Download This PaperQuantifying Susceptibility to Spear Phishing in a High School Environment Using Signal Detection Theory
Proceedings of the Fourteenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2020)
10 Pages Posted: 7 Jul 2020 Last revised: 8 Jul 2020
Date Written: July 8, 2020
Abstract
Spear phishing is a deceptive attack that uses social engineering to obtain confidential information through targeted victimization. It is distinguished by its use of social cues and personalized information to target specific victims. Previous work on resilience to spear phishing has focused on convenience samples, with a disproportionate focus on students. In contrast, here, we report on an evaluation of a high school community. We engaged 57 high school students and faculty members (12 high school students, 45 staff members) as participants in research utilizing signal detection theory (SDT). Through scenario-based analysis, participants tasked with distinguishing phishing emails from authentic emails. The results revealed an overconfidence bias in self-detection from the participants, regardless of their technical background. These findings are critical for evaluating the decision making of underrepresented populations and protecting people from potential spear phishing attacks by examining human susceptibility.
Keywords: Phishing, Spear Phishing, High School, User Study, Usable Security
Suggested Citation: Suggested Citation
