Knowledge and Capabilities that Non-Expert Users Bring to Phishing Detection


Rick Wash, Norbert Nthala, and Emilee Rader, Michigan State University


Phishing emails are scam communications that pretend to be something they are not in order to get people to take actions they otherwise would not. We surveyed a demographically matched sample of 297 people from across the United States and asked them to share their descriptions of a specific experience with a phishing email. Analyzing these experiences, we found that email users' experiences detecting phishing messages have many properties in common with how IT experts identify phishing. We also found that email users bring unique knowledge and valuable capabilities to this identification process that neither technical controls nor IT experts have. We suggest that targeting training toward how to use this uniqueness is likely to improve phishing prevention.

SOUPS 2021 Open Access Videos Sponsored by

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@inproceedings {274451,
author = {Rick Wash and Norbert Nthala and Emilee Rader},
title = {Knowledge and Capabilities that {Non-Expert} Users Bring to Phishing Detection},
booktitle = {Seventeenth Symposium on Usable Privacy and Security (SOUPS 2021)},
year = {2021},
isbn = {978-1-939133-25-0},
pages = {377--396},
url = {},
publisher = {USENIX Association},
month = aug

Presentation Video