Recognition of genuine and phishing emails may not be associated with response to phishing attacks

This paper investigates the associations between recognition of phishing and genuine emails, and response to phishing attacks, namely susceptibility to phishing emails (i.e., click rate) and full phishing attack compliance (i.e., click on a malicious link followed by an attempt to download a file). A cross-sectional survey was conducted among students at a Slovenian university (N = 135) to assess how participants recognize examples of phishing emails. Additionally, a field trial study (i.e., a phishing campaign) was performed to test participants' response to a real phishing attack. Chi-square and Fisher's exact tests were used to test the hypothesized associations between the studied constructs. Results do not indicate any significant associations between recognition of neither phishing nor genuine emails and response to phishing attacks. These findings suggest that studies should thus avoid using recognition of genuine and/or phishing emails in their research designs despite its convenience since it has little practical merit. These results also seriously undermine the assumptions that current phishing training is built on. The focus of phishing training may thus switch from knowledge-raising to actual response to phishing attacks, for example, through practical phishing attempts at the workplace. Although this is not a new phishing training approach, it may have some unwanted side-effects which future studies could focus on tackling.