Phishing e-mail scams continue to threaten organisations around
the world. With generative artificial intelligence, conventional
phishing detection advice such as looking out for linguistic errors and bad layouts will become obsolete. New approaches to
improve people’s ability to detect phishing are essential. We report
on promising results from two experiments (total N = 183) that
engaging people with an adversarial mindset improves their ability
to detect phishing e-mails compared to those who received conventional or no training. Participants who completed conventional
training were nearly three times as likely to fall for a simulated
phishing attack compared to those who completed the adversarial
training, in which they watched a fictitious cybercriminal explain
how to devise a targeted phishing e-mail, and then wrote targeted
phishing e-mails themselves. Although further research is needed
to examine the training’s long-term efficacy with larger sample
sizes, the present findings show an encouraging alternative to conventional phishing training approaches