16年的钓鱼用户研究:我们学到了什么? (Sixteen Years of Phishing User Studies: What Have We Learned?)

from arxiv, This work has been submitted to the IEEE for possible publication. Copyright may be transferred without notice, after which this version may no longer be accessible

Several previous studies have investigated user susceptibility to phishing attacks. A thorough meta-analysis or systematic review is required to gain a better understanding of these findings and to assess the strength of evidence for phishing susceptibility of a subpopulation, e.g., older users. We aim to determine whether an effect exists; another aim is to determine whether the effect is positive or negative and to obtain a single summary estimate of the effect. OBJECTIVES: We systematically review the results of previous user studies on phishing susceptibility and conduct a meta-analysis. METHOD: We searched four online databases for English studies on phishing. We included all user studies in phishing detection and prevention, whether they proposed new training techniques or analyzed users' vulnerability. FINDINGS: A careful analysis reveals some discrepancies between the findings. More than half of the studies that analyzed the effect of age reported no statistically significant relationship between age and users' performance. Some studies reported older people performed better while some reported the opposite. A similar finding holds for the gender difference. The meta-analysis shows: 1) a significant relationship between participants' age and their susceptibility 2) females are more susceptible than males 3) users training significantly improves their detection ability

翻译：前几次研究调查了用户对钓鱼攻击的易感性; 需要进行彻底的元分析或系统审查,以更好地了解这些调查结果,并评估对亚人口(例如老年用户)进行钓鱼敏感度(例如,老年用户)进行钓鱼研究的证据强度。我们的目标是确定是否存在效果;另一个目标是确定效果是否为正或负,并获得对影响的单一估计摘要。目标:我们系统地审查先前用户对钓鱼敏感度的研究的结果,并进行元分析。方法:我们搜索了四个网上数据库,以进行关于钓鱼的英语研究。我们包括了所有用户在钓鱼探测和预防方面进行的研究,无论这些用户是否提议新的训练技术或分析用户的脆弱性。发现:仔细分析显示发现结论之间存在一些差异。一半以上分析年龄影响的研究报告说,年龄与用户业绩之间没有重要的统计关系。一些研究报告说,老年人的表现比较好,而有些报告相反。对性别差异也有类似的发现。元分析显示:(1) 参与者年龄与其敏感程度2) 女性比男性更易检测能力。