Skip to main content

Table 11 Proposed anti-phishing training program parameters

From: Don’t click: towards an effective anti-phishing training. A comparative literature review

Parameter Section Value(s)
Susceptibility Target group impact Train everyone
User specific training Target group impact Use a model similar to Cyber Risk Index (CRI) to identify the appropriate training method
Email design Email content and structure 1:1 clone of the legitimate mail
Best email topics Email content and structure Shipping, orders, received fax
Email persuasiveness Email content and structure More = better
Education progression Email content and structure, Feedback Level system, per user
Level design Email content and structure, Feedback Increasing difficulty (see "Email content and structure" section)
Education form Feedback Initial course then ongoing training based on a user’s weaknesses as identified by the CRI
Feedback Feedback Embedded training, imminent
Training interval(s) Knowledge retention Adjusted to levels, min. 4×/year