{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,25]],"date-time":"2026-04-25T03:24:30Z","timestamp":1777087470911,"version":"3.51.4"},"reference-count":52,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2025,1,28]],"date-time":"2025-01-28T00:00:00Z","timestamp":1738022400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["SIGMIS Database"],"published-print":{"date-parts":[[2025,2]]},"abstract":"<jats:p>In recent years, organizations have been incorporating gamification elements and techniques into security compliance training, and research has shown positive outcomes resulting from using gamification in security compliance training. However, research has focused on training using game elements within one-time (or periodic) dedicated training sessions, where training occurs outside an employee's regular work context. Consequently, even if gamified, this ''away from the actual job'' approach may limit the ability to readily draw on earlier training and stay vigilant against phishing attacks once he\/she returns to normal job duties. Contrasted with the approach used in prior research, this study proposes mixing gamified security training with the reality of day-to-day work activities, which we call quasi-mixed reality in gamified security training. Specifically, the security training proposed in this study is a several-week-long program that takes place in employees' regular work context while they perform their everyday job tasks. In a randomized field experiment, we find that employees who were randomly assigned to experience quasi-mixed reality in gamified phishing training performed better in detecting and avoiding phishing attacks than those who were assigned to a control group. In addition, we propose and articulate mindfulness of phishing as a psychological mechanism and develop a path model based on mindfulness of phishing to provide insights into how the quasi-mixed reality gamified phishing training improves employee behavior regarding phishing detection and avoidance.<\/jats:p>","DOI":"10.1145\/3715966.3715971","type":"journal-article","created":{"date-parts":[[2025,1,28]],"date-time":"2025-01-28T23:20:40Z","timestamp":1738106440000},"page":"61-78","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Nothing Like the Real Thing! A Randomized Field Experiment of Quasi-Mixed Reality Gamified Phishing Training"],"prefix":"10.1145","volume":"56","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9849-2466","authenticated-orcid":false,"given":"Jong Seok","family":"Lee","sequence":"first","affiliation":[{"name":"Accounting and Information Management, The University of Tennessee, Knoxville, Knoxville, TN, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0003-5599","authenticated-orcid":false,"given":"William J.","family":"Kettinger","sequence":"additional","affiliation":[{"name":"Management, Clemson University, Clemson, SC, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-5061-3580","authenticated-orcid":false,"given":"Chen","family":"Zhang","sequence":"additional","affiliation":[{"name":"Information Systems and Business Analytics, Iowa State University, Ames, IA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2025,1,28]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.2307\/3250951"},{"key":"e_1_2_1_2_1","volume-title":"CISOs need to look past boring training videos to a more motivational security stance. SiliconAngle. Retrieved","author":"Amy-Vogt B.","year":"2020","unstructured":"Amy-Vogt, B. (2020). CISOs need to look past boring training videos to a more motivational security stance. SiliconAngle. Retrieved September 3, 2023, from https:\/\/siliconangle.com\/2020\/03\/03\/ cisos-need-look-past-boring-training-videos-motivational-security-stance-rsac-womenintech\/"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.3758\/BF03196423"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jpubeco.2010.04.001"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.2308\/isys-51341"},{"key":"e_1_2_1_6_1","volume-title":"Toward a theory of instruction","author":"Bruner J. S.","year":"1966","unstructured":"Bruner, J. S. (1966). Toward a theory of instruction. Harvard University Press."},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2013.106"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.2307\/41703499"},{"key":"e_1_2_1_9_1","volume-title":"2021 cyber security threat trends","author":"CISCO.","year":"2021","unstructured":"CISCO. (2021). 2021 cyber security threat trends."},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.5465\/amj.2007.28165855"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.2307\/249688"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1146\/annurev-psych-042716-051139"},{"key":"e_1_2_1_13_1","volume-title":"Internet Crime Complaint Center releases 2022 statistics. Retrieved","author":"FBI.","year":"2022","unstructured":"FBI. (2022). Internet Crime Complaint Center releases 2022 statistics. Retrieved September 3, 2023, from https:\/\/www.fbi.gov\/contact-us\/field-offices\/springfield\/news\/internet-crime-complaint-center-releases-2022-statistics"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.17705\/1jais.00054"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.2753\/MIS0742-1222280208"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.obhdp.2018.05.001"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.chb.2014.07.048"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.chb.2015.07.045"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1108\/JSM-01-2015-0045"},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/2063176.2063197"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1080\/10705519909540118"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1080\/07421222.2017.1334499"},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1080\/07421222.2022.2096551"},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1086\/663827"},{"key":"e_1_2_1_25_1","volume-title":"10 companies that can help you fight phishing. CSO. Retrieved","author":"Korolov M.","year":"2016","unstructured":"Korolov, M. (2016). 10 companies that can help you fight phishing. CSO. Retrieved September 3, 2023, from https:\/\/www.csoonline.com\/article\/3066532\/ 10-companies-that-can-help-you-fight-phishing.html"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/1754393.1754396"},{"key":"e_1_2_1_27_1","volume-title":"Mindfulness","author":"Langer E. J.","year":"1989","unstructured":"Langer, E. J. (1989). Mindfulness. Addison-Wesley."},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1111\/0022-4537.00148"},{"key":"e_1_2_1_29_1","volume-title":"Microsoft launches a phishing attack simulator and other security tools. TechCrunch. Retrieved","author":"Lardinois F.","year":"2018","unstructured":"Lardinois, F. (2018). Microsoft launches a phishing attack simulator and other security tools. TechCrunch. Retrieved September 3, 2023, from https:\/\/techcrunch.com\/2018\/04\/16\/microsoft-launches-a-phishing-attack-simulator-and-other-security-tools\/"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.5555\/3177715.3177717"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1037\/apl0000019"},{"key":"e_1_2_1_32_1","first-page":"223","volume-title":"R. E. Snow & M","author":"Malone T. W.","year":"1987","unstructured":"Malone, T. W., & Lepper, M. R. (1987). Making learning fun: A taxonomy of intrinsic motivations for learning. In R. E. Snow & M. J. Farr (Eds.), Aptitude, learning, and instruction: III. Conative and affective process analyses (pp. 223--253). Erlbaum."},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1037\/0022-3514.47.4.918"},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1057\/s41303-017-0058-x"},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jbusres.2018.09.023"},{"key":"e_1_2_1_36_1","volume-title":"Play at work: How games inspire breakthrough thinking","author":"Penenberg A. L.","year":"2013","unstructured":"Penenberg, A. L. (2013). Play at work: How games inspire breakthrough thinking. Penguin."},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.25300\/MISQ\/2012\/36.1.02"},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.2307\/25750704"},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1287\/isre.1070.0141"},{"key":"e_1_2_1_40_1","article-title":"Research: Why breathing is so effective at reducing stress","author":"Sepp\u00e4l\u00e4 E.","year":"2020","unstructured":"Sepp\u00e4l\u00e4, E., Bradley, C., & Goldstein, M. R. (2020). Research: Why breathing is so effective at reducing stress. Harvard Business Review. Retrieved September 3, 2023, from https:\/\/hbr.org\/2020\/09\/research-why-breathing-is-so-effective-at-reducing-stress","journal-title":"Harvard Business Review. Retrieved"},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1080\/07421222.2019.1705512"},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1080\/07421222.2017.1297642"},{"key":"e_1_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.17705\/1jais.00431"},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.2307\/25148655"},{"key":"e_1_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.25300\/MISQ\/2018\/11881"},{"key":"e_1_2_1_46_1","volume-title":"20th European Conference on Information Systems","author":"Thiebes S.","year":"2014","unstructured":"Thiebes, S., Lins, S., & Basten, D. (2014). Gamifying information systems -- A synthesis of gamification mechanics and dynamics. 20th European Conference on Information Systems, Tel Aviv, Israel."},{"key":"e_1_2_1_47_1","volume-title":"Making the smart bet on cybersecurity. Forbes. Retrieved","author":"Towers-Clark C.","year":"2019","unstructured":"Towers-Clark, C. (2019). Making the smart bet on cybersecurity. Forbes. Retrieved September 3, 2023, from https:\/\/www.forbes.com\/sites\/ charlestowersclark\/2019\/10\/25\/making-the-smart-bet-on-cybersecurity\/"},{"issue":"3","key":"e_1_2_1_48_1","first-page":"129","article-title":"Setting a definition, context, and theory-based research agenda for the gamification of non-gaming applications","volume":"10","author":"Treiblmaier H.","year":"2018","unstructured":"Treiblmaier, H., Putz, L.-M., & Lowry, P. B. (2018). Setting a definition, context, and theory-based research agenda for the gamification of non-gaming applications. Association for Information Systems Transactions on Human-Computer Interaction, 10(3), 129--163.","journal-title":"Association for Information Systems Transactions on Human-Computer Interaction"},{"key":"e_1_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1287\/isre.2016.0680"},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.5555\/1246663.1246672"},{"key":"e_1_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.5555\/2895238.2895248"},{"key":"e_1_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.2753\/MIS0742-1222270111"}],"container-title":["ACM SIGMIS Database: the DATABASE for Advances in Information Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3715966.3715971","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3715966.3715971","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:18:49Z","timestamp":1750295929000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3715966.3715971"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,1,28]]},"references-count":52,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2025,2]]}},"alternative-id":["10.1145\/3715966.3715971"],"URL":"https:\/\/doi.org\/10.1145\/3715966.3715971","relation":{},"ISSN":["0095-0033","1532-0936"],"issn-type":[{"value":"0095-0033","type":"print"},{"value":"1532-0936","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,1,28]]},"assertion":[{"value":"2025-01-28","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}