Using an Interactive Online Quiz to Recalibrate College Students’ Attitudes and Behavioral Intentions About Phishing

  title={Using an Interactive Online Quiz to Recalibrate College Students’ Attitudes and Behavioral Intentions About Phishing},
  author={Evan K. Perrault},
  journal={Journal of Educational Computing Research},
  pages={1154 - 1167}
  • Evan K. Perrault
  • Published 1 January 2018
  • Psychology
  • Journal of Educational Computing Research
Despite improved spam filtering technology, phishing continues to be a prevalent threat for college students. The current study found that approximately 4-in-10 of the students surveyed (N = 462) indicate they do not know what phishing is and the threat it poses. Students also report initially overestimating their confidence to successfully recognize phishing attempts, and underestimating their susceptibility to being the victim of an attack. By completing an interactive online phishing quiz… 

Figures and Tables from this paper

Training Users to Identify Phishing Emails
Users’ ability to identify phishing emails is critical to avoid becoming victims of these attacks, and the current study examined how to identify these attacks.
An examination of susceptibility to spear phishing cyber attacks in non-English speaking communities
This research investigated the drivers that affect susceptibility to spear phishing in the Middle Eastern culture and proposed and tested a theoretical model that explains users' behavior toward phishing material in the context of Non-English-speaking countries.
Risk Assessments of Social Engineering Attacks and Set Controls in an Online Education Environment
The cybersecurity attacks for the educational field is not too highlighted in today's time. There is an incoming threat in the educational field that if not look into can result into a dangerous
SoK: Still Plenty of Phish in the Sea - A Taxonomy of User-Oriented Phishing Interventions and Avenues for Future Research
A taxonomy of phishing interventions based on a systematic literature analysis is presented, shedding light on the diversity of existing approaches by analyzing them with respect to the intervention type, the addressed phishing attack vector, the time at which the intervention takes place, and the required user interaction.
Factors Affecting Employee Intentions to Comply With Password Policies
Factors Affecting Employee Intentions to Comply With Password Policies by Ernest T. Anye MIT, Walden University, 2017 MS, Northwestern State University, 2010 BS, Grambling State University, 2003
SoK: A Comprehensive Reexamination of Phishing Research From the Security Perspective
This work reexamines the existing research on phishing and spear phishing from the perspective of the unique needs of the security domain, which includes real-time detection, active attacker, dataset quality and base-rate fallacy, and surveys the existing phishing/spear phishing solutions in their light.
Research on the Ways of Financial Literacy Education under the Background of Student Network Loan
Internet loans are the product of the “Internet + Finance” concept. Finance is an important core of economic and social development today, and its impact on each group cannot be underestimated. One


Teaching Johnny not to fall for phish
The results suggest that, while automated detection systems should be used as the first line of defense against phishing attacks, user education offers a complementary approach to help people better recognize fraudulent emails and websites.
School of phish: a real-world evaluation of anti-phishing training
Results of this study show that users trained with PhishGuru retain knowledge even after 28 days; adding a second training message to reinforce the original training decreases the likelihood of people giving information to phishing websites; and training does not decrease users' willingness to click on links in legitimate messages.
Why phishing still works: User strategies for combating phishing attacks
It is found that gaze time on browser chrome elements does correlate to increased ability to detect phishing and users' general technical proficiency does not correlate with improved detection scores.
Getting users to pay attention to anti-phishing education: evaluation of retention and transfer
An embedded training methodology using learning science principles in which phishing education is made part of a primary task for users is extended to motivate users to pay attention to the training materials.
Why do people get phished? Testing individual differences in phishing vulnerability within an integrated, information processing model
The results indicate that most phishing emails are peripherally processed and individuals make decisions based on simple cues embedded in the email, and computer self-efficacy was found to significantly influence elaboration, but its influence was diminished by domain specific-knowledge.
The extraordinary losses as a result of new and recent phishing attacks is disconcerting and troubling in the business community. Because business students will become the future targets of business
Phishing IQ Tests Measure Fear, Not Ability
It is argued that phishing IQ tests fail to measure susceptibility to phishing attacks, and the only measurable effect of the phishing education was an increased concern--not an increased ability.
Mostly, security professionals can spot a phish a mile off. If they do err, it’s usually on the side of caution, for instance when real organizations fail to observe best practice and generate
Analysis of an Anti-Phishing Lab Activity.
Despite advances in spam detection software, anti-spam laws, and increasingly sophisticated users, the number of successful phishing scams continues to grow. In addition to monetary losses
T 18HIS INVESTIGATION focuses on the concept of communicatory utility, defined as the anticipated usefulness of information for future informal interaction with family, friends, co-workers and