Portal de Periódicos da CAPES

Training Users to Identify Phishing Emails

2021; SAGE Publishing; Volume: 59; Issue: 6 Linguagem: Inglês

10.1177/0735633121992516

1541-4140

Bradley W. Weaver, Adam M. Braly, David M. Lane,

Advanced Malware Detection Techniques

Phishing emails pose a serious threat to individuals and organizations. Users’ ability to identify phishing emails is critical to avoid becoming victims of these attacks. The current study examined the effectiveness of a short online phishing training program designed to help users identify phishing emails. Half of the participants were in the training group and the other half worked on a control filler task. The training group’s sensitivity ( d′) at correctly classifying emails as legitimate or phishing increased by 1.14 whereas the control group’s sensitivity increased by only 0.48. This difference in d' changes was significant, t(38) = 2.05, p = .048. This improvement in performance was likely due to users learning how to check reliable cues and interpret them. Despite a sizeable improvement in detecting phishing emails, the training group correctly classified only about two-thirds of phishing emails. Accordingly, a short training program appears beneficial, but a more comprehensive training program would be needed to reduce vulnerability to an acceptable level.