Informing, simulating experience, or both: A field experiment on phishing risks

被引：25

作者：

Baillon, Aurellen ^{[1
]}

de Bruin, Jeroen ^{[1
]}

Emirmahmutoglu, Aysil ^{[1
]}

van de Veer, Evelien ^{[2
]}

van Dijk, Bram ^{[2
]}

机构：

[1] Erasmus Univ, Erasmus Sch Econ, Rotterdam, Netherlands

[2] Minist Econ Affairs & Climate Policy, The Hague, Netherlands

来源：

PLOS ONE | 2019年 / 14卷 / 12期

关键词：

USERS;

D O I：

10.1371/journal.pone.0224216

中图分类号：

O [数理科学和化学]; P [天文学、地球科学]; Q [生物科学]; N [自然科学总论];

学科分类号：

07 ; 0710 ; 09 ;

摘要：

Cybersecurity cannot be ensured with mere technical solutions. Hackers often use fraudulent emails to simply ask people for their password to breach into organizations. This technique, called phishing, is a major threat for many organizations. A typical prevention measure is to inform employees but is there a better way to reduce phishing risks? Experience and feedback have often been claimed to be effective in helping people make better decisions. In a large field experiment involving more than 10,000 employees of a Dutch ministry, we tested the effect of information provision, simulated experience, and their combination to reduce the risks of falling into a phishing attack. Both approaches substantially reduced the proportion of employees giving away their password. Combining both interventions did not have a larger impact.

引用

页数：15

共 32 条

[1] A qualitative study of users' view on information security [J].

Albrechtsen, Eirik .

COMPUTERS & SECURITY, 2007, 26 (04) :276-289

[2] Why phishing still works: User strategies for combating phishing attacks [J].

Alsharnouby, Mohamed ;

Alaca, Furkan ;

Chiasson, Sonia .

INTERNATIONAL JOURNAL OF HUMAN-COMPUTER STUDIES, 2015, 82 :69-82

[3]

[Anonymous], 2006, P 2 S US PRIV SEC SO, DOI DOI 10.1145/1143120.1143131

[4] Security awareness of computer users: A phishing threat avoidance perspective [J].

Arachchilage, Nalin Asanka Gamagedara ;

Love, Steve .

COMPUTERS IN HUMAN BEHAVIOR, 2014, 38 :304-312

[5]

Bada M., 2015, International Conference on Cyber Security for Sustainable Society, pp, P118

[6] Phishing mongers and posers [J].

Berghel, H .

COMMUNICATIONS OF THE ACM, 2006, 49 (04) :21-25

[7]

Blythe M, 2011, 29TH ANNUAL CHI CONFERENCE ON HUMAN FACTORS IN COMPUTING SYSTEMS, P3469

[8]

Bowen B. M., 2011, 2011 IEEE International Conference on Technologies for Homeland Security (HST 2011), P230, DOI 10.1109/THS.2011.6107876

[9]

Bulgurcu B, 2010, MIS QUART, V34, P523

[10] What Kind of Interventions Can Help Users from Falling for Phishing Attempts: A Research Proposal for Examining Stage-Appropriate Interventions [J].

Burns, Mary B. ;

Durcikov, Alexandra ;

Jenkins, Jeffrey L. .

PROCEEDINGS OF THE 46TH ANNUAL HAWAII INTERNATIONAL CONFERENCE ON SYSTEM SCIENCES, 2013, :4023-4032

← 1 2 3 4 →