The number of successful phishing attacks continues to be a common issue amongst users. Falling for one of these attacks can cause identity theft, eventually leading the attacker to easily access your email, social media accounts, banking accounts, and other personal and private information. Current training video methods and automation prove to be beneficial. However, improvements could help keep the number of successful attacks by clicking malicious links lower. In this paper, we investigate whether training amount and long-term memory affect the user's ability to identify malicious website links. We can determine whether current training methods are enough by testing a sample of users at various training levels and comparing the results to the same test with an extension asking top phishing red flag questions. Our hypothesis suggests that users of all training backgrounds would benefit from an easily accessible questionnaire to aid in identifying real emails from malicious ones. The results show that untrained, partially trained, and consistently trained users can determine whether most links are malicious and improve their ability to verify whether these results are accurate. In addition to current and future methods of detecting malicious links, this method helps users to identify malicious links quickly and ensure they are correct when in doubt.

Authors: Shannon M. Merchant, Aspen Olmsted

Published in: World Congress on Internet Security (WorldCIS-2022)

  • Date of Conference: 6-8 December 2022
  • DOI: 10.20533/WorldCIS.2022.0001
  • ISBN: 978-1-913572-56-3
  • Conference Location: London, UK