People may not be as cyber-savvy as they believe they are when it comes to identifying email phishing scams, according to Missouri S&T researchers. But employers may benefit from teaching employees how to spot phishing by regularly sending them fake phishing emails.
Phishing is a method of gathering personal information,banking and credit card details, and passwords through links in messages, thaton the surface, appear to be legitimate.
Missouri S&T researcher, Dr. Casey Canfield, has examined people’s understanding of their ability to detect phishing emails. Photo by Sam O’Keefe/Missouri S&T
“You should just be pretty suspicious in general with email,” says Dr. Casey Canfield, Missouri S&T assistant professor of engineering management and systems engineering. “People definitely tended to be overconfident in their ability to spot phishing emails.”
Canfield’s latest study, published with open access this month in the journal Metacognition and Learning, examined metacognition metrics around phishing – or individuals’ understanding of their ability to detect phishing emails. Canfield worked with Carnegie Mellon University colleagues Baruch Fischhoff and Alex Davis on the study, which measured how well people’s confidence in their ability to detect phishing matched with reality.
Study participants viewed a series of legitimate andphishing emails and answered questions to determine if they could identify thetwo types. Researchers then asked how confident they were about their answer,and how negative the consequences would be if they missed a phishing email.
The researchers found that when people were 90-99% confidentthey had correctly identified an email as either phishing or legitimate, they onlyidentified phishing emails correctly about 56% of the time.
Canfield then took the research a step further by comparingtheir answers with what was actually happening on their home computers. Theresearchers used d ..
Support the originator by clicking the read the rest link below.
