Abstract
Phishing is the most common attack vector for initial access. Current defenses such as spam filters and self-reporting phishing are unfortunately insufficient. Past research has found that gender may impact the perception of risk and that background may impact an individual's susceptibility to phishing threats. However, no previous research has empirically measured the role of the trainer's gender in identifying and assessing the risk of phishing. To address this gap, we designed a novel experimental setup focused on the trainer and surveyed 145 students at two universities. By adopting a controlled approach with AI-generated trainers we measured (a) the effect of gender and background on the perception of the trainer and (b) the effect of gender and background on identifying and assessing phishing risks. We found that background has a significant impact on the identification and assessment of phishing risks and that no gender bias was present towards the trainer in either a technical or non-technical population.
Original language | English |
---|---|
Title of host publication | Proceedings of 2024 28th International Conference on Evaluation and Assessment in Software Engineering, EASE 2024 |
Publisher | Association for Computing Machinery |
Pages | 130-139 |
Number of pages | 10 |
ISBN (Electronic) | 9798400717017 |
DOIs | |
Publication status | Published - 18 Jun 2024 |
Event | 28th International Conference on Evaluation and Assessment in Software Engineering, EASE 2024 - Salerno, Italy Duration: 18 Jun 2024 → 21 Jun 2024 Conference number: 28 |
Conference
Conference | 28th International Conference on Evaluation and Assessment in Software Engineering, EASE 2024 |
---|---|
Abbreviated title | EASE 2024 |
Country/Territory | Italy |
City | Salerno |
Period | 18/06/24 → 21/06/24 |