Sign In

Communications of the ACM

ACM TechNews

People Are Overconfident About Identifying Phishing Emails


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
People think they are much better at identifying phishing emails than they actually are.

Research by Missouri University of Science and Technology (Missouri S&T) and Carnegie Mellon University scientists suggests people may be overconfident in their ability to identify email phishing scams.

Credit: Missouri University of Science and Technology

A study by Missouri University of Science and Technology (Missouri S&T) and Carnegie Mellon University scientists suggests that people may be overconfident in their ability to identify email phishing scams.

Study subjects viewed a series of legitimate and phishing emails, and answered questions to rate their differentiation skills; the investigators then had them rate their own confidence in making those calls.

Participants who were 90% to 99% confident they had correctly identified an email in fact only identified phishing emails correctly about 56% of the time.

Missouri S&T's Casey Canfield said the computers of subjects with better metacognition usually were better protected, which implies that sending more phishing emails could potentially improve their ability to distinguish scams from authentic emails.

Canfield thinks employers could improve workers' savvy in identifying phishing by regularly sending them bogus emails and providing feedback.

From Missouri S&T News
View Full Article

 

Abstracts Copyright © 2019 SmithBucklin, Washington, DC, USA


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account