Cognitive elements of learning and discriminability in anti-phishing training. Issue 127 (April 2023)
- Record Type:
- Journal Article
- Title:
- Cognitive elements of learning and discriminability in anti-phishing training. Issue 127 (April 2023)
- Main Title:
- Cognitive elements of learning and discriminability in anti-phishing training
- Authors:
- Singh, Kuldeep
Aggarwal, Palvi
Rajivan, Prashanth
Gonzalez, Cleotilde - Abstract:
- Highlights: We conducted laboratory experiments on phishing training according to cognitive processes such as frequency and type of feedback. Increased frequency of phishing emails during training develops participant's sensitivity to phishing emails that impacts their response bias. Using detailed feedback instead of only outcome feedback helps participants discriminate between phishing and ham email more effectively. Abstract: People adjust decisions based on their experiences; and it is important to know how to shape these experiences effectively to improve their future decisions. We conducted laboratory experiments to study an effective way to shape end-users' experiences to improve their detection of phishing emails. Despite technical and training-based solutions to phishing detection, malicious emails continue to reach people broadly. The end-user's susceptibility towards phishing emails could be due to lack of experience in phishing, lack of motivation or inappropriate knowledge of phishing cues. In this paper, we study the effects of two experimental variables during a training phase: The frequency of phishing emails (low frequency-25%, medium frequency-50%, and high frequency-75%), and the type of feedback provided on the decisions made (outcome or detail feedback). The individual's base susceptibility to phishing emails was measured in a pre-training phase in which 20% of the emails were phishing and compared to a similar post-training phase. The results show thatHighlights: We conducted laboratory experiments on phishing training according to cognitive processes such as frequency and type of feedback. Increased frequency of phishing emails during training develops participant's sensitivity to phishing emails that impacts their response bias. Using detailed feedback instead of only outcome feedback helps participants discriminate between phishing and ham email more effectively. Abstract: People adjust decisions based on their experiences; and it is important to know how to shape these experiences effectively to improve their future decisions. We conducted laboratory experiments to study an effective way to shape end-users' experiences to improve their detection of phishing emails. Despite technical and training-based solutions to phishing detection, malicious emails continue to reach people broadly. The end-user's susceptibility towards phishing emails could be due to lack of experience in phishing, lack of motivation or inappropriate knowledge of phishing cues. In this paper, we study the effects of two experimental variables during a training phase: The frequency of phishing emails (low frequency-25%, medium frequency-50%, and high frequency-75%), and the type of feedback provided on the decisions made (outcome or detail feedback). The individual's base susceptibility to phishing emails was measured in a pre-training phase in which 20% of the emails were phishing and compared to a similar post-training phase. The results show that the type of feedback provided during training affected participants' sensitivity to detecting subsequent phishing emails. In addition, the frequency of phishing emails during training impacted their likelihood of classifying subsequent emails as phishing or legitimate. The results of these experiments show that anti-phishing training must be carefully designed taking into consideration the impact that these design choices have on human learning and decision making. … (more)
- Is Part Of:
- Computers & security. Issue 127(2023)
- Journal:
- Computers & security
- Issue:
- Issue 127(2023)
- Issue Display:
- Volume 127, Issue 127 (2023)
- Year:
- 2023
- Volume:
- 127
- Issue:
- 127
- Issue Sort Value:
- 2023-0127-0127-0000
- Page Start:
- Page End:
- Publication Date:
- 2023-04
- Subjects:
- Phishing -- Security awareness -- Anti-phishing training -- Cyber security -- Decisions from experience
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2023.103105 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 26009.xml