Phishing Training Ineffective, Study Finds
A recent study, accepted for publication at the IEEE Symposium on Security and Privacy (S&P 2025), has shed light on the effectiveness of phishing training. The research team, led by Justin Petelka, Benjamin Berens, Carlo Sugatan, Melanie Volkamer, and Florian Schaub, found that while training can help, it may not be as effective as previously thought.
Over an eight-month period, the team observed that typical lure messages were less successful in tricking users. However, a significant number, nearly a third, were fooled by announcements about company changes. This highlights the importance of considering the context and content of phishing attempts.
The study also revealed that better-crafted messages were more effective in duping victims. This suggests that phishers' sophistication poses a real threat. Only 19% of users who engaged with training materials were less likely to fall victim to an attack, indicating that current training methods may not be adequate.
An email informing users they received a speeding ticket led to a 20% failure rate, demonstrating that even seemingly innocuous messages can be effective phishing tools. The average improvement rate of falling victim to phishing across nearly 20,000 subjects was a mere 1.7%, further underscoring the limited impact of current training methods.
The study suggests that cybersecurity training for users may not be as effective as expected. While it can help, the improvement is modest. The team recommends more research to enhance the effectiveness of phishing training, as the threat of phishing attacks continues to grow.
Read also:
- Trump announces Chinese leader's confirmation of TikTok agreement
- U.S. Army Europe & Africa Bolsters NATO, African Partnerships in Phase Zero
- SpaceX & T-Mobile Activate Starlink for Hurricane Helene Connectivity
- Hackers Utilize GOLD SALEM to Infiltrate Networks and Evade Security Measures, Deploying Warlock Ransomware
