School of phish: A real-world evaluation of anti-phishing training

SOUPS 2009 - Proceedings of the 5th Symposium On Usable Privacy and Security

Volumn , Issue , 2009, Pages

  Kumaraguru, Ponnurangam ^a   Cranshaw, Justin ^a   Acquisti, Alessandro ^a   Cranor, Lorrie ^a   Hong, Jason ^a   Blair, Mary Ann ^a   Pham, Theodore ^a  

^a CARNEGIE MELLON UNIVERSITY   (United States)

Author keywords

Email; Embedded training; Phishing; Real world studies; Usable privacy and security

Indexed keywords

EMAIL; EMBEDDED TRAINING; PHISHING; REAL-WORLD STUDIES; USABLE PRIVACY AND SECURITY;

ELECTRONIC MAIL;

SURVEYS;

EID: 70350714542     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1572532.1572536     Document Type: Conference Paper

References (21)

1. J. R. Anderson and H. A. Simon. Situated learning and education. Educational Researcher, 25:5-11, 1996.
2. D. B. Buller and J. K. Burgoon. Interpersonal deception theory. Communication Theory, 6(3):203-242, 1996.
3. J. R. Carlson, J. F. George, J. K. Burgoon, M. Adkins, and C. H. White. Deception in computer-mediated communication. Group Decision and Negotiation, 13(1):5-28, 2004.
4. R. Dhamija, J. D. Tygar, and M. Hearst. Why Phishing Works. Proceedings of the Conference on Human Factors in Computing Systems (CHI), 2006.
5. E. Ellis, L. Worthington, and M. Larkin. Research synthesis on effective teaching principles and the design of quality tools for educators. Technical report, National center to improve the tools of educators, 1994.
6. A. J. Ferguson. Fostering E-Mail Security Awareness: The West Point Carronade. EDUCASE Quarterly, (1), 2005.
7. T. Jagatic, N. Johnson, M. Jakobsson, and F. Menczer. Social phishing. Communications of the ACM, 50(10):94-100, October 2007.
8. P. Johnson, S. Grazioli, K. Jamal, and G. Berryman. Detecting deception: adversarial problem solving in a low base-rate world. Cognitive Science: A Multidisciplinary Journal, 25(3):355-392, 2001.
9. P. Kumaraguru, Y. Rhee, A. Acquisti, L. F. Cranor, J. Hong, and E. Nunge. Protecting people from phishing: the design and evaluation of an embedded training email system. In CHI '07: Proceedings of the SIGCHI conference on Human factors in computing systems, pages 905-914, 2007.
10. P. Kumaraguru, Y. Rhee, S. Sheng, S. Hasan, A. Acquisti, L. F. Cranor, and J. Hong. Getting users to pay attention to anti-phishing education: Evaluation of retention and transfer. e-Crime Researchers Summit, Anti-Phishing Working Group, 2007.
11. P. Kumaraguru, S. Sheng, A. Acquisti, L. Cranor, and J. Hong. Under review.
12. P. Kumaraguru, S. Sheng, A. Acquisti, L. F. Cranor, and J. Hong. Lessons from a real world evaluation of anti-phishing training. e-Crime Researchers Summit, Anti-Phishing Working Group, October 2008.
13. R. Lininger and R. D. Vines. Phishing: Cutting the Identity Theft Line. Indianapolis, Indiana, USA, 2005.
14. R. C. Miller and M. Wu. Fighting Phishing at the User Interface. O'Reilly, August 2005. In Lorrie Cranor and Simson Garfinkel (Eds.) Security and Usability: Designing Secure Systems that People Can Use.
15. T. Moore and R. Anderson. How brain type influences online safety. Working paper, July 2008.
16. R. A. Morin and A. Fernandez Suarez. Risk aversion revisited. Journal of Finance, 38(4):1201-16, September 1983.
17. New York State Office of Cyber Security & Critical Infrastructure Coordination. Gone phishing. . . a briefing on the anti-phishing exercise initiative for new york state government. Aggregate Exercise Results for public release., 2005.
18. R. A. Schmidt and R. A. Bjork. New conceptualizations of practice: Common principles in three paradigms suggest new concepts for training. Psychological Science, 3(4):207-217, July 1992.
19. S. Sheng, B. Magnien, P. Kumaraguru, A. Acquisti, L. F. Cranor, J. Hong, and E. Nunge. Anti-phishing phil: The design and evaluation of a game that teaches people not to fall for phish. In SOUPS '07: Proceedings of the 3rd symposium on Usable privacy and security, pages 88-99, 2007.
20. E. Spagat. Justice department hoaxes employees. News article, January 2009. http://news.yahoo.com/s/ap/20090129/ ap-on-go-ca-st-pe/justice-hoax.
21. G. Stefano. Where did they go wrong? an analysis of the failure of knowledgeable internet consumers to detect deception over the internet. Group Decision and Negotiation, 13:149-172, March 2004.