Going Spear Phishing: Exploring Embedded Training and Awareness

Author

Caputo, Deanna D. ; Pfleeger, Shari Lawrence ; Freeman, Joshua D. ; Johnson, M. Eric

Volume

12

Issue

1

fYear

2014

fDate

Jan.-Feb. 2014

Firstpage

28

Lastpage

38

Abstract

To explore the effectiveness of embedded training, researchers conducted a large-scale experiment that tracked workers´ reactions to a series of carefully crafted spear phishing emails and a variety of immediate training and awareness activities. Based on behavioral science findings, the experiment included four different training conditions, each of which used a different type of message framing. The results from three trials showed that framing had no significant effect on the likelihood that a participant would click a subsequent spear phishing email and that many participants either clicked all links or none regardless of whether they received training. The study was unable to determine whether the embedded training materials created framing changes on susceptibility to spear phishing attacks because employees failed to read the training materials.

Keywords

computer crime; personnel; training; unsolicited e-mail; awareness activities; behavioral science; carefully crafted spear phishing emails; embedded training; employees; message framing; spear phishing attacks; training condition; training materials; worker reaction; Behavioral science; Computer security; Electronic mail; Embedded system; Large-scale systems; Phishing; User centered design; behavioral science; embedded training; security awareness; spear phishing;

fLanguage

English

Journal_Title

Security & Privacy, IEEE

Publisher

ieee

ISSN

1540-7993

Type

jour

DOI

10.1109/MSP.2013.106

Filename

6585241