Communications of the ACM

Home/News/People Are Overconfident About Identifying Phishing.../Full Text

ACM TechNews

People Are Overconfident About Identifying Phishing Emails

By Missouri S&T News
October 4, 2019
Comments

View as: Print Mobile App Share:

People think they are much better at identifying phishing emails than they actually are. — Research by Missouri University of Science and Technology (Missouri S&T) and Carnegie Mellon University scientists suggests people may be overconfident in their ability to identify email phishing scams.

Credit: Missouri University of Science and Technology

A study by Missouri University of Science and Technology (Missouri S&T) and Carnegie Mellon University scientists suggests that people may be overconfident in their ability to identify email phishing scams.

Study subjects viewed a series of legitimate and phishing emails, and answered questions to rate their differentiation skills; the investigators then had them rate their own confidence in making those calls.

Participants who were 90% to 99% confident they had correctly identified an email in fact only identified phishing emails correctly about 56% of the time.

Missouri S&T's Casey Canfield said the computers of subjects with better metacognition usually were better protected, which implies that sending more phishing emails could potentially improve their ability to distinguish scams from authentic emails.

Canfield thinks employers could improve workers' savvy in identifying phishing by regularly sending them bogus emails and providing feedback.

From Missouri S&T News
View Full Article

No entries found

People Are Overconfident About Identifying Phishing Emails

Your Body Is Your Next Security Key

Internet of Things Security and Privacy Labels Should Empower Consumers

Are You Confident in Your Backups?