The Effects of Training on Phishing Detection

Presentation Type

Poster

Abstract

We aim to determine how training affects a person's ability to correctly identify email attacks, including viri and phishing. A sample of university undergraduates were tested using a program developed in collaboration with the U.S. Air Force that simulates receiving and responding to emails in a work environment. Participants were asked to go through one of two training tutorials. The first tutorial clearly defined cyber-attacks and their warning signs along with the functions of the mail operating system, while the second simply highlighted the functions of the mail operating system. Following this training, each participant was exposed to an inbox that had a zero percent, five percent, or twenty percent infiltration of attack emails. Each participant was requested to report any email they found suspicious of being a phishing attack by using the built in “Report” button in the database. Each participant was exposed to three hundred emails that contained a message asking the he or she to download or upload a common work form regarding one’s Security Clearance, Hire, or Legal forms. Each participant must decide whether the email they received was from a safe work email or a potential hacker. Some emails would ask the participant to download a file directly to their database. The files they were exposed to were either a safe .pdf file or a potentially unsafe .exe file. The study is still in data collection, but preliminary results will be available by the time of the conference. It is predicted that the participants exposed to the training, which specifically identifies threats, will be able to more accurately flag a phishing attacks in all levels of infiltration. Demographic questions in the study will explore each individual's personal template for email and cyber attacks. This information will allow us better insight into the training needs among young people entering the workforce.

Share

COinS
 

The Effects of Training on Phishing Detection

We aim to determine how training affects a person's ability to correctly identify email attacks, including viri and phishing. A sample of university undergraduates were tested using a program developed in collaboration with the U.S. Air Force that simulates receiving and responding to emails in a work environment. Participants were asked to go through one of two training tutorials. The first tutorial clearly defined cyber-attacks and their warning signs along with the functions of the mail operating system, while the second simply highlighted the functions of the mail operating system. Following this training, each participant was exposed to an inbox that had a zero percent, five percent, or twenty percent infiltration of attack emails. Each participant was requested to report any email they found suspicious of being a phishing attack by using the built in “Report” button in the database. Each participant was exposed to three hundred emails that contained a message asking the he or she to download or upload a common work form regarding one’s Security Clearance, Hire, or Legal forms. Each participant must decide whether the email they received was from a safe work email or a potential hacker. Some emails would ask the participant to download a file directly to their database. The files they were exposed to were either a safe .pdf file or a potentially unsafe .exe file. The study is still in data collection, but preliminary results will be available by the time of the conference. It is predicted that the participants exposed to the training, which specifically identifies threats, will be able to more accurately flag a phishing attacks in all levels of infiltration. Demographic questions in the study will explore each individual's personal template for email and cyber attacks. This information will allow us better insight into the training needs among young people entering the workforce.