Quantifying Susceptibility to Spear Phishing in a High School Environment Using Signal Detection Theory
This addresses the problem of spear phishing vulnerability for underrepresented populations like high school students and staff, though it is incremental as it applies an existing method to a new demographic.
The study investigated susceptibility to spear phishing in a high school community using signal detection theory, finding an overconfidence bias in participants' ability to detect phishing emails, regardless of technical background.
Spear phishing is a deceptive attack that uses social engineering to obtain confidential information through targeted victimization. It is distinguished by its use of social cues and personalized information to target specific victims. Previous work on resilience to spear phishing has focused on convenience samples, with a disproportionate focus on students. In contrast, here, we report on an evaluation of a high school community. We engaged 57 high school students and faculty members (12 high school students, 45 staff members) as participants in research utilizing signal detection theory (SDT). Through scenario-based analysis, participants tasked with distinguishing phishing emails from authentic emails. The results revealed an overconfidence bias in self-detection from the participants, regardless of their technical background. These findings are critical for evaluating the decision-making of underrepresented populations and protecting people from potential spear phishing attacks by examining human susceptibility.