Spear phishing is a deceptive attack that uses social engineering to obtain confidential information through targeted victimization. It is distinguished by its use of social cues and personalized information to target specific victims. Previous work on resilience to spear phishing has focused on convenience samples, with a disproportionate focus on students. In contrast, here, we report on an evaluation of a high school community. We engaged 57 high school students and faculty members (12 high school students, 45 staff members) as participants in research utilizing signal detection theory (SDT). Through scenario-based analysis, participants tasked with distinguishing phishing emails from authentic emails. The results revealed an overconfidence bias in self-detection from the participants, regardless of their technical background. These findings are critical for evaluating the decision-making of underrepresented populations and protecting people from potential spear phishing attacks by examining human susceptibility.

中文翻译：

---

使用信号检测理论量化高中环境中鱼叉式网络钓鱼的易感性

鱼叉式网络钓鱼是一种欺骗性攻击，它使用社会工程通过有针对性的受害来获取机密信息。它的特点是使用社会线索和个性化信息来针对特定的受害者。以前关于鱼叉式网络钓鱼弹性的工作主要集中在便利样本上，而对学生的关注不成比例。相比之下，我们在这里报告了对高中社区的评估。我们聘请了 57 名高中生和教职员工（12 名高中生，45 名教职员工）作为利用信号检测理论 (SDT) 进行研究的参与者。通过基于场景的分析，参与者的任务是区分网络钓鱼电子邮件和真实电子邮件。结果表明，无论参与者的技术背景如何，他们在自我检测方面都存在过度自信的偏见。