Exploring the Evidence for Email Phishing Training: A Scoping Review
Date
2023
Authors
Marshall, Nina
Editors
Advisors
Journal Title
Journal ISSN
Volume Title
Type:
Thesis
Citation
Statement of Responsibility
Conference Name
Abstract
Background: Phishing emails are a pervasive threat to the security of confidential information worldwide. To mitigate this risk, a wide range of training measures have been developed to target the human factors involved in phishing email susceptibility. Despite the importance and widespread use of anti-phishing training programs, there is no clear understanding of the various approaches that are used, and the extent to which these approaches have been assessed. Objective: The primary aim of this scoping review was to identify and describe the nature of available training interventions and their measurable outcomes on user susceptibility, as reported in published articles. Methods: Systematic searches using predefined keywords within PsycINFO, PubMed (MEDLINE) and Web of Science identified 42 studies that met the inclusion criteria. Each included study was critically analysed, and a standardised data extraction spreadsheet used to systemise the data that informed the descriptive narrative review. Results: Findings revealed that near-term training impact is well documented, however evidence on the success of programs in driving sustained behavioural change is limited. Components of training design influencing the effectiveness of outcomes included training intensity, active approaches to learning, the provision of detailed feedback, and supplementing attentional awareness skills-based training with traditional cue-based approaches. Conclusions: Improved user resilience to phishing emails confirms the utility of training as an important defensive mechanism, although current approaches leave approximately 20% of users at risk. Findings provide useful clarity in respect of what is known and where there are prominent gaps in the evidence base, alongside directions for future research. Keywords: phishing email, phishing susceptibility, training, cybersecurity, human cognition
School/Discipline
School of Psychology
Dissertation Note
Thesis (M.Psych(Organisational & Human Factors)) -- University of Adelaide, School of Psychology, 2023
Provenance
This electronic version is made publicly available by the University of Adelaide in accordance with its open access policy for student theses.
Copyright in this thesis remains with the author. This thesis may incorporate third party material which has been used by the author pursuant to Fair Dealing exceptions. If you are the author of this thesis and do not wish it to be made publicly available, or you are the owner of any included third party copyright material you wish to be removed from this electronic version, please complete the take down form located at: http://www.adelaide.edu.au/legals
Description
This item is only available electronically.