The study involved sending the participants fake spear phishing emails that contained a phishing URL. When they clicked on the simulated phishing link, they were shown cartoons telling them about phishing and how to avoid similar spear phishing attacks in the future. All participants were sent a series of three legitimate and seven simulated spear phishing emails over 28 days.
Drs. Cranor and Hong analyzed user demographics to see if age was a factor in susceptibility to phishing. Their findings show that people in the 18-25 age group were more prone to consistently falling for phishing emails than older participants, though all age groups exhibited alarming levels of vulnerability with the average likelihood of someone falling for a spear phishing attack at 46.4 percent.
The tools used in this study have been incorporated into Wombat's PhishGuru service, a unique anti-phishing training solution that allows organizations to train their users by sending them fake spear phishing emails. When a user falls for a simulated attack and clicks on the URL, PhishGuru takes advantage of the "teachable moment" to pop up engaging training in the form of a cartoon that offers steps to avoid falling for these attacks. With PhishGuru, system administrators can craft monthly or quarterly email campaigns, select among a number of training messages, and assess the vulnerability of their users.
"This approach can be used to introduce users to new threats and train those who are most susceptible to phishing attacks," said Dr. Norman Sadeh, CEO and co-founder of Wombat. The study also showed that users trained with Wombat's PhishGuru service retain knowledge even after 28 days, and adding follow-up training once a month decreases the likelihood of users falling for a phishing attack by 50 percent or more.
About Wombat Security Technologies
Wombat Security Technologies was originally launched to market novel cyber security training and filtering solutions that were originally developed at Carnegie Mellon University. With its solutions now licensed for use by millions of users across North America, Europe, and Asia, Wombat Security Technologies has established itself as a global leader in cyber security awareness and training. Wombat's products are used in sectors as diverse as finance, government, telecom, health care, retail, education, transportation & utilities, IT and the service industry.