Litcius/Paper detail

Learning not to take the bait: a longitudinal examination of digital training methods and overlearning on phishing susceptibility

Christopher Nguyen, Matthew L. Jensen, Eric Anthony Day

2021European Journal of Information Systems39 citationsDOI

Abstract

As phishing becomes increasingly sophisticated and costly, interventions that improve and prolong resistance to attacks are needed. Previous research supported digital training as a method to reduce phishing susceptibility. However, the effects of training degrade with time. Therefore, we investigate overlearning as an approach that may increase skill retention through repetition and developing automaticity. We performed a longitudinal experiment crossing overlearning with anti-phishing digital training (rule-based, mindfulness, and control). Participants were tested using email identification tests (immediately following and 10 weeks after training) and mock phishing messages delivered to their inboxes (1 week and 8 weeks following training). Results showed that compared to rule-based training, mindfulness training resulted in significantly greater retention in terms of better email discrimination and less susceptibility to phishing attacks but similar levels of caution towards phishing after 2 months. Overlearning resulted in significantly less susceptibility to phishing attacks and more caution towards phishing compared to no overlearning but did not impact the digital training approaches. Even so, mindfulness was more beneficial compared to overlearning. Altogether, the results demonstrate the stability of the benefits of mindfulness training over time in terms of mitigating phishing susceptibility without influencing the chances of missing legitimate emails.

Topics & Concepts

PhishingAutomaticityComputer scienceMindfulnessPsychologyApplied psychologyWorld Wide WebClinical psychologyCognitionThe InternetNeuroscienceSpam and Phishing DetectionDigital Mental Health InterventionsMental Health via Writing
Learning not to take the bait: a longitudinal examination of digital training methods and overlearning on phishing susceptibility | Litcius