TY - GEN
T1 - An Analysis of Phishing Reporting Activity in a Bank
AU - Doing, Anne Kee
AU - Barbaro, Eduardo
AU - van der Roest, Frank
AU - van Gelder, Pieter
AU - Zhauniarovich, Yury
AU - Parkin, Simon
PY - 2024
Y1 - 2024
N2 - A reduction in phishing threats is of increasing importance to organizations. One part of this effort is to provide training to employees, so that they are able to identify and avoid phishing emails. Yet further, simulated phishing emails are used to test whether employees will both identify and report a suspicious email. We worked with a partner bank to examine a repository of many thousands of reported emails from a behavioural perspective. We divide reported emails into categories and examine reporting trends over time relative to training and phishing simulation campaigns. Among our findings, the level of reporting of benign emails is comparable to the number of malicious emails reported, and we see indications that training and simulations amplify the reporting of benign emails. Our analysis uncovers reporting patterns for unique reporters per email campaign as a promising indicator for the security-related culture around phishing prevention. Evidence from our analysis informs recommendations, such as providing reporting infrastructure for reporting not only malicious emails, but also benign but suspicious work-related emails, in a manner that minimises the disruption for users erring on the side of caution when assessing emails.
AB - A reduction in phishing threats is of increasing importance to organizations. One part of this effort is to provide training to employees, so that they are able to identify and avoid phishing emails. Yet further, simulated phishing emails are used to test whether employees will both identify and report a suspicious email. We worked with a partner bank to examine a repository of many thousands of reported emails from a behavioural perspective. We divide reported emails into categories and examine reporting trends over time relative to training and phishing simulation campaigns. Among our findings, the level of reporting of benign emails is comparable to the number of malicious emails reported, and we see indications that training and simulations amplify the reporting of benign emails. Our analysis uncovers reporting patterns for unique reporters per email campaign as a promising indicator for the security-related culture around phishing prevention. Evidence from our analysis informs recommendations, such as providing reporting infrastructure for reporting not only malicious emails, but also benign but suspicious work-related emails, in a manner that minimises the disruption for users erring on the side of caution when assessing emails.
KW - Phishing reporting
KW - phishing simulations
KW - user email reporting
UR - http://www.scopus.com/inward/record.url?scp=85212830456&partnerID=8YFLogxK
U2 - 10.1145/3688459.3688481
DO - 10.1145/3688459.3688481
M3 - Conference contribution
AN - SCOPUS:85212830456
T3 - ACM International Conference Proceeding Series
SP - 44
EP - 57
BT - Proceedings of the 2024 European Symposium on Usable Security, EuroUSEC 2024
PB - ACM
T2 - 2024 European Symposium on Usable Security, EuroUSEC 2024
Y2 - 30 September 2024 through 1 October 2024
ER -