In hopes of improving participation in anti-phishing measures, cybersecurity researchers from Drexel University’s College of Computing & Informatics sought to better understand the reporting ecosystem that has generated a low rate of participation.
Their report, which is one of the first comprehensive studies to look at the attitudes and actions around phishing reporting, uncovered the challenges and concerns people face when reporting, as well as shortcomings in how the reports are handled.
“Although users are constantly trained and instructed on how to identify and report phishing emails, the reaction they receive in the actions taken — or, more often, not taken — by the companies to which they report creates a negative feedback that discourages them from reporting future emails,” said Eric Sun, PhD, an assistant professor in Drexel’s College of Computing & Informatics who helped to lead the research. “Our research sheds a light on what it’s like to be a reporter and a company that receives a phishing report in hopes of improving this cybersecurity environment.”