Email is of critical importance as a communication channel for both business and personal matters. Unfortunately, it is also often exploited for phishing attacks. To defend against such threats, many organizations have begun to provide anti-phishing training programs to their employees. A central question in the development of such programs is how they can be designed sustainably and effectively to minimize the vulnerability of employees to phishing attacks. In this paper, we survey and categorize works that consider different elements of such programs via a clearly laid-out methodology, and identify key findings in the technical literature. Overall, we find that researchers agree on the answers to many relevant questions regarding the utility and effectiveness of anti-phishing training. However, we identified influencing factors, such as the impact of age on the success of anti-phishing training programs, for which mixed findings are available. Finally, based on our comprehensive analysis, we describe how a well-founded anti-phishing training program should be designed and parameterized with a set of proposed research directions.

Schlagwörter

Phishing, Phishing countermeasure, Anti-phishing training, Security awareness, Security training tool, Machine learning

Alle Metadaten

Don’t click : towards an effective anti-phishing training. A comparative literature review

Dateien

Lizenz

Autor:innen

Herausgeber:innen

Betreuer:innen

Erfinder:innen

Patentanmelder

Anmeldedatum

Publikationsdatum

ZHAW-Projekt

Departement

Organisationseinheit

Publikationstyp

Begutachtung

DOI

Konferenz

Übergeordnetes Werk

Tagungsband

Zitierform

Band – Heft – Seitenzahlen - Artikelnummer

Reihe

Verlag

ISBN

Patentnummer

Veröffentlicht als

Link

Zusammenfassung

Beschreibung

Schlagwörter

Zugehörige Publikationen

Zugehörige Forschungsdaten

Zitieren