Paper ID

2216

Paper Type

short

Description

Phishing e-mails are a costly problem for organizations that automated phishing detection systems have been unable to stop. Accordingly, most organizations train their members how to detect and safely respond to phishing e-mails. Most phishing training take a rules-based or behavioral approach. Rules-based approaches provide simple heuristics to employees to follow, but have been criticized for their lack of flexibility. Behavioral approaches, including mindfulness-based training, improve attentiveness, but have been criticized for being misapplied. In a multi-study research program, we evaluate phishing training methods to determine which is the most successful for improving phishing detection. We also uncover the mechanisms through which these training programs improve phishing detection and offer a new integrated phishing training method. Our empirical results indicate that an integrated training program that combines mindfulness concepts, and targets specific linguistic identifiers of phishing, provide the greatest improvements to phishing detection rates.

Share

COinS
 

Learning to See the Hook: Comparing Phishing Training Approaches

Phishing e-mails are a costly problem for organizations that automated phishing detection systems have been unable to stop. Accordingly, most organizations train their members how to detect and safely respond to phishing e-mails. Most phishing training take a rules-based or behavioral approach. Rules-based approaches provide simple heuristics to employees to follow, but have been criticized for their lack of flexibility. Behavioral approaches, including mindfulness-based training, improve attentiveness, but have been criticized for being misapplied. In a multi-study research program, we evaluate phishing training methods to determine which is the most successful for improving phishing detection. We also uncover the mechanisms through which these training programs improve phishing detection and offer a new integrated phishing training method. Our empirical results indicate that an integrated training program that combines mindfulness concepts, and targets specific linguistic identifiers of phishing, provide the greatest improvements to phishing detection rates.