1. Informing, simulating experience, or both: A field experiment on phishing risks.
- Author
-
Baillon, Aurélien, de Bruin, Jeroen, Emirmahmutoglu, Aysil, van de Veer, Evelien, and van Dijk, Bram
- Subjects
- *
PHISHING , *EXPERIENCE - Abstract
Cybersecurity cannot be ensured with mere technical solutions. Hackers often use fraudulent emails to simply ask people for their password to breach into organizations. This technique, called phishing, is a major threat for many organizations. A typical prevention measure is to inform employees but is there a better way to reduce phishing risks? Experience and feedback have often been claimed to be effective in helping people make better decisions. In a large field experiment involving more than 10,000 employees of a Dutch ministry, we tested the effect of information provision, simulated experience, and their combination to reduce the risks of falling into a phishing attack. Both approaches substantially reduced the proportion of employees giving away their password. Combining both interventions did not have a larger impact. [ABSTRACT FROM AUTHOR]
- Published
- 2019
- Full Text
- View/download PDF