Using an Interactive Online Quiz to Recalibrate College Students’ Attitudes and Behavioral Intentions About Phishing

  title={Using an Interactive Online Quiz to Recalibrate College Students’ Attitudes and Behavioral Intentions About Phishing},
  author={Evan K. Perrault},
  journal={Journal of Educational Computing Research},
  pages={1154 - 1167}
  • Evan K. Perrault
  • Published 1 January 2018
  • Computer Science
  • Journal of Educational Computing Research
Despite improved spam filtering technology, phishing continues to be a prevalent threat for college students. The current study found that approximately 4-in-10 of the students surveyed (N = 462) indicate they do not know what phishing is and the threat it poses. Students also report initially overestimating their confidence to successfully recognize phishing attempts, and underestimating their susceptibility to being the victim of an attack. By completing an interactive online phishing quiz… 

Figures and Tables from this paper

Training Users to Identify Phishing Emails

Users’ ability to identify phishing emails is critical to avoid becoming victims of these attacks, and the current study examined how to identify these attacks.

Risk Assessments of Social Engineering Attacks and Set Controls in an Online Education Environment

The cybersecurity attacks for the educational field is not too highlighted in today's time. There is an incoming threat in the educational field that if not look into can result into a dangerous

SoK: Still Plenty of Phish in the Sea - A Taxonomy of User-Oriented Phishing Interventions and Avenues for Future Research

A taxonomy of phishing interventions based on a systematic literature analysis is presented, shedding light on the diversity of existing approaches by analyzing them with respect to the intervention type, the addressed phishing attack vector, the time at which the intervention takes place, and the required user interaction.

SoK: Human-Centered Phishing Susceptibility

A three-stage Phishing Susceptibility Model (PSM) is proposed for explaining how humans are involved in phishing detection and prevention, and systematically investigate the phishing susceptibility variables studied in the literature and taxonomize them using this model.

Factors Affecting Employee Intentions to Comply With Password Policies

Examination of the relationship between employees’ attitudes towards password policies, information security awareness, password self-efficacy, and employee intentions to comply with password policies suggested that a reduction in security breaches may promote more public confidence in organizational information systems.

SoK: A Comprehensive Reexamination of Phishing Research From the Security Perspective

This work reexamines the existing research on phishing and spear phishing from the perspective of the unique needs of the security domain, which includes real-time detection, active attacker, dataset quality and base-rate fallacy, and surveys the existing phishing/spear phishing solutions in their light.

Research on the Ways of Financial Literacy Education under the Background of Student Network Loan

Internet loans are the product of the “Internet + Finance” concept. Finance is an important core of economic and social development today, and its impact on each group cannot be underestimated. One



Teaching Johnny not to fall for phish

The results suggest that, while automated detection systems should be used as the first line of defense against phishing attacks, user education offers a complementary approach to help people better recognize fraudulent emails and websites.

School of phish: a real-world evaluation of anti-phishing training

Results of this study show that users trained with PhishGuru retain knowledge even after 28 days; adding a second training message to reinforce the original training decreases the likelihood of people giving information to phishing websites; and training does not decrease users' willingness to click on links in legitimate messages.

Why phishing still works: User strategies for combating phishing attacks

Getting users to pay attention to anti-phishing education: evaluation of retention and transfer

An embedded training methodology using learning science principles in which phishing education is made part of a primary task for users is extended to motivate users to pay attention to the training materials.


The extraordinary losses as a result of new and recent phishing attacks is disconcerting and troubling in the business community. Because business students will become the future targets of business

Phishing IQ Tests Measure Fear, Not Ability

It is argued that phishing IQ tests fail to measure susceptibility to phishing attacks, and the only measurable effect of the phishing education was an increased concern--not an increased ability.


Signs are that losses from phishing and other forms of identity theft continue to climb, and while accurate and up-to-date figures for financial loss are hard to come by, many sites are now addressing the problem with phishing quizzes, intended to teach the everyday user to distinguish phish from phowl.

Analysis of an Anti-Phishing Lab Activity.

This paper analyzes one activity based on an online phishing IQ test using in-class activities in an introductory computer course as one way of familiarizing students with phishing and teaching them how to recognize a phishing email in order to avoid becoming victims.


T 18HIS INVESTIGATION focuses on the concept of communicatory utility, defined as the anticipated usefulness of information for future informal interaction with family, friends, co-workers and