Abstract

Phishing attacks cost organizations thousands of dollars every year, and the problem is worsening with the rise of AI-generated emails that are harder for employees to detect. Traditional awareness programs often fail to create long-lasting behavioral change, calling for more engaging and more sustained training approaches. This study examines how virtual reality (VR) based training enhances employees’ ability to recognize and resist phishing attempts. Using Experiential Learning Theory (ELT), we investigate how and why interactive, experience-driven learning improves knowledge retention and reduces phishing susceptibility over time. Participants will be divided into three groups: one receiving rule-based training, another receiving context-based training, and a third experiencing immersive VR simulated training. After one month, all groups will be exposed to simulated phishing emails with doppelgänger domain links. Comparing results across groups will reveal which training method most effectively improves long-term retention and defense against phishing. The study contributes practical guidance for cybersecurity training and theoretical insight through an ELT-based stage model of learning retention.

Download

Share

COinS