Does trainer gender make a difference when delivering phishing training? A new experimental design to capture bias

André Palheiros Da Silva, Winnie Mbaka, Johann Mayer, Jan Willem Bullee, Katja Tuma

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

37 Downloads (Pure)

Abstract

Phishing is the most common attack vector for initial access. Current defenses such as spam filters and self-reporting phishing are unfortunately insufficient. Past research has found that gender may impact the perception of risk and that background may impact an individual's susceptibility to phishing threats. However, no previous research has empirically measured the role of the trainer's gender in identifying and assessing the risk of phishing. To address this gap, we designed a novel experimental setup focused on the trainer and surveyed 145 students at two universities. By adopting a controlled approach with AI-generated trainers we measured (a) the effect of gender and background on the perception of the trainer and (b) the effect of gender and background on identifying and assessing phishing risks. We found that background has a significant impact on the identification and assessment of phishing risks and that no gender bias was present towards the trainer in either a technical or non-technical population.

Original languageEnglish
Title of host publicationProceedings of 2024 28th International Conference on Evaluation and Assessment in Software Engineering, EASE 2024
PublisherAssociation for Computing Machinery
Pages130-139
Number of pages10
ISBN (Electronic)9798400717017
DOIs
Publication statusPublished - 18 Jun 2024
Event28th International Conference on Evaluation and Assessment in Software Engineering, EASE 2024 - Salerno, Italy
Duration: 18 Jun 202421 Jun 2024
Conference number: 28

Conference

Conference28th International Conference on Evaluation and Assessment in Software Engineering, EASE 2024
Abbreviated titleEASE 2024
Country/TerritoryItaly
CitySalerno
Period18/06/2421/06/24

Fingerprint

Dive into the research topics of 'Does trainer gender make a difference when delivering phishing training? A new experimental design to capture bias'. Together they form a unique fingerprint.

Cite this