Teaching Phishing-Security: Which Way is Best?

AuthorStockhardt, Simon; Reinheimer, Benjamin; Volkamer, Melanie; Mayer, Peter; Kunz, Alexandra; Rack, Philipp; Lehmann, Daniel
TypeConference Proceedings
AbstractEver more processes of our daily lives are shifting into the digital realm. Consequently, users face a variety of IT-security threats with possibly severe ramifications. It has been shown that technical measures alone are insufficient to counter all threats. For instance, it takes technical measures on average 32 hours before identifying and blocking phishing websites. Therefore, teaching users how to identify malicious websites is of utmost importance, if they are to be protected at all times. A number of ways to deliver the necessary knowledge to users exist. Among the most broadly used are instructor-based, computer-based and text-based training. We compare all three formats in the security context, or to be more precise in the context of anti-phishing training.
In31st International Conference on ICT Systems Security and Privacy Protection (IFIP SEC), p.135-149