Application of the human error approach to phishing fraud prevention education

2022 Fiscal Year Final Research Report

• Project/Area Number: 20K05013
• Research Category: Grant-in-Aid for Scientific Research (C)
• Allocation Type: Multi-year Fund
• Section: 一般
• Review Section: Basic Section 25020:Safety engineering-related
• Research Institution: Institute of Information Security
• Principal Investigator: Inaba Midori 情報セキュリティ大学院大学, その他の研究科, 准教授 (80419093)
• Project Period (FY): 2020-04-01 – 2023-03-31
• Keywords: フィッシングメール / 標的型攻撃訓練 / 教育 / メタ認知スキル

Outline of Final Research Achievements

The study first investigated the mechanisms by which individuals can acquire intuitions when correctly identifying phishing emails. Metacognitive skills were found to contribute to the intuitions about phishing emails. Moreover, the evidence-based objective reasoning tendency was found to contribute to intuitions about targeted attack emails and the correct identification of these emails.
In addition, this study developed the proposed educational program that focused on explaining the importance of acquiring the intuitions to prevent individuals from responding to the targeted attack emails. The experiment was conducted to compare its effectiveness with the conventional educational program. As a result, the proposed program was appeared to be more effective than the conventional program, but not to the extent that it could be said to be sufficiently effective.

Free Research Field

実験社会心理学

Academic Significance and Societal Importance of the Research Achievements

初期の気づきがフィッシングメールへの判別を左右するとの報告がある一方、この気づきについての知見はほとんどみられていない。本研究ではこの気づきに影響する要因を示し、気づきのメカニズムを明らかにすることに貢献した。
また、標的型攻撃メールへの反応を防ぐための従来形式の教育プログラムについては以前からその効果の小ささが報告されており、今回もそれを支持する結果が確認した。しかし、提案形式のプログラムにも十分な効果は確認できなかった。ただし研究成果を総合的にみることで、教育プログラムをどのように改善すべきかの具体的方向性を把握することができた。