ABSTRACT Executives in many industries have fallen prey to socially engineered attacks known as spear phishing. Using highly targeted emails, social engineers trick victims into performing unintended actions by masquerading as legitimate actors. To shed light on effective spear phishing training, we conducted a multi-round experiment. Our results indicate that training users with individual loss messaging might increase the effectiveness of the training. Additionally, we found potential evidence that organizational training can lead to increased overall spear phishing awareness, even for those not directly trained. Despite these promising results, however, individuals’ susceptibility to highly targeted spear phishing attacks remains troubling for practitioners and researchers.

中文翻译：

---

桶中的鱼叉式网络钓鱼：来自有针对性的网络钓鱼活动的见解

摘要 许多行业的高管已经成为被称为鱼叉式网络钓鱼的社会工程攻击的牺牲品。使用高度针对性的电子邮件，社会工程师通过伪装成合法参与者来诱骗受害者执行意外行为。为了阐明有效的鱼叉式网络钓鱼培训，我们进行了多轮实验。我们的结果表明，用个人损失消息培训用户可能会提高培训的有效性。此外，我们发现了潜在证据，表明组织培训可以提高整体鱼叉式网络钓鱼意识，即使对于那些没有接受过直接培训的人也是如此。然而，尽管取得了这些有希望的结果，但个人对高度针对性的鱼叉式网络钓鱼攻击的易感性仍然困扰着从业者和研究人员。