Impact of security awareness training on phishing click-through rates

  title={Impact of security awareness training on phishing click-through rates},
  author={Anthony Carella and Murat Kotsoev and Traian Marius Truta},
  journal={2017 IEEE International Conference on Big Data (Big Data)},
In this paper we study the impact that security awareness training has on the people who click on malicious links contained in phishing emails. Phishing is a criminal activity in which social engineering techniques and technology are used to obtain personal information without one's consent. Currently, anti-phishing techniques have little academic backing, usually only statistics and testimonials from security organizations. This paper aims to provide an educational standard by which the… 

Figures and Tables from this paper

Don’t click: towards an effective anti-phishing training. A comparative literature review

This paper surveys and categorizes works that consider different elements of anti-phishing training programs via a clearly laid-out methodology, and identifies key findings in the technical literature.

Simulated Phishing Attack and Embedded Training Campaign

An in-depth case study on a large phishing awareness campaign is conducted and it is revealed that phishing Awareness is a learning process through which individuals’ behavior can be strengthened by reinforcement and punishment.

Avoiding the Hook: Influential Factors of Phishing Awareness Training on Click-Rates and a Data-Driven Approach to Predict Email Difficulty Perception

The results clearly show that anti-phishing training should focus on the training of individual users rather than on large user groups, and presents a promising generic machine learning model for predicting phishing susceptibility.

Improving cybersecurity awareness using phishing attack simulation

It can be indicated that an appropriate cybersecurity knowledge transfer can reduce a large number of potential victims and cyber threats that may occur in such organizations.

SoK: Still Plenty of Phish in the Sea - A Taxonomy of User-Oriented Phishing Interventions and Avenues for Future Research

A taxonomy of phishing interventions based on a systematic literature analysis is presented, shedding light on the diversity of existing approaches by analyzing them with respect to the intervention type, the addressed phishing attack vector, the time at which the intervention takes place, and the required user interaction.

Measuring the Information Security Awareness Level of Government Employees Through Phishing Assessment

  • M. IkhsanK. Ramli
  • Computer Science
    2019 34th International Technical Conference on Circuits/Systems, Computers and Communications (ITC-CSCC)
  • 2019
This study aims to measure the level of information security awareness of government employees through case studies at the Directorate General of ABC (DG ABC) in Indonesia through phishing simulation and knowledge approach through a questionnaire on a Likert scale.

Taxonomy of Cybersecurity Awareness Delivery Methods: A Countermeasure for Phishing Threats

A new taxonomy of the most common cybersecurity training delivery methods and compare them along various factors is developed and offers a clearer understanding of the main challenges, the existing solution space, and the potential scope of future research to be addressed.

Cybersecurity Awareness Enhancement: A Study of the Effects of Age and Gender of Thai Employees Associated with Phishing Attacks

It was found that gender played a significant role in cybersecurity awareness within the Thai cybersecurity ecosystem since Thai female employees were found to have a higher level of cybersecurity awareness than male employees.

Feature Selection for Phishing Website Classification

The observational results have shown that the optimized Random Forest (RFPT) classifier with feature selection by the FSFM achieves the highest performance among all the techniques.

Phishing in Organizations: Findings from a Large-Scale and Long-Term Study

It is demonstrated that using the employees as a collective phishing detection mechanism is practical in large organizations and allows fast detection of new phishing campaigns, the operational load for the organization is acceptable, and the employees remain active over long periods of time.



Phishing & Anti-Phishing Techniques: Case Study

This paper gives brief information about phishing, its attacks, steps that users can take to safeguard their confidential information, and a survey conducted by netcraft on phishing.

Behavioral response to phishing risk

A pilot survey of 232 computer users is reported to reveal predictors of falling for phishing emails, as well as trusting legitimate emails, to suggest that educational efforts should aim to increase users' intuitive understanding, rather than merely warning them about risks.

A Comprehensive Study of Phishing Attacks

This paper has studied phishing and its types in detail and reviewed some of thephishing and anti phishing techniques and found that phishing has not been eradicated completely yet.

Got Phished? Internet Security and Human Vulnerability

It is demonstrated through the experiment that several situational factors do, in fact, alter the effectiveness of phishing attempts, including a theoretical framework based on the heuristic-systematic processing model to study the susceptibility of users to deception.

Gone phishing

Phishing is the act of convincing users to provide personal identification information such as credit card numbers, social security numbers, and bank account information for explicit illegal use.

Decision strategies and susceptibility to phishing

Preliminary analysis of interviews with 20 non-expert computer users to reveal their strategies and understand their decisions when encountering possibly suspicious emails suggests that people can manage the risks that they are most familiar with, but don't appear to extrapolate to be wary of unfamiliar risks.

There Is No Free Phish: An Analysis of "Free" and Live Phishing Kits

It is concluded that phishing kits target two classes of victims: the gullible users from whom they extort valuable information and the unexperienced phishers who deploy them.

Taking the Bait: A Systems Analysis of Phishing Attacks

Why phishing works

This paper provides the first empirical evidence about which malicious strategies are successful at deceiving general users by analyzing a large set of captured phishing attacks and developing a set of hypotheses about why these strategies might work.

Individual processing of phishing emails: How attention and elaboration protect against phishing

This paper explores user susceptibility to phishing by unpacking the mechanisms that may influence individual victimization by focusing on the characteristics of the e-mail message, users’ knowledge and experience with phishing, and the manner in which these interact and influence how users cognitively process phishing e-mails.