 Informing, simulating experience, or both: A field experiment on phishing risksAurélien Baillon (),
Jeroen de Bruin,
Aysil Emirmahmutoglu,
Evelien van de Veer and
Bram van Dijk
Post-Print from HAL Abstract: Cybersecurity cannot be ensured with mere technical solutions. Hackers often use fraudulent emails to simply ask people for their password to breach into organizations. This technique, called phishing, is a major threat for many organizations. A typical prevention measure is to inform employees but is there a better way to reduce phishing risks? Experience and feedback have often been claimed to be effective in helping people make better decisions. In a large field experiment involving more than 10,000 employees of a Dutch ministry, we tested the effect of information provision, simulated experience, and their combination to reduce the risks of falling into a phishing attack. Both approaches substantially reduced the proportion of employees giving away their password. Combining both interventions did not have a larger impact. Date: 2019-12-18 Published in PLoS ONE, 2019, 14 (12), 15 p. ⟨10.1371/journal.pone.0224216⟩ Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:hal:journl:hal-04325609 DOI: 10.1371/journal.pone.0224216 Access Statistics for this paper More papers in Post-Print from HAL |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.