Effectiveness of Online Anti-Phishing Delivery methods in raising Awareness among Internet Users.

Sammanfattning: ABSTRACT  Cyberattacks are constantly evolving and phishing activities have risen steeply in the last few years. As the number of online users is increasing so as the phishing attacks and scams are increasing too. It is even more surprising in the presence of the most sophisticated technical security measures and online users are continually becoming the victim of phishing attacks that causing financial and emotional loss. Phishing attacks involve deceiving a target user into revealing their most important personal information such as ID, password, username, bank card, or other sensitive information to the cybercriminals. The typical way to instigate a phishing attack by sending malicious emails that may contain malware or a link to a phishing website. It is evident from various phishing reports that despite the most sophisticated and expensive technical security measures, the phishing attacks are proved to be still successful. This is happening because phishing techniques bypass technical security measures and try to exploit vulnerabilities associated with human and use social engineering to reach its target. Therefore, in this situation, anti-phishing awareness is the most effective tool that can protect internet users against phishing attacks. Anti-phishing awareness material can be delivered in a number of methods; however, the effectiveness of these awareness delivery methods is an open question among the researcher community and the anti-phishing awareness program designers. Which method is more effective in anti-phishing awareness-raising, increasing overall users’ confidence in dealing with phishing emails, and which method users preferred more? In an attempt to address all these questions, we conducted experimental research involving online users with different demographic backgrounds. We design and deliver and online anti-phishing awareness-raising material in three formats, video-based, text-based, and infographic-based. We found all training methods significantly improve the accuracy rate of identifying phishing and genuine emails. The training decreased the false-negative rate and also reduced the false positive rate among the participants of all training groups when compared with a control group. However, our study did not find one awareness delivery method significantly more effective than other methods in transferring knowledge. However, the study found video and infographic methods as most preferred by the users. This study also found an interesting result that the difference between the accuracy of identifying phishing emails of participants who received training in their preferred learning method and the accuracy of participants who received training in other methods was not significantly different. These results serve researchers, students, organizations, cybersecurity expert, and security awareness program designers, who are interested in understating the relationship between different awareness rising delivery methods and their effectiveness in educating internet users about prevention from phishing attacks.