How Effective is Anti-Phishing Training for Children? (Distinguished Paper Award)

E.E.H. Lastdrager, Inés Ramona Carvajal Gallardo, Pieter H. Hartel, Marianne Junger

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

47 Downloads (Pure)


User training is a commonly used method for preventing victimization from phishing attacks. In this study, we focus on training children, since they are active online but often overlooked in interventions. We present an experiment in which children at Dutch primary schools received an anti-phishing training. The subjects were subsequently tested for their ability to distinguish phishing from non-phishing. A control group was used to control for external effects. Furthermore, the subjects received a re-test after several weeks to measure how well the children retained the training. The training improved the children's overall score by 14%. The improvement was mostly caused by an increased score on the questions where they had to detect phishing. The score on recognizing legitimate emails was not affected by the training. We found that the improved phishing score returned to pre-training levels after four weeks. Conversely, the score of recognition of legitimate emails increased over time. After four weeks, trained pupils scored significantly better in recognizing legitimate emails than their untrained counterparts. Age had a positive effect on the score (i.e., older children scored higher than younger ones); but sex had no significant influence. In conclusion, educating children to improve their ability to detect phishing works in the short term only. However, children go to school regularly, making it easier to educate them than adults. An increased focus on the cybersecurity of children is essential to improve overall cybersecurity in the future.
Original languageEnglish
Title of host publicationThirteenth Symposium on Usable Privacy and Security (SOUPS 2017)
PublisherUSENIX Association
Number of pages11
ISBN (Electronic)978-1-931971-39-3
Publication statusPublished - 14 Jul 2017
EventThirteenth Symposium on Usable Privacy and Security (SOUPS 2017) - Hyatt Regency Santa Clara, Santa Clara, United States
Duration: 12 Jul 201714 Jul 2017
Conference number: 13


ConferenceThirteenth Symposium on Usable Privacy and Security (SOUPS 2017)
Abbreviated titleSOUPS 2017
Country/TerritoryUnited States
CitySanta Clara
Internet address


  • Phishing
  • Training
  • Children


Dive into the research topics of 'How Effective is Anti-Phishing Training for Children? (Distinguished Paper Award)'. Together they form a unique fingerprint.

Cite this