Don’t click: towards an effective anti-phishing training. A comparative literature review

  title={Don’t click: towards an effective anti-phishing training. A comparative literature review},
  author={Daniel Jampen and G{\"u}rkan G{\"u}r and Thomas Sutter and Bernhard Tellenbach},
  journal={Human-centric Computing and Information Sciences},
Email is of critical importance as a communication channel for both business and personal matters. Unfortunately, it is also often exploited for phishing attacks. To defend against such threats, many organizations have begun to provide anti-phishing training programs to their employees. A central question in the development of such programs is how they can be designed sustainably and effectively to minimize the vulnerability of employees to phishing attacks. In this paper, we survey and… Expand
Falling for Phishing: An Empirical Investigation into People's Email Response Behaviors
An empirical study to investigate how people make response decisions while reading their emails and identifies eleven factors that influence people’s response decisions to both phishing and legitimate emails. Expand
Experimental Investigation of Technical and Human Factors Related to Phishing Susceptibility
Significant differences in phishing susceptibility were obtained for different email contexts and based on whether individuals have been successfully phished before, and a variety of behavioral and psychological factors measured via pre- and post-campaign surveys are examined. Expand
Factors Affecting Awareness of Phishing Among Generation Y
The purpose of this study was to determine the factors affecting awareness of phishing among Generation Y in Malaysia. Specifically, this study identified three factors that may influence awarenessExpand
Maladaptive behaviour in response to email phishing threats: The roles of rewards and response costs
Results show that rewards influence maladaptive behaviour rather than protective behaviour in response to email phishing threats, and that response costs influence both mal Adaptive and protective behaviours. Expand
Applying social marketing to evaluate current security education training and awareness programs in organisations
It is argued that existing SETA programs are suboptimal as they aim to improve employee knowledge acquisition rather than behaviour and belief, and a novel development process for SETA based on a social marketing approach is proposed. Expand
I Don’t Need an Expert! Making URL Phishing Features Human Comprehensible
This work aims to make experts’ tools accessible to non-experts and assist general users in judging the safety of URLs by providing them with a usable report based on the information professionals use. Expand
Hospitals’ Cybersecurity Culture during the COVID-19 Crisis
The cybersecurity culture readiness of hospitals’ workforce during the COVID-19 crisis is assessed to identify security awareness weaknesses and assist in drafting targeted assessment campaigns specifically tailored to the health domain needs. Expand
Potential Threats of Social Engineering Practices to Social Work
The potential threats of social engineering practices, challenges related to counteracting them, methodologies used to uncover them, and future research directions in this domain are covered. Expand
  • D. Aliu, M. O. Momoh
  • International Journal of Software Engineering and Computer Systems
  • 2021
Researchers are yet to entirely mapped out the difficulty in allocating optimal resources to mobile Worldwide Interoperability for Microwave Access (WiMAX) subscribers. This research presents anExpand
A Review of Factors Affecting the Effectiveness of Phishing
Phishing has become the most convenient technique that hackers use nowadays to gain access to protected systems. This is because cybersecurity has evolved and low-cost systems with the least securityExpand


Phishing counter measures and their effectiveness - literature review
  • S. Purkait
  • Computer Science
  • Inf. Manag. Comput. Secur.
  • 2012
The findings reveal that the current anti‐phishing approaches that have seen significant deployments over the internet can be classified into eight categories and the different approaches proposed so far are all preventive in nature. Expand
Confront Phishing Attacks — from a Perspective of Security Education
  • T. Takata, Kanayo Ogura
  • Computer Science
  • 2019 IEEE 10th International Conference on Awareness Science and Technology (iCAST)
  • 2019
Relationship between human psychological characteristics and vulnerability against social engineering can be used for testing whether a user has vulnerability on some social engineering technique, and the testing result can be utilized for countermeasure or user’s training. Expand
Teaching Johnny not to fall for phish
The results suggest that, while automated detection systems should be used as the first line of defense against phishing attacks, user education offers a complementary approach to help people better recognize fraudulent emails and websites. Expand
Social Engineering and Organisational Dependencies in Phishing Attacks
This work presents the results of a 56,000-participant phishing attack simulation carried out within a multi-national financial organisation, showing that Social proof was the most effective attack vector, followed by Authority and Scarcity. Expand
Security Awareness Training : A Review
1 Abstract—Phishing is a type of social engineering cybercrimes in which, phishers try to steal users’ information. Human unawareness and inattention factors are usually exploited by phishers toExpand
Baiting the hook: factors impacting susceptibility to phishing attacks
Gender and the years of PC usage have a statistically significant impact on the detection rate of phishing; pop-up based attacks have a higher rate of success than the other tested strategies; and, the psychological anchoring effect can be observed in phishing as well. Expand
School of phish: a real-world evaluation of anti-phishing training
Results of this study show that users trained with PhishGuru retain knowledge even after 28 days; adding a second training message to reinforce the original training decreases the likelihood of people giving information to phishing websites; and training does not decrease users' willingness to click on links in legitimate messages. Expand
User Context : An Explanatory Variable in Phishing Susceptibility
Extensive research has been performed to examine the effectiveness of phishing defenses, but much of this research was performed in laboratory settings. In contrast, this work presents 4.5 years ofExpand
Measuring the Effectiveness of Embedded Phishing Exercises
A systematic analysis of data from a large real world embedded phishing exercise that involved 19,180 participants from a single organization, and utilized 115,080 test phishing emails is conducted. Expand
An Anti-phishing Training System for Security Awareness and Education Considering Prevention of Information Leakage
This paper proposes an anti-phishing training system which does not save sensitive data such as an e-mail address and a name of trainees to public servers, and it is implementable at a low cost. Expand