in the research.