Our latest assignment allows the "cognitive agent" to "learn" new phishing messages by adding them to the case base. I found this an interesting question because if phishing is case-based, what causes people to be more likely to add a message to their "phishing" corpus? Surely they don't do it for every message as our system does because we have seen users fall for the same message multiple times.
My guess would be experiencing actual loss would increase recognition, but I'm not certain. The trend in phishing education has been that actually sending phishing messages and telling people they are phishing is far more effective than merely lecturing about phishing (which isn't surprising), but that those who fall for it shouldn't be "punished" for falling for phishing. Would it be more likely to enter their long term memory if there were some consequence, though?
I wouldn't think, certainly at this point, that it would be politically advisable to do such a thing, but the evidence may point to that being far better for the recipient in the long term.
No comments:
Post a Comment