How a few PhD students revealed that phishing trainings might just not work - podcast episode cover

How a few PhD students revealed that phishing trainings might just not work

Lock and Code
Jan 31, 202240 minSeason 3Ep. 3
--:--
--:--
Listen in podcast apps:
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

You've likely fallen for it before—a simulated test sent by your own company to determine whether its employees are vulnerable to one of the most pernicious online threats today: Phishing.

Those simulated phishing tests often come with a voluntary or mandatory training afterwards, with questions and lessons about what mistakes you made, right after you made them. 

But this extremely popular phishing defense practice might not work. In fact, it might make you worse at recognizing phishing attempts in the future.

That's what Daniele Lain and his fellow PhD candidates at the ETH Zurich university in Switzerland revealed in a recent 15-month study, which we discuss today on Lock and Code, with host David Ruiz.

For the best experience, listen in Metacast app for iOS or Android