What is it about?
We developed an adversarial phishing e-mail detection training and found that this approach is a promising alternative to the conventional cybersecurity training paradigm. A pilot experiment showed that those who had adversarial training were especially better at detecting targeted phishing attacks compared to those without any additional training. The main experiment shows that adversarial training participants were nearly three times less likely to fall for simulated phishing e-mails sent two weeks after training completion, compared to those with a conventional training. Thus, the adversarial training paradigm may be a highly promising approach to improve online scam detection.
Featured Image
Why is it important?
Conventional phishing detection training relies on increasing people's awareness of certain suspicious cues in online content that they need to look out for. However, recent studies find that people often do not apply such advice and continue to fall for phishing e-mail scams. We therefore tested a different training paradigm that engages people's thinking with that of an adversary, and find highly promising results that it reduces phishing victimisation more so than people who receive no additional or conventional training.
Perspectives
We found the results very exciting, because they encourage further studies with a different training paradigm that may provide a better alternative to the mandatory conventional cyber awareness training that many people try to click through quickly when they join new organisations.
Sarah Zheng
University College London
Read the Original
This page is a summary of: Phishing to improve detection, October 2023, ACM (Association for Computing Machinery),
DOI: 10.1145/3617072.3617121.
You can read the full text:
Contributors
The following have contributed to this page
