Empirical Benefits of Training to Phishing Susceptibility

  • Ronald Dodge
  • Kathryn Coronges
  • Ericka Rovira
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 376)


Social engineering continues to be the most worrisome vulnerability to organizational networks, data, and services. The most successful form of social engineering is the practice of phishing. In the last several years, a multitude of phishing variations have been defined including pharming, spear phishing, and whaling. While each has a specific reason for its success, they all rely on a user failing to exercise due diligence and responsibility. In this paper, we report on a recent phishing experiments where the effects of training were evaluated as well as gathering demographic data to explore the susceptibility of given groups.


Social Engineering Notification Condition Server Error Security Training Advance Persistent Threat 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Downs, J., Holbrook, M., Lorrie, C.: Decision Strategies and Susceptibility to Phishing. In: Symposium on Usable Privacy and Security (2006)Google Scholar
  2. 2.
    Hicks, D.: Phishing and Pharming: Helping Consumers Avoid Internet Fraud. Communities and Banking, 29–31 (2005)Google Scholar
  3. 3.
    Stajano, F., Wilson, P.: Understanding scam victims:Seven principles for systems security. Commun. ACM 54(3), 70–75 (2011)CrossRefGoogle Scholar
  4. 4.
    The Anit Phishing Working Group 2011 Annual Report (accessed January 13, 2012),
  5. 5.
    Jagatic, T.N., Johnson, N.A., Jakobsson, M., Menczer, F.: Social phishing. Commun. ACM 50(10), 94–100 (2007)CrossRefGoogle Scholar
  6. 6.
    Markoff, J.: Larger prey are targets of phishing. New York Times (April 16, 2008),
  7. 7.
    Hong, J.: Why have there been so many security breaches recently? Blog@CACM (April 27, 2011),
  8. 8.
    Dodge, R., Ferguson, A.: Using Phishing for User Email Security Awareness. In: Proceedings of the 21st IFIP International Information Security Conference (May 2006)Google Scholar
  9. 9.
    Dodge, R., Rovira, E., Radwick, Z., Shevchik, J.: Phishing Awareness Exercises. In: Proceedings of the 15th Colloquium for Information Systems Security Education, June 13-15, pp. 120–125 (2011)Google Scholar
  10. 10.
    Coronges, K., Dodge, R., Mukina, C., Rovira, E., Radwick, Z., Shevchik, J.: The Influ-ences of Social Networks on Phishing Vulnerability. In: 2012 45th Hawaii International Conference on System Sciences, January 4-7, pp. 2366–2773 (2012)Google Scholar
  11. 11. (accessed Decemeber 15, 2011)

Copyright information

© IFIP International Federation for Information Processing 2012

Authors and Affiliations

  • Ronald Dodge
    • 1
  • Kathryn Coronges
    • 1
  • Ericka Rovira
    • 1
  1. 1.United States Military Academy, West PointNew YorkUSA

Personalised recommendations