The data was collected in a simulated experiment with the purpose of studying how different types of cybersecurity training impacts users' ability to correctly identify phishing e-mail. For the experiment, an isolated e-mail world was developed and participants were given an inbox containing 5 legitimate e-mails and 6 phishing e-mails. They were asked to assume the persona of the inbox owner and then delete all e-mails they considered to be phishing. They were also asked to “think aloud” during the experiment. Their performance was monitored by an experiment supervisor using an eye tracker and continuous monitoring of the participants screen.
Studiens syfte var att analysera hur olika typer av säkerhetsträning påverkar användares förmåga att identifiera phsihing mail. Studien genomfördes som ett simulerat experiment där data samlades in både genom manuell kontroll av deltagarnas agerande samt med så kallad eye tracker.