Using Breach and Attack Demonstrations to Explain Spear Phishing Attacks to Young Adults

Curtis Briddick, Pam Briggs, James Nicholson

Research output: Chapter in Book/Report/Conference proceedingChapterpeer-review

65 Downloads (Pure)

Abstract

Phishing attacks continue to thrive despite continued efforts to inform citizens about their dangers and how to enact protective behaviours. Demonstrations have been shown to help enhance student learning in various disciplines, yet these have not been explored in a security context with lay individuals. We designed and delivered a Breach and Attack Demonstration (BAD) of spear phishing to 10 lay younger adults (18-24) to explore their perceptions of this method as an awareness tool and to capture any long-lasting impressions. Based on semi-structured interviews and survey responses 6 months after the demonstrations, we found that participants were surprised at how simple spear phishing attacks were to enact and this impression persevered 6 months following the BAD. We discuss the benefits and drawbacks of using BADs as an interactive awareness tool, concluding with recommendations for the design of such demon- strations for lay individuals.
Original languageEnglish
Title of host publicationInformation Security Education - Challenges in the Digital Age (WISE 2024)
EditorsLynette Drevin, Wai Sze Leung, Suné von Solms
Place of PublicationCham
PublisherSpringer
Pages65-80
Number of pages16
ISBN (Electronic)9783031629181
ISBN (Print)9783031629174
DOIs
Publication statusPublished - 11 Jun 2024
EventWorld Conference on Information Security Education - Edinburgh, United Kingdom
Duration: 12 Jun 202414 Jun 2024
https://www.ifiptc11.org/wg118-wise

Publication series

NameIFIP Advances in Information and Communication Technology
PublisherSpringer
Volume707
ISSN (Print)1868-4238
ISSN (Electronic)1868-422X

Conference

ConferenceWorld Conference on Information Security Education
Abbreviated titleWISE
Country/TerritoryUnited Kingdom
CityEdinburgh
Period12/06/2414/06/24
Internet address

Keywords

  • phishing
  • demonstrations
  • young adults

Cite this