Abstract
Phishing attacks are increasingly exploited by cybercriminals, they become more sophisticated and evade detection even by advanced technical countermeasures. With cybercriminals resorting to more sophisticated phishing techniques, strategies, and different channels such as social networks, phishing is becoming a hard problem to solve. Therefore, the main objective for any anti-phishing solution is to minimize phishing success and its consequences through complementary means to advanced technical countermeasures. Specifically, phishing threats cannot be controlled by technical controls alone, thus it is imperative to complement cybersecurity programs with cybersecurity awareness programs to successfully fight against phishing attacks. This paper provides a review of the delivery methods of cybersecurity training programs used to enhance personnel security awareness and behavior in terms of phishing threats. Although there are a wide variety of educational intervention methods against phishing, the differences between the cybersecurity awareness delivery methods are not always clear. To this end, we present a review of the most common methods of workforce cybersecurity training methods in order for them to be able to protect themselves from phishing threats.
Highlights
Advances in technology have transformed the way people work, communicate, and socialize quite dramatically
The authors organized the outcome of the evaluation in terms of click rate as: people who always clicked (Always) irrespective of previous training about phishing, people who clicked at least once (Once), people who clicked after training (Trained), and people who never clicked (Never)
Authors in [29] evaluated the effectiveness of gamebased delivery method in raising phishing attack awareness. They compare it to a web- based delivery method
Summary
Advances in technology have transformed the way people work, communicate, and socialize quite dramatically. Phishing primarily depends on the perception of authenticity normally enacted through authentic-looking emails and spoofed websites purportedly from a legitimate and trusted source. It masquerades hidden malicious payloads, such as ransomware, as authentic products or services. Corresponding author: Abdulbasit Darem www.etasr.com for people to recognize them as illegitimate websites These malicious websites usually remain on-line for a short time only. In addition to the usual fake websites and phishing emails, cybercriminals rely on social engineering techniques to exploit human psychology to deceive people. Cybercriminals use sensitive information illegally harvested from victims for illicit purposes that include identity theft, financial fraud, and corporate espionage [2]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: Engineering, Technology & Applied Science Research
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
