Perlgrin then repeated the experiment, showing a significant decrease in the susceptibility of his users.
In the end, some users were simply unable to learn, but not many.
Interestingly, this experiment was continually conducted, with respect to human psychology.
I tell people in the industry about this experiment as much as I can; two years later I am still very excited about it. User education is one of the biggest problems facing a security program, and when one shows to be so highly successful, it needs to be copied and reimplemented as much as possible.
"This is not a one-shot deal," Pelgrin says in the article mentioned above. "I've got to reinforce that behavioral change to make it permanent."
If you are successful with it, then please let me know how it worked out for you.
Follow Gadi Evron on Twitter: http://twitter.com/gadievron
Gadi Evron is an independent security strategist based in Israel. Special to Dark Reading.