Please use this identifier to cite or link to this item: https://doi.org/10.21256/zhaw-20346
Publication type: Article in scientific journal
Type of review: Peer review (publication)
Title: Don’t click : towards an effective anti-phishing training. A comparative literature review
Authors: Jampen, Daniel
Gür, Gürkan
Sutter, Thomas
Tellenbach, Bernhard
et. al: No
DOI: 10.1186/s13673-020-00237-7
10.21256/zhaw-20346
Published in: Human-centric Computing and Information Sciences
Volume(Issue): 10
Issue: 33
Issue Date: 9-Aug-2020
Publisher / Ed. Institution: Springer
ISSN: 2192-1962
Language: English
Subjects: Phishing; Phishing countermeasure; Anti-phishing training; Security awareness; Security training tool; Machine learning
Subject (DDC): 658.4: Executive Management
Abstract: Email is of critical importance as a communication channel for both business and personal matters. Unfortunately, it is also often exploited for phishing attacks. To defend against such threats, many organizations have begun to provide anti-phishing training programs to their employees. A central question in the development of such programs is how they can be designed sustainably and effectively to minimize the vulnerability of employees to phishing attacks. In this paper, we survey and categorize works that consider different elements of such programs via a clearly laid-out methodology, and identify key findings in the technical literature. Overall, we find that researchers agree on the answers to many relevant questions regarding the utility and effectiveness of anti-phishing training. However, we identified influencing factors, such as the impact of age on the success of anti-phishing training programs, for which mixed findings are available. Finally, based on our comprehensive analysis, we describe how a well-founded anti-phishing training program should be designed and parameterized with a set of proposed research directions.
URI: https://digitalcollection.zhaw.ch/handle/11475/20346
Fulltext version: Published version
License (according to publishing contract): CC BY 4.0: Attribution 4.0 International
Departement: School of Engineering
Organisational Unit: Institute of Applied Information Technology (InIT)
Published as part of the ZHAW project: OptiPhish - Effective and Measurable Phishing Awareness Training
Appears in collections:Publikationen School of Engineering

Files in This Item:
File Description SizeFormat 
2020_Jampen-etal_Effective-anti-phishing-training-literature-review.pdf2.93 MBAdobe PDFThumbnail
View/Open


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.