Title :
Going Spear Phishing: Exploring Embedded Training and Awareness
Author :
Caputo, Deanna D. ; Pfleeger, Shari Lawrence ; Freeman, Joshua D. ; Johnson, M. Eric
Abstract :
To explore the effectiveness of embedded training, researchers conducted a large-scale experiment that tracked workers´ reactions to a series of carefully crafted spear phishing emails and a variety of immediate training and awareness activities. Based on behavioral science findings, the experiment included four different training conditions, each of which used a different type of message framing. The results from three trials showed that framing had no significant effect on the likelihood that a participant would click a subsequent spear phishing email and that many participants either clicked all links or none regardless of whether they received training. The study was unable to determine whether the embedded training materials created framing changes on susceptibility to spear phishing attacks because employees failed to read the training materials.
Keywords :
computer crime; personnel; training; unsolicited e-mail; awareness activities; behavioral science; carefully crafted spear phishing emails; embedded training; employees; message framing; spear phishing attacks; training condition; training materials; worker reaction; Behavioral science; Computer security; Electronic mail; Embedded system; Large-scale systems; Phishing; User centered design; behavioral science; embedded training; security awareness; spear phishing;
Journal_Title :
Security & Privacy, IEEE
DOI :
10.1109/MSP.2013.106
