Skip to main content

Getting users to pay attention to anti-phishing education: Evaluation of retention and transfer

Publication ,  Conference
Kumaraguru, P; Rhee, Y; Sheng, S; Hasan, S; Acquisti, A; Cranor, LF; Hong, J
Published in: ACM International Conference Proceeding Series
December 1, 2007

Educational materials designed to teach users not to fall for phishing attacks are widely available but are often ignored by users. In this paper, we extend an embedded training methodology using learning science principles in which phishing education is made part of a primary task for users. The goal is to motivate users to pay attention to the training materials. In embedded training, users are sent simulated phishing attacks and trained after they fall for the attacks. Prior studies tested users immediately after training and demonstrated that embedded training improved users' ability to identify phishing emails and websites. In the present study, we tested users to determine how well they retained knowledge gained through embedded training and how well they transferred this knowledge to identify other types of phishing emails. We also compared the effectiveness of the same training materials delivered via embedded training and delivered as regular email messages. In our experiments, we found that: (a) users learn more effectively when the training materials are presented after users fall for the attack (embedded) than when the same training materials are sent by email (non-embedded); (b) users retain and transfer more knowledge after embedded training than after non-embedded training; and (c) users with higher Cognitive Reflection Test (CRT) scores are more likely than users with lower CRT scores to click on the links in the phishing emails from companies with which they have no account.

Duke Scholars

Published In

ACM International Conference Proceeding Series

DOI

Publication Date

December 1, 2007

Volume

269

Start / End Page

70 / 81
 

Citation

APA
Chicago
ICMJE
MLA
NLM
Kumaraguru, P., Rhee, Y., Sheng, S., Hasan, S., Acquisti, A., Cranor, L. F., & Hong, J. (2007). Getting users to pay attention to anti-phishing education: Evaluation of retention and transfer. In ACM International Conference Proceeding Series (Vol. 269, pp. 70–81). https://doi.org/10.1145/1299015.1299022
Kumaraguru, P., Y. Rhee, S. Sheng, S. Hasan, A. Acquisti, L. F. Cranor, and J. Hong. “Getting users to pay attention to anti-phishing education: Evaluation of retention and transfer.” In ACM International Conference Proceeding Series, 269:70–81, 2007. https://doi.org/10.1145/1299015.1299022.
Kumaraguru P, Rhee Y, Sheng S, Hasan S, Acquisti A, Cranor LF, et al. Getting users to pay attention to anti-phishing education: Evaluation of retention and transfer. In: ACM International Conference Proceeding Series. 2007. p. 70–81.
Kumaraguru, P., et al. “Getting users to pay attention to anti-phishing education: Evaluation of retention and transfer.” ACM International Conference Proceeding Series, vol. 269, 2007, pp. 70–81. Scopus, doi:10.1145/1299015.1299022.
Kumaraguru P, Rhee Y, Sheng S, Hasan S, Acquisti A, Cranor LF, Hong J. Getting users to pay attention to anti-phishing education: Evaluation of retention and transfer. ACM International Conference Proceeding Series. 2007. p. 70–81.

Published In

ACM International Conference Proceeding Series

DOI

Publication Date

December 1, 2007

Volume

269

Start / End Page

70 / 81