Don’t click: towards an effective anti-phishing training. A comparative literature review

Jampen, Daniel; Gür, Gürkan; Sutter, Thomas Schmid; Tellenbach, Bernhard

doi:10.1186/s13673-020-00237-7

Cited by 66 publications

(43 citation statements)

References 109 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This finding indicated that H2 was supported. It is also in line with previous research (e.g., Bose & Leung, 2008;Arachchilage & Love, 2014;Baral & Arachchilage, 2019;Verkijika, 2019;and Jampen et al, 2020).…”

Section: Discussionsupporting

confidence: 93%

Factors Affecting Awareness of Phishing Among Generation Y

Zaharon¹,

Ali²,

Hasnan³

2021

APMAJ

View full text Add to dashboard Cite

The purpose of this study was to determine the factors affecting awareness of phishing among Generation Y in Malaysia. Specifically, this study identified three factors that may influence awareness of phishing by applying the Theory of Technology Threat Avoidance. The factors are social engineering, anti-phishing knowledge, and security concern. Data was collected through a questionnaire survey. This study found that all the factors significantly influenced awareness of phishing among Generation Y in Malaysia. The findings of this study provide a further understanding of the factors that affect awareness of phishing. This study would benefit the public, especially Generation Y, the government, and all types of businesses, including financial institutions, by raising awareness of phishing and reducing phishing attacks. Keywords: phishing, Generation Y, social engineering, anti-phishing knowledge, security concern

show abstract

Section: Discussionsupporting

confidence: 93%

Factors Affecting Awareness of Phishing Among Generation Y

Zaharon¹,

Ali²,

Hasnan³

2021

APMAJ

View full text Add to dashboard Cite

show abstract

“…Besides, the great success of phishing emails in deceiving can be attributed to the fact that phishers become smarter [58]. Therefore, even the tech-savvy people can be deceived, while regular training can certainly shield an organization, as previous works suggest [59,60].…”

Section: Key Findingsmentioning

confidence: 99%

Hospitals’ Cybersecurity Culture during the COVID-19 Crisis

et al. 2021

View full text Add to dashboard Cite

The coronavirus pandemic led to an unprecedented crisis affecting all aspects of the concurrent reality. Its consequences vary from political and societal to technical and economic. These side effects provided fertile ground for a noticeable cyber-crime increase targeting critical infrastructures and, more specifically, the health sector; the domain suffering the most during the pandemic. This paper aims to assess the cybersecurity culture readiness of hospitals’ workforce during the COVID-19 crisis. Towards that end, a cybersecurity awareness webinar was held in December 2020 targeting Greek Healthcare Institutions. Concepts of cybersecurity policies, standards, best practices, and solutions were addressed. Its effectiveness was evaluated via a two-step procedure. Firstly, an anonymous questionnaire was distributed at the end of the webinar and voluntarily answered by attendees to assess the comprehension level of the presented cybersecurity aspects. Secondly, a post-evaluation phishing campaign was conducted approximately four months after the webinar, addressing non-medical employees. The main goal was to identify security awareness weaknesses and assist in drafting targeted assessment campaigns specifically tailored to the health domain needs. This paper analyses in detail the results of the aforementioned approaches while also outlining the lessons learned along with the future scientific routes deriving from this research.

show abstract

“…Upfront training explains concepts in a dedicated training session. Its effectiveness depends on the user's ability to recall and apply these learned lessons in later situations, which can be challenging since people tend to forget unused information [18,64], necessitating periodical training [34]. Even if they can remember, attackers also continuously adjust their tactics over time, invalidating some of the learned information [5,22].…”

Section: User Trainingmentioning

confidence: 99%

I Don’t Need an Expert! Making URL Phishing Features Human Comprehensible

Althobaiti

Meng

Vaniea

2021

Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems

View full text Add to dashboard Cite

Judging the safety of a URL is something that even security experts struggle to do accurately without additional information. In this work, we aim to make experts' tools accessible to non-experts and assist general users in judging the safety of URLs by providing them with a usable report based on the information professionals use. We designed the report by iterating with 8 focus groups made up of end users, HCI experts, and security experts to ensure that the report was usable as well as accurately interpreted the information. We also conducted an online evaluation with 153 participants to compare different report-length options. We find that the longer comprehensive report allows users to accurately judge URL safety (93% accurate) and that summaries still provide benefit (83% accurate) compared to domain highlighting (65% accurate).

show abstract

Don’t click: towards an effective anti-phishing training. A comparative literature review

Cited by 66 publications

References 109 publications

Factors Affecting Awareness of Phishing Among Generation Y

Factors Affecting Awareness of Phishing Among Generation Y

Hospitals’ Cybersecurity Culture during the COVID-19 Crisis

I Don’t Need an Expert! Making URL Phishing Features Human Comprehensible

Contact Info

Product

Resources

About