Study Finds Young People Most Susceptible To Phishing Attacks

People in the 18-25 age group were more prone to consistently falling for phishing emails than older participants

April 30, 2010

2 Min Read


PITTSBURGH, PA April 29, 2010 " The results of a recent study of 515 Carnegie Mellon University faculty, staff, and students led by Wombat Security Technologies' co-founders Dr. Lorrie Cranor and Dr. Jason Hong revealed that 18-25 year olds were consistently more vulnerable to phishing attacks than older participants.

The study involved sending the participants fake spear phishing emails that contained a phishing URL. When they clicked on the simulated phishing link, they were shown cartoons telling them about phishing and how to avoid similar spear phishing attacks in the future. All participants were sent a series of three legitimate and seven simulated spear phishing emails over 28 days.

Drs. Cranor and Hong analyzed user demographics to see if age was a factor in susceptibility to phishing. Their findings show that people in the 18-25 age group were more prone to consistently falling for phishing emails than older participants, though all age groups exhibited alarming levels of vulnerability with the average likelihood of someone falling for a spear phishing attack at 46.4 percent.

The tools used in this study have been incorporated into Wombat's PhishGuru service, a unique anti-phishing training solution that allows organizations to train their users by sending them fake spear phishing emails. When a user falls for a simulated attack and clicks on the URL, PhishGuru takes advantage of the "teachable moment" to pop up engaging training in the form of a cartoon that offers steps to avoid falling for these attacks. With PhishGuru, system administrators can craft monthly or quarterly email campaigns, select among a number of training messages, and assess the vulnerability of their users.

"This approach can be used to introduce users to new threats and train those who are most susceptible to phishing attacks," said Dr. Norman Sadeh, CEO and co-founder of Wombat. The study also showed that users trained with Wombat's PhishGuru service retain knowledge even after 28 days, and adding follow-up training once a month decreases the likelihood of users falling for a phishing attack by 50 percent or more.

About Wombat Security Technologies

Wombat Security Technologies was originally launched to market novel cyber security training and filtering solutions that were originally developed at Carnegie Mellon University. With its solutions now licensed for use by millions of users across North America, Europe, and Asia, Wombat Security Technologies has established itself as a global leader in cyber security awareness and training. Wombat's products are used in sectors as diverse as finance, government, telecom, health care, retail, education, transportation & utilities, IT and the service industry.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights