Fiche du document
18 décembre 2019
- handle: 10670/1.2sm4u9
- hal: hal-04325609
- doi: 10.1371/journal.pone.0224216
Ce document est lié à :
info:eu-repo/semantics/altIdentifier/doi/10.1371/journal.pone.0224216
info:eu-repo/semantics/OpenAccess
Sujets proches
Carding (Internet fraud) Spoofing, Brand (Internet fraud) Brand spoofing (Internet fraud)Citer ce document
Aurélien Baillon et al., « Informing, simulating experience, or both : A field experiment on phishing risks », HAL-SHS : droit et gestion, ID : 10.1371/journal.pone.0224216
Métriques
Partage / Export
Résumé
Cybersecurity cannot be ensured with mere technical solutions. Hackers often use fraudulent emails to simply ask people for their password to breach into organizations. This technique, called phishing, is a major threat for many organizations. A typical prevention measure is to inform employees but is there a better way to reduce phishing risks? Experience and feedback have often been claimed to be effective in helping people make better decisions. In a large field experiment involving more than 10,000 employees of a Dutch ministry, we tested the effect of information provision, simulated experience, and their combination to reduce the risks of falling into a phishing attack. Both approaches substantially reduced the proportion of employees giving away their password. Combining both interventions did not have a larger impact.