Phishing: Cutting the Identity Theft Line
Phishing: Cutting the Identity Theft Line
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Protecting people from phishing: the design and evaluation of an embedded training email system
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Anti-Phishing Phil: the design and evaluation of a game that teaches people not to fall for phish
Proceedings of the 3rd symposium on Usable privacy and security
Communications of the ACM
Getting users to pay attention to anti-phishing education: evaluation of retention and transfer
Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit
Scalable Detection and Isolation of Phishing
AIMS '09 Proceedings of the 3rd International Conference on Autonomous Infrastructure, Management and Security: Scalability of Networks and Services
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
The Wi-Fi privacy ticker: improving awareness & control of personal information exposure on Wi-Fi
Proceedings of the 12th ACM international conference on Ubiquitous computing
Ethical concerns in computer security and privacy research involving human subjects
FC'10 Proceedings of the 14th international conference on Financial cryptograpy and data security
This is your data on drugs: lessons computer security can learn from the drug war
Proceedings of the 2010 workshop on New security paradigms
Assessing the severity of phishing attacks: A hybrid data mining approach
Decision Support Systems
Proceedings of the Seventh Symposium on Usable Privacy and Security
Computer security research with human subjects: risks, benefits and informed consent
FC'11 Proceedings of the 2011 international conference on Financial Cryptography and Data Security
Learning from early attempts to measure information security performance
CSET'12 Proceedings of the 5th USENIX conference on Cyber Security Experimentation and Test
Hi-index | 0.00 |
PhishGuru is an embedded training system that teaches users to avoid falling for phishing attacks by delivering a training message when the user clicks on the URL in a simulated phishing email. In previous lab and real-world experiments, we validated the effectiveness of this approach. Here, we extend our previous work with a 515-participant, real-world study in which we focus on long-term retention and the effect of two training messages. We also investigate demographic factors that influence training and general phishing susceptibility. Results of this study show that (1) users trained with PhishGuru retain knowledge even after 28 days; (2) adding a second training message to reinforce the original training decreases the likelihood of people giving information to phishing websites; and (3) training does not decrease users' willingness to click on links in legitimate messages. We found no significant difference between males and females in the tendency to fall for phishing emails both before and after the training. We found that participants in the 18--25 age group were consistently more vulnerable to phishing attacks on all days of the study than older participants. Finally, our exit survey results indicate that most participants enjoyed receiving training during their normal use of email.