Phishing emails pose a serious threat to individuals and organizations. Users’ ability to identify phishing emails is critical to avoid becoming victims of these attacks. The current study examined the effectiveness of a short online phishing training program designed to help users identify phishing emails. Half of the participants were in the training group and the other half worked on a control filler task. The training group’s sensitivity (d′) at correctly classifying emails as legitimate or phishing increased by 1.14 whereas the control group’s sensitivity increased by only 0.48. This difference in d' changes was significant, t(38) = 2.05, p = .048. This improvement in performance was likely due to users learning how to check reliable cues and interpret them. Despite a sizeable improvement in detecting phishing emails, the training group correctly classified only about two-thirds of phishing emails. Accordingly, a short training program appears beneficial, but a more comprehensive training program would be needed to reduce vulnerability to an acceptable level.

网络钓鱼电子邮件对个人和组织构成了严重威胁。用户识别网络钓鱼电子邮件的能力对于避免成为这些攻击的受害者至关重要。当前的研究检查了一个简短的在线网络钓鱼培训计划的有效性，该计划旨在帮助用户识别网络钓鱼电子邮件。一半的参与者在培训小组中，另一半则参加控制填充任务。正确地将电子邮件分类为合法或网络钓鱼的训练小组的敏感度（d'）增加了1.14，而对照组的敏感度仅增加了0.48。在此差d”的变化是显著，吨（38）= 2.05，p = .048。用户学习如何检查和解释可靠的提示，可能会提高性能。尽管在检测网络钓鱼电子邮件方面有了很大的改进，但培训小组仅正确地对大约三分之二的网络钓鱼电子邮件进行了分类。因此，简短的培训计划似乎是有益的，但是需要更全面的培训计划才能将脆弱性降低到可接受的水平。