Training Users to Identify Phishing Emails

Phishing emails pose a serious threat to individuals and organizations. Users’ ability to identify phishing emails is critical to avoid becoming victims of these attacks. The current study examined the effectiveness of a short online phishing training program designed to help users identify phishing emails. Half of the participants were in the training group and the other half worked on a control filler task. The training group’s sensitivity (d′) at correctly classifying emails as legitimate or phishing increased by 1.14 whereas the control group’s sensitivity increased by only 0.48. This difference in d' changes was significant, t(38) = 2.05, p = .048. This improvement in performance was likely due to users learning how to check reliable cues and interpret them. Despite a sizeable improvement in detecting phishing emails, the training group correctly classified only about two-thirds of phishing emails. Accordingly, a short training program appears beneficial, but a more comprehensive training program would be needed to reduce vulnerability to an acceptable level.