学会不上钩:数字训练方法与过度学习对网络钓鱼易感性的纵向研究

Learning not to take the bait: a longitudinal examination of digital training methods and overlearning on phishing susceptibility

European Journal of Information Systems · 2021
被引 39
ABS 4

中文导读

通过纵向实验比较规则型与正念型数字训练,发现正念训练能更持久地降低网络钓鱼易感性,而过度学习虽有效但不如正念训练。

Abstract

As phishing becomes increasingly sophisticated and costly, interventions that improve and prolong resistance to attacks are needed. Previous research supported digital training as a method to reduce phishing susceptibility. However, the effects of training degrade with time. Therefore, we investigate overlearning as an approach that may increase skill retention through repetition and developing automaticity. We performed a longitudinal experiment crossing overlearning with anti-phishing digital training (rule-based, mindfulness, and control). Participants were tested using email identification tests (immediately following and 10 weeks after training) and mock phishing messages delivered to their inboxes (1 week and 8 weeks following training). Results showed that compared to rule-based training, mindfulness training resulted in significantly greater retention in terms of better email discrimination and less susceptibility to phishing attacks but similar levels of caution towards phishing after 2 months. Overlearning resulted in significantly less susceptibility to phishing attacks and more caution towards phishing compared to no overlearning but did not impact the digital training approaches. Even so, mindfulness was more beneficial compared to overlearning. Altogether, the results demonstrate the stability of the benefits of mindfulness training over time in terms of mitigating phishing susceptibility without influencing the chances of missing legitimate emails.

网络安全认知心理学行为干预网络钓鱼防御