Informing, simulating experience, or both: A field experiment on phishing risks.

Aurélien Baillon; Jeroen de Bruin; Aysil Emirmahmutoglu; Evelien van de Veer; Bram van Dijk

doi:10.1371/journal.pone.0224216

PLoS ONE (Jan 2019)

Informing, simulating experience, or both: A field experiment on phishing risks.

Aurélien Baillon,
Jeroen de Bruin,
Aysil Emirmahmutoglu,
Evelien van de Veer,
Bram van Dijk

Affiliations

Aurélien Baillon
Jeroen de Bruin
Aysil Emirmahmutoglu
Evelien van de Veer
Bram van Dijk

DOI: https://doi.org/10.1371/journal.pone.0224216
Journal volume & issue: Vol. 14, no. 12
p. e0224216

Abstract

Read online

Cybersecurity cannot be ensured with mere technical solutions. Hackers often use fraudulent emails to simply ask people for their password to breach into organizations. This technique, called phishing, is a major threat for many organizations. A typical prevention measure is to inform employees but is there a better way to reduce phishing risks? Experience and feedback have often been claimed to be effective in helping people make better decisions. In a large field experiment involving more than 10,000 employees of a Dutch ministry, we tested the effect of information provision, simulated experience, and their combination to reduce the risks of falling into a phishing attack. Both approaches substantially reduced the proportion of employees giving away their password. Combining both interventions did not have a larger impact.

Published in PLoS ONE

ISSN: 1932-6203 (Online)
Publisher: Public Library of Science (PLoS)
Country of publisher: United States
LCC subjects: Medicine; Science
Website: https://journals.plos.org/plosone/

About the journal