How Effective is Anti-Phishing Training for Children?:(Distinguished Paper Award)

User training is a commonly used method for preventing victimization from phishing attacks. In this study, we focus on training children, since they are active online but often overlooked in interventions. We present an experiment in which children at Dutch primary schools received an anti-phishing training. The subjects were subsequently tested for their ability to distinguish phishing from non-phishing. A control group was used to control for external effects. Furthermore, the subjects received a re-test after several weeks to measure how well the children retained the training. The training improved the children's overall score by 14%. The improvement was mostly caused by an increased score on the questions where they had to detect phishing. The score on recognizing legitimate emails was not affected by the training. We found that the improved phishing score returned to pre-training levels after four weeks. Conversely, the score of recognition of legitimate emails increased over time. After four weeks, trained pupils scored significantly better in recognizing legitimate emails than their untrained counterparts. Age had a positive effect on the score (i.e., older children scored higher than younger ones); but sex had no significant influence. In conclusion, educating children to improve their ability to detect phishing works in the short term only. However, children go to school regularly, making it easier to educate them than adults. An increased focus on the cybersecurity of children is essential to improve overall cybersecurity in the future

Consistency Analysis of Network Traffic Repositories

Traffic repositories with TCP/IP header information are very important for network analysis. Researchers often assume that such repositories reliably represent all traffic that has been flowing over the network; little thoughts are made regarding the consistency of these repositories. Still, for various reasons, the traffic capturing process may have missed packets. For certain kinds of analysis, for example loss measurements, such inconsistencies may lead to the wrong conclusions.\ud This paper proposes an algorithm to detect such inconsistencies, using the idea of “fake gaps”. A prototype has been developed, and used to test two well-known repositories: the WIDE and Simpleweb repositories. The paper shows that both repositories contain several inconsistencies

Consistency of Network Traffic Repositories: An Overview

Traffc repositories with TCP/IP header information are very important for network analysis. Researchers often assume that such repositories reliably represent all traffc that has been flowing over the network; little thoughts are made regarding the consistency of these repositories. Still, for various reasons, the trafc capturing process may have missed packets. For certain kinds of analysis, for example loss measurements, such inconsistencies may lead to the wrong conclusions. This paper proposes an algorithm to detect such inconsistencies, using the idea of “fake gaps��?. A prototype has been developed, and used to test two well-known repositories: the WIDE and Simpleweb repositories. The paper shows that both repositories contain several inconsistencies

Consistency analysis of network traffic repositories

Traffic repositories with TCP/IP header information are very important for network analysis. Researchers often assume that such repositories reliably represent all traffic that has been flowing over the network; little thoughts are made regarding the consistency of these repositories. Still, for various reasons, the traffic capturing process may have missed packets. For certain kinds of analysis, for example loss measurements, such inconsistencies may lead to the wrong conclusions. This paper proposes an algorithm to detect such inconsistencies, using the idea of “fake gaps��?. A prototype has been developed, and used to test two well-known repositories: the WIDE and Simpleweb repositories. The paper shows that both repositories contain several inconsistencies

Consistency of Network Traffic Repositories: An Overview

Traffc repositories with TCP/IP header information are very important for network analysis. Researchers often assume that such repositories reliably represent all traffc that has been flowing over the network; little thoughts are made regarding the consistency of these repositories. Still, for various reasons, the trafc capturing process may have missed packets. For certain kinds of analysis, for example loss measurements, such inconsistencies may lead to the wrong conclusions. This paper proposes an algorithm to detect such inconsistencies, using the idea of “fake gaps”. A prototype has been developed, and used to test two well-known repositories: the WIDE and Simpleweb repositories. The paper shows that both repositories contain several inconsistencies

Applying the Lost-Letter Technique to Assess IT Risk Behaviour

Information security policies are used to mitigate threats for which a technical prevention is not feasible. Compliance with information security policies is a notoriously difficult issue. Social sciences could provide tools to empirically study compliance with policies. We use a variation of the lost-letter technique to study IT risk behaviour, using USB keys instead of letters. The observational lost-letter study by Farrington and Knight (1979) was replicated in a university setting by dropping 106 USB keys. Labels on the USB keys were used to vary characteristics of the alleged victim. Observers noted characteristics of people who picked a USB key up and whether the USB key was returned. Results show that USB keys in their original box are stolen more than used ones and that people aged 30 or younger and those who place a found USB key in their pocket are more likely to steal. This suggests that the decision to steal a USB key is taken at the moment of pick up, despite ample opportunity to return it. The lost USB key technique proved to be a feasible method of data collection to measure policy compliance and thus also risk behaviour

Applying the Lost-Letter Technique to Assess IT Risk Behaviour

Information security policies are used to mitigate threats for which a technical prevention is not feasible. Compliance with information security policies is a notoriously difficult issue. Social sciences could provide tools to empirically study compliance with policies. We use a variation of the lost-letter technique to study IT risk behaviour, using USB keys instead of letters. The observational lost-letter study by Farrington and Knight (1979) was replicated in a university setting by dropping 106 USB keys. Labels on the USB keys were used to vary characteristics of the alleged victim. Observers noted characteristics of people who picked a USB key up and whether the USB key was returned. Results show that USB keys in their original box are stolen more than used ones and that people aged 30 or younger and those who place a found USB key in their pocket are more likely to steal. This suggests that the decision to steal a USB key is taken at the moment of pick up, despite ample opportunity to return it. The lost USB key technique proved to be a feasible method of data collection to measure policy compliance and thus also risk behaviour