Using Breach and Attack Demonstrations to Explain Spear Phishing Attacks to Young Adults

Curtis Briddick, Pam Briggs, James Nicholson

Research output: Contribution to conferencePaperpeer-review

7 Downloads (Pure)


Phishing attacks continue to thrive despite continued efforts to inform citizens about their dangers and how to enact protective behaviours. Demonstrations have been shown to help enhance student learning in various disciplines, yet these have not been explored in a security context with lay individuals. We designed and delivered a Breach and Attack Demonstration (BAD) of spear phishing to 10 lay younger adults (18-24) to explore their perceptions of this method as an awareness tool and to capture any long-lasting impressions. Based on semi-structured interviews and survey responses 6 months after the demonstrations, we found that participants were surprised at how simple spear phishing attacks were to enact and this impression persevered 6 months following the BAD. We discuss the benefits and drawbacks of using BADs as an interactive awareness tool, concluding with recommendations for the design of such demon- strations for lay individuals.
Original languageEnglish
Publication statusAccepted/In press - 13 Apr 2024
EventWorld Conference on Information Security Education - Edinburgh, United Kingdom
Duration: 12 Jun 202414 Jun 2024


ConferenceWorld Conference on Information Security Education
Abbreviated titleWISE
Country/TerritoryUnited Kingdom
Internet address

Cite this