Simulated Phishing Attack and Embedded Training Campaign

William Yeoh; He Huang; Wang-Sheng Lee; Fadi Al Jafari; Rachel Mansson

doi:10.1080/08874417.2021.1919941

Simulated Phishing Attack and Embedded Training Campaign

William Yeoh
, He Huang
, Wang-Sheng Lee
, Fadi Al Jafari
, Rachel Mansson

Management and Strategy

Research output: Contribution to journal › Article › peer-review

43 Citations (Scopus)

Abstract

Phishing attacks are costly for both organizations and individuals, yet existing academic research has provided little guidance on how to strategize and implement a combined phishing awareness and training campaign. Drawing on operant conditioning theory, we conduct an in-depth case study on a large phishing awareness campaign and reveal that phishing awareness is a learning process through which individuals’ behavior can be strengthened by reinforcement and punishment. Based on the case study findings, we present several propositions for cybersecurity stakeholders. This study contributes to the phishing awareness literature and has implications for research and practice. This paper is useful for organizations planning or in the process of implementing or reviewing a phishing awareness and education program.

Original language	English
Pages (from-to)	802-821
Number of pages	20
Journal	Journal of Computer Information Systems
Volume	62
Issue number	4
DOIs	https://doi.org/10.1080/08874417.2021.1919941
Publication status	Published - 4 Jul 2022

Keywords

Cybersecurity
embedded training
phishing awareness
phishing education
simulated phishing attack

Access to Document

10.1080/08874417.2021.1919941

Cite this

@article{4ab866b7571b4991a4f89e82b20b084c,

title = "Simulated Phishing Attack and Embedded Training Campaign",

abstract = "Phishing attacks are costly for both organizations and individuals, yet existing academic research has provided little guidance on how to strategize and implement a combined phishing awareness and training campaign. Drawing on operant conditioning theory, we conduct an in-depth case study on a large phishing awareness campaign and reveal that phishing awareness is a learning process through which individuals{\textquoteright} behavior can be strengthened by reinforcement and punishment. Based on the case study findings, we present several propositions for cybersecurity stakeholders. This study contributes to the phishing awareness literature and has implications for research and practice. This paper is useful for organizations planning or in the process of implementing or reviewing a phishing awareness and education program.",

keywords = "Cybersecurity, embedded training, phishing awareness, phishing education, simulated phishing attack",

author = "William Yeoh and He Huang and Wang-Sheng Lee and \{Al Jafari\}, Fadi and Rachel Mansson",

note = "Publisher Copyright: {\textcopyright} 2021 International Association for Computer Information Systems.",

year = "2022",

month = jul,

day = "4",

doi = "10.1080/08874417.2021.1919941",

language = "English",

volume = "62",

pages = "802--821",

number = "4",

}

TY - JOUR

T1 - Simulated Phishing Attack and Embedded Training Campaign

AU - Yeoh, William

AU - Huang, He

AU - Lee, Wang-Sheng

AU - Al Jafari, Fadi

AU - Mansson, Rachel

PY - 2022/7/4

Y1 - 2022/7/4

N2 - Phishing attacks are costly for both organizations and individuals, yet existing academic research has provided little guidance on how to strategize and implement a combined phishing awareness and training campaign. Drawing on operant conditioning theory, we conduct an in-depth case study on a large phishing awareness campaign and reveal that phishing awareness is a learning process through which individuals’ behavior can be strengthened by reinforcement and punishment. Based on the case study findings, we present several propositions for cybersecurity stakeholders. This study contributes to the phishing awareness literature and has implications for research and practice. This paper is useful for organizations planning or in the process of implementing or reviewing a phishing awareness and education program.

AB - Phishing attacks are costly for both organizations and individuals, yet existing academic research has provided little guidance on how to strategize and implement a combined phishing awareness and training campaign. Drawing on operant conditioning theory, we conduct an in-depth case study on a large phishing awareness campaign and reveal that phishing awareness is a learning process through which individuals’ behavior can be strengthened by reinforcement and punishment. Based on the case study findings, we present several propositions for cybersecurity stakeholders. This study contributes to the phishing awareness literature and has implications for research and practice. This paper is useful for organizations planning or in the process of implementing or reviewing a phishing awareness and education program.

KW - Cybersecurity

KW - embedded training

KW - phishing awareness

KW - phishing education

KW - simulated phishing attack

UR - https://www.scopus.com/pages/publications/85107745571

U2 - 10.1080/08874417.2021.1919941

DO - 10.1080/08874417.2021.1919941

M3 - Article

SN - 0887-4417

VL - 62

SP - 802

EP - 821

JO - Journal of Computer Information Systems

JF - Journal of Computer Information Systems

IS - 4

ER -

Simulated Phishing Attack and Embedded Training Campaign

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this