{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,1]],"date-time":"2026-05-01T19:46:51Z","timestamp":1777664811012,"version":"3.51.4"},"reference-count":81,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2010,5,1]],"date-time":"2010-05-01T00:00:00Z","timestamp":1272672000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000143","name":"Division of Computing and Communication Foundations","doi-asserted-by":"publisher","award":["CCF-0524189"],"award-info":[{"award-number":["CCF-0524189"]}],"id":[{"id":"10.13039\/100000143","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000183","name":"Army Research Office","doi-asserted-by":"publisher","award":["DAAD19-02-1-0389"],"award-info":[{"award-number":["DAAD19-02-1-0389"]}],"id":[{"id":"10.13039\/100000183","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Internet Technol."],"published-print":{"date-parts":[[2010,5]]},"abstract":"<jats:p>Phishing attacks, in which criminals lure Internet users to Web sites that spoof legitimate Web sites, are occurring with increasing frequency and are causing considerable harm to victims. While a great deal of effort has been devoted to solving the phishing problem by prevention and detection of phishing emails and phishing Web sites, little research has been done in the area of training users to recognize those attacks. Our research focuses on educating users about phishing and helping them make better trust decisions. We identified a number of challenges for end-user security education in general and anti-phishing education in particular: users are not motivated to learn about security; for most users, security is a secondary task; it is difficult to teach people to identify security threats without also increasing their tendency to misjudge nonthreats as threats. Keeping these challenges in mind, we developed an email-based anti-phishing education system called \u201cPhishGuru\u201d and an online game called \u201cAnti-Phishing Phil\u201d that teaches users how to use cues in URLs to avoid falling for phishing attacks. We applied learning science instructional principles in the design of PhishGuru and Anti-Phishing Phil. In this article we present the results of PhishGuru and Anti-Phishing Phil user studies that demonstrate the effectiveness of these tools. Our results suggest that, while automated detection systems should be used as the first line of defense against phishing attacks, user education offers a complementary approach to help people better recognize fraudulent emails and websites.<\/jats:p>","DOI":"10.1145\/1754393.1754396","type":"journal-article","created":{"date-parts":[[2010,6,2]],"date-time":"2010-06-02T19:40:21Z","timestamp":1275507621000},"page":"1-31","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":277,"title":["Teaching Johnny not to fall for phish"],"prefix":"10.1145","volume":"10","author":[{"given":"Ponnurangam","family":"Kumaraguru","sequence":"first","affiliation":[{"name":"Carnegie Mellon University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Steve","family":"Sheng","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Alessandro","family":"Acquisti","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lorrie Faith","family":"Cranor","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jason","family":"Hong","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2010,6,10]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/1299015.1299021"},{"key":"e_1_2_1_2_1","unstructured":"Account Guard. 2006. Account Guard. http:\/\/pages.ebay.com\/ebay_toolbar\/.  Account Guard. 2006. Account Guard. http:\/\/pages.ebay.com\/ebay_toolbar\/."},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/322796.322806"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1207\/s15516709cog2602_1"},{"key":"e_1_2_1_5_1","volume-title":"Usable Security Workshop (USEC'07)","author":"Anandpara V.","unstructured":"Anandpara , V. , Dingman , A. , Jakobsson , M. , Liu , D. , and Roinestad , H . 2007. Phishing IQ tests measure fear, not ability . Usable Security Workshop (USEC'07) . http:\/\/usablesecurity.org\/papers\/anandpara.pdf. Anandpara, V., Dingman, A., Jakobsson, M., Liu, D., and Roinestad, H. 2007. Phishing IQ tests measure fear, not ability. Usable Security Workshop (USEC'07). http:\/\/usablesecurity.org\/papers\/anandpara.pdf."},{"key":"e_1_2_1_6_1","volume-title":"Rules of the Mind","author":"Anderson J. R.","unstructured":"Anderson , J. R. 1993. Rules of the Mind . Lawrence Erlbaum Associates, Inc. Anderson, J. R. 1993. Rules of the Mind. Lawrence Erlbaum Associates, Inc."},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1207\/s15327809jls0402_2"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.3102\/0013189X025004005"},{"key":"e_1_2_1_9_1","unstructured":"Anti-Phishing Working Group. 2007. Anti-Phishing Working Group. http:\/\/www.antiphishing.org\/.  Anti-Phishing Working Group. 2007. Anti-Phishing Working Group. http:\/\/www.antiphishing.org\/."},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1037\/0096-3445.108.3.296"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-73078-1_5"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1037\/0033-2909.128.4.612"},{"key":"e_1_2_1_13_1","doi-asserted-by":"crossref","unstructured":"Bransford J. D. and Schwartz D. L. 2001. Rethinking transfer: A simple proposal with multiple implications. In Review of Research in Education A. Iran-Nejad and P. D. Pearson. Eds. Vol. 24 American Educational Research Association (AERA) Washington DC 61--100.  Bransford J. D. and Schwartz D. L. 2001. Rethinking transfer: A simple proposal with multiple implications. In Review of Research in Education A. Iran-Nejad and P. D. Pearson. Eds. Vol. 24 American Educational Research Association (AERA) Washington DC 61--100.","DOI":"10.2307\/1167267"},{"key":"e_1_2_1_14_1","doi-asserted-by":"crossref","unstructured":"Burmester G. M. Stottler D. and Hart J. L. 2005. Embedded training intelligent tutoring systems (ITS) for the future combat systems (FCS) command and control (C2) vehicle. Tech. rep. Defense Technical Information Center. http:\/\/www.stottlerhenke.com\/papers\/IITSEC-02-ITSFCS.pdf.  Burmester G. M. Stottler D. and Hart J. L. 2005. Embedded training intelligent tutoring systems (ITS) for the future combat systems (FCS) command and control (C2) vehicle. Tech. rep. Defense Technical Information Center. http:\/\/www.stottlerhenke.com\/papers\/IITSEC-02-ITSFCS.pdf.","DOI":"10.21236\/ADA438495"},{"key":"e_1_2_1_15_1","volume-title":"Proceedings of the NYS Cyber Security Conference.","author":"Chandrasekaran M.","unstructured":"Chandrasekaran , M. , Narayanan , K. , and Upadhyaya , S . 2006. Phishing email detection based on structural properties . Proceedings of the NYS Cyber Security Conference. Chandrasekaran, M., Narayanan, K., and Upadhyaya, S. 2006. Phishing email detection based on structural properties. Proceedings of the NYS Cyber Security Conference."},{"key":"e_1_2_1_16_1","volume-title":"Developing Technical Training: A Structured Approach for the Development of Classroom and Computer-Based Instructional Materials","author":"Clark R. C.","unstructured":"Clark , R. C. 1989. Developing Technical Training: A Structured Approach for the Development of Classroom and Computer-Based Instructional Materials . Addison Wesley Publishing Company . Clark, R. C. 1989. Developing Technical Training: A Structured Approach for the Development of Classroom and Computer-Based Instructional Materials. Addison Wesley Publishing Company."},{"key":"e_1_2_1_17_1","doi-asserted-by":"crossref","unstructured":"Clark R. C. and Mayer R. E. 2002. E-Learning and the Science of Instruction: Proven Guidelines for Consumers and Designers of Multimedia Learning. John Wiley &amp; Sons Inc.   Clark R. C. and Mayer R. E. 2002. E-Learning and the Science of Instruction: Proven Guidelines for Consumers and Designers of Multimedia Learning. John Wiley &amp; Sons Inc.","DOI":"10.1002\/pfi.4930420510"},{"key":"e_1_2_1_18_1","volume-title":"How People Learn: Bridging Research and Practice","author":"Committee on Developments in the Science of Learning and National Research Council. 2000.","unstructured":"Committee on Developments in the Science of Learning and National Research Council. 2000. How People Learn: Bridging Research and Practice . National Academies Press . Committee on Developments in the Science of Learning and National Research Council. 2000. How People Learn: Bridging Research and Practice. National Academies Press."},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/365024.365111"},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1037\/0022-0663.88.4.715"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.5555\/1387649.1387650"},{"key":"e_1_2_1_22_1","unstructured":"Cranor L. F. and Garfinkel S. Aug 2005. Security and Usability: Designing Secure Systems that People Can Use. O'Reilly Sebastopol CA.   Cranor L. F. and Garfinkel S. Aug 2005. Security and Usability: Designing Secure Systems that People Can Use. O'Reilly Sebastopol CA."},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/1073001.1073009"},{"key":"e_1_2_1_24_1","unstructured":"eBay. 2006. Spoof email tutorial. http:\/\/pages.ebay.com\/education\/spooftutorial.  eBay. 2006. Spoof email tutorial. http:\/\/pages.ebay.com\/education\/spooftutorial."},{"key":"e_1_2_1_25_1","volume-title":"Handbook of Human-Computer Interaction","author":"Eberts R. E.","unstructured":"Eberts , R. E. 1997. Handbook of Human-Computer Interaction . Elsevier Science , 825--847. Eberts, R. E. 1997. Handbook of Human-Computer Interaction. Elsevier Science, 825--847."},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/1357054.1357219"},{"key":"e_1_2_1_27_1","unstructured":"Emigh A. 2005. Online identity theft: Phishing technology chokepoints and countermeasures. Tech. rep. Radix Labs. October. http:\/\/www.antiphishing.org\/Phishing-dhs-report.pdf.  Emigh A. 2005. Online identity theft: Phishing technology chokepoints and countermeasures. Tech. rep. Radix Labs. October. http:\/\/www.antiphishing.org\/Phishing-dhs-report.pdf."},{"key":"e_1_2_1_28_1","unstructured":"Evers J. 2006. User education is pointless. http:\/\/news.com.com\/2100-7350_3-6125213.html.  Evers J. 2006. User education is pointless. http:\/\/news.com.com\/2100-7350_3-6125213.html."},{"key":"e_1_2_1_29_1","unstructured":"Federal Trade Commission. 2006a. An e-card for you game. http:\/\/www.ftc.gov\/bcp\/conline\/ecards\/phishing\/index.html.  Federal Trade Commission. 2006a. An e-card for you game. http:\/\/www.ftc.gov\/bcp\/conline\/ecards\/phishing\/index.html."},{"key":"e_1_2_1_30_1","unstructured":"Federal Trade Commission. 2006b. How not to get hooked by a phishing scam. Consumer alert news. http:\/\/www.ftc.gov\/bcp\/edu\/pubs\/consumer\/alerts\/alt127.htm.  Federal Trade Commission. 2006b. How not to get hooked by a phishing scam. Consumer alert news. http:\/\/www.ftc.gov\/bcp\/edu\/pubs\/consumer\/alerts\/alt127.htm."},{"key":"e_1_2_1_31_1","unstructured":"Ferguson A. J. 2005. Fostering e-mail security awareness: The west point carronade. EDUCASE Quart. 1. http:\/\/www.educause.edu\/ir\/library\/pdf\/eqm0517.pdf.  Ferguson A. J. 2005. Fostering e-mail security awareness: The west point carronade. EDUCASE Quart. 1. http:\/\/www.educause.edu\/ir\/library\/pdf\/eqm0517.pdf."},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242660"},{"key":"e_1_2_1_33_1","unstructured":"Florencio D. and Herley C. 2005. Stopping a phishing attack even when the victims ignore warnings. Tech. rep. Microsoft.  Florencio D. and Herley C. 2005. Stopping a phishing attack even when the victims ignore warnings. Tech. rep. Microsoft."},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1037\/0096-3445.120.1.34"},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1037\/h0061154"},{"key":"e_1_2_1_36_1","unstructured":"Gordon L. A. Loeb M. P. Lucyshyn W. and Richardson R. 2006. CSI\/FBI computer crime and security survey. Report Computer Security Institute.  Gordon L. A. Loeb M. P. Lucyshyn W. and Richardson R. 2006. CSI\/FBI computer crime and security survey. Report Computer Security Institute."},{"key":"e_1_2_1_37_1","volume-title":"Proceedings of the 16th Virus Bulletin International Conference.","author":"Gorling S.","year":"2006","unstructured":"Gorling , S. 2006 . The myth of user education . In Proceedings of the 16th Virus Bulletin International Conference. Gorling, S. 2006. The myth of user education. In Proceedings of the 16th Virus Bulletin International Conference."},{"key":"e_1_2_1_38_1","unstructured":"Hight S. D. 2005. The importance of a security education training and awareness program. http:\/\/www.infosecwriters.com\/text_resources\/pdf\/SETA_SHight.pdf.  Hight S. D. 2005. The importance of a security education training and awareness program. http:\/\/www.infosecwriters.com\/text_resources\/pdf\/SETA_SHight.pdf."},{"key":"e_1_2_1_39_1","volume-title":"Proceedings of the Usable Security Workshop (USEC'07)","author":"Jackson C.","unstructured":"Jackson , C. , Simon , D. , Tan , D. , and Barth , A . 2007. An evaluation of extended validation and picture-in-picture phishing attacks . In Proceedings of the Usable Security Workshop (USEC'07) . http:\/\/usablesecurity.org\/papers\/jackson.pdf. Jackson, C., Simon, D., Tan, D., and Barth, A. 2007. An evaluation of extended validation and picture-in-picture phishing attacks. In Proceedings of the Usable Security Workshop (USEC'07). http:\/\/usablesecurity.org\/papers\/jackson.pdf."},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/1290958.1290968"},{"key":"e_1_2_1_41_1","volume-title":"Privacy &amp","author":"Jakobsson M.","unstructured":"Jakobsson , M. 2007. The human factor in phishing . In Privacy &amp ; Security of Consumer Information . http:\/\/www.informatics.indiana.edu\/markus\/papers\/aci.pdf. Jakobsson, M. 2007. The human factor in phishing. In Privacy &amp; Security of Consumer Information. http:\/\/www.informatics.indiana.edu\/markus\/papers\/aci.pdf."},{"key":"e_1_2_1_42_1","volume-title":"Eds","author":"Jakobsson M.","year":"2006","unstructured":"Jakobsson , M. and Myers , S. , Eds . 2006 . Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft. Wiley-Interscience . Jakobsson, M. and Myers, S., Eds. 2006. Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft. Wiley-Interscience."},{"key":"e_1_2_1_43_1","unstructured":"James L. 2005. Phishing Exposed. Syngress Publishing Canada.   James L. 2005. Phishing Exposed. Syngress Publishing Canada."},{"key":"e_1_2_1_44_1","volume-title":"Proceedings of the Annual Meeting of the North American Chapter of the International Group for the Psychology of Mathematics Education.","volume":"4","author":"Johnson B. R.","unstructured":"Johnson , B. R. and Koedinger , K. R . 2002. Comparing instructional strategies for integrating conceptual and procedural knowledge . In Proceedings of the Annual Meeting of the North American Chapter of the International Group for the Psychology of Mathematics Education. Vol. 1-- 4 . 969--978. Johnson, B. R. and Koedinger, K. R. 2002. Comparing instructional strategies for integrating conceptual and procedural knowledge. In Proceedings of the Annual Meeting of the North American Chapter of the International Group for the Psychology of Mathematics Education. Vol. 1--4. 969--978."},{"key":"e_1_2_1_45_1","volume-title":"Proceedings of the Interservice\/Industry Training, Simulation, and Education Conference (I\/ITSEC). http:\/\/www.iforces.org\/downloads\/problem-based.pdf.","author":"Kirkley J. R.","unstructured":"Kirkley , J. R. and et al. 2003. Problem-based embedded training: An instructional methodology for embedded training using mixed and virtual reality technologies . In Proceedings of the Interservice\/Industry Training, Simulation, and Education Conference (I\/ITSEC). http:\/\/www.iforces.org\/downloads\/problem-based.pdf. Kirkley, J. R. and et al. 2003. Problem-based embedded training: An instructional methodology for embedded training using mixed and virtual reality technologies. In Proceedings of the Interservice\/Industry Training, Simulation, and Education Conference (I\/ITSEC). http:\/\/www.iforces.org\/downloads\/problem-based.pdf."},{"key":"e_1_2_1_46_1","volume-title":"Proocedings of the Annual Meeting of the Norh American Chapter of the International Group for the Psychology of Mathematics Education 1--4.","author":"Koedinger K. R.","year":"2002","unstructured":"Koedinger , K. R. 2002 . Toward evidence for instruction design principles: Examples from cognitive tutor math 6 . Proocedings of the Annual Meeting of the Norh American Chapter of the International Group for the Psychology of Mathematics Education 1--4. Koedinger, K. R. 2002. Toward evidence for instruction design principles: Examples from cognitive tutor math 6. Proocedings of the Annual Meeting of the Norh American Chapter of the International Group for the Psychology of Mathematics Education 1--4."},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/1240624.1240760"},{"key":"e_1_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/1299015.1299022"},{"key":"e_1_2_1_49_1","volume-title":"Phishing: Cutting the Identity Theft Line","author":"Lininger R.","year":"2005","unstructured":"Lininger , R. and Vines , R. D . 2005 . Phishing: Cutting the Identity Theft Line . IN. John Wiley and Sons . Lininger, R. and Vines, R. D. 2005. Phishing: Cutting the Identity Theft Line. IN. John Wiley and Sons."},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.4324\/9781410611147"},{"key":"e_1_2_1_51_1","unstructured":"Mail Frontier. 2006. Mailfrontier phishing IQ test. http:\/\/survey.mailfrontier.com\/survey\/quiztest.html.  Mail Frontier. 2006. Mailfrontier phishing IQ test. http:\/\/survey.mailfrontier.com\/survey\/quiztest.html."},{"key":"e_1_2_1_52_1","unstructured":"Mandl H. and Levin J. R. 1989. Knowledge Acquisition from Text and Pictures. North-Holland.  Mandl H. and Levin J. R. 1989. Knowledge Acquisition from Text and Pictures. North-Holland."},{"key":"e_1_2_1_53_1","volume-title":"Education: Shaping the Future of Learning Through Intelligent Technolgis","author":"Mathan S. A.","year":"2003","unstructured":"Mathan , S. A. and Koedinger , K. R . 2003 . Artificial Intelligence in Education: Shaping the Future of Learning Through Intelligent Technolgis . IOS Press , 13--20. Mathan, S. A. and Koedinger, K. R. 2003. Artificial Intelligence in Education: Shaping the Future of Learning Through Intelligent Technolgis. IOS Press, 13--20."},{"key":"e_1_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1207\/s15326985ep4004_7"},{"key":"e_1_2_1_55_1","volume-title":"Multimedia Learning","author":"Mayer R. E.","unstructured":"Mayer , R. E. 2001. Multimedia Learning . Cambridge University Press , Cambidge, UK . Mayer, R. E. 2001. Multimedia Learning. Cambridge University Press, Cambidge, UK."},{"key":"e_1_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1037\/0022-0663.84.4.444"},{"key":"e_1_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1093\/her\/18.2.156"},{"key":"e_1_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.2466\/pms.1997.84.3.784"},{"key":"e_1_2_1_59_1","unstructured":"Microsoft Corporation. 2006. Consumer awareness page on phishing. http:\/\/www.microsoft.com\/athome\/security\/email\/phishing.mspx.  Microsoft Corporation. 2006. Consumer awareness page on phishing. http:\/\/www.microsoft.com\/athome\/security\/email\/phishing.mspx."},{"key":"e_1_2_1_60_1","unstructured":"Miller R. C. and Wu M. 2005. Fighting phishing at the user interface. In L. Cranor and S. Garfinkel Eds. Security and Usability: Designing Secure Systems that People Can Use. O'Reilly.  Miller R. C. and Wu M. 2005. Fighting phishing at the user interface. In L. Cranor and S. Garfinkel Eds. Security and Usability: Designing Secure Systems that People Can Use. O'Reilly."},{"key":"e_1_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1037\/0022-0663.91.2.358"},{"key":"e_1_2_1_62_1","unstructured":"MySecureCyberspace. 2007. Uniform resource locator (URL). http:\/\/www.mysecurecyberspace.com\/encyclopedia\/index\/uniform-resource-locator-url-.html.  MySecureCyberspace. 2007. Uniform resource locator (URL). http:\/\/www.mysecurecyberspace.com\/encyclopedia\/index\/uniform-resource-locator-url-.html."},{"key":"e_1_2_1_63_1","unstructured":"Netcraft. 2006. Netcraf. http:\/\/toolbar.netcraft.com\/.  Netcraft. 2006. Netcraf. http:\/\/toolbar.netcraft.com\/."},{"key":"e_1_2_1_64_1","volume-title":"Gone phishing&ldots;&ldots","author":"New York State Of","unstructured":"New York State Of fice of Cyber Security &amp; Critical Infrastructure Coordination. 2005. Gone phishing&ldots;&ldots ; a briefing on the anti-phishing exercise initiative for New York State government. Aggregate Exercise Results for public release. New York State Office of Cyber Security &amp; Critical Infrastructure Coordination. 2005. Gone phishing&ldots;&ldots; a briefing on the anti-phishing exercise initiative for New York State government. Aggregate Exercise Results for public release."},{"key":"e_1_2_1_65_1","unstructured":"Nielsen J. 2004. User education is not the answer to security problems. http:\/\/www.useit.com\/alertbox\/20041025.html.  Nielsen J. 2004. User education is not the answer to security problems. http:\/\/www.useit.com\/alertbox\/20041025.html."},{"key":"e_1_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1145\/1140124.1140187"},{"key":"e_1_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1037\/0033-295X.103.4.734"},{"key":"e_1_2_1_68_1","volume-title":"Encyclopedia of Measurement and Statistics","author":"Salkind N. J.","unstructured":"Salkind , N. J. 2006. Encyclopedia of Measurement and Statistics . Sage Publications . Salkind, N. J. 2006. Encyclopedia of Measurement and Statistics. Sage Publications."},{"key":"e_1_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.1111\/j.1467-9280.1992.tb00029.x"},{"key":"e_1_2_1_70_1","unstructured":"Schneier B. 2000. Semantic attacks: The third wave of network attacks. Crypto-Gram Newsletter. http:\/\/www.schneier.com\/crypto-gram-0010.html#1.  Schneier B. 2000. Semantic attacks: The third wave of network attacks. Crypto-Gram Newsletter. http:\/\/www.schneier.com\/crypto-gram-0010.html#1."},{"key":"e_1_2_1_71_1","doi-asserted-by":"crossref","unstructured":"Schwartz D. L. and Bransford J. D. 1998. A time for telling. Cogn. Instruc. 475--522.  Schwartz D. L. and Bransford J. D. 1998. A time for telling. Cogn. Instruc. 475--522.","DOI":"10.1207\/s1532690xci1604_4"},{"key":"e_1_2_1_72_1","unstructured":"Sender Policy Framework. 2006. Sender Policy Framework. http:\/\/www.openspf.org\/.  Sender Policy Framework. 2006. Sender Policy Framework. http:\/\/www.openspf.org\/."},{"key":"e_1_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.1145\/1280680.1280692"},{"key":"e_1_2_1_74_1","volume-title":"Proceedings of the 6th Conference on Email and Anti-Spam.","author":"Sheng S.","unstructured":"Sheng , S. , Wardman , B. , Warner , G. , Cranor , L. , Hong , J. , and Zhang , C . 2009. An empirical analysis of phishing blacklists . Proceedings of the 6th Conference on Email and Anti-Spam. Sheng, S., Wardman, B., Warner, G., Cranor, L., Hong, J., and Zhang, C. 2009. An empirical analysis of phishing blacklists. Proceedings of the 6th Conference on Email and Anti-Spam."},{"key":"e_1_2_1_75_1","unstructured":"Singley M. and Anderson J. R. 1989. The Transfer of Cognitive Skill. Harvard University Press.   Singley M. and Anderson J. R. 1989. The Transfer of Cognitive Skill. Harvard University Press."},{"key":"e_1_2_1_76_1","unstructured":"SpoofGuard. 2006. Spoofguard. http:\/\/crypto.stanford.edu\/SpoofGuard\/.  SpoofGuard. 2006. Spoofguard. http:\/\/crypto.stanford.edu\/SpoofGuard\/."},{"key":"e_1_2_1_77_1","unstructured":"SpoofStick. 2006. Spoofstick. http:\/\/www.spoofstick.com\/.  SpoofStick. 2006. Spoofstick. http:\/\/www.spoofstick.com\/."},{"key":"e_1_2_1_79_1","doi-asserted-by":"publisher","DOI":"10.1145\/1124772.1124863"},{"key":"e_1_2_1_80_1","unstructured":"Yahoo. 2007. DomainKeys: Proving and Protecting Email Sender Identity. http:\/\/antispam.yahoo.com\/domainkeys.  Yahoo. 2007. DomainKeys: Proving and Protecting Email Sender Identity. http:\/\/antispam.yahoo.com\/domainkeys."},{"key":"e_1_2_1_81_1","volume-title":"Proceedings of the 11th USENIX Security Symposium. USENIX Association","author":"Ye Z. E.","unstructured":"Ye , Z. E. and Smith , S . 2002. Trusted paths for browsers . In Proceedings of the 11th USENIX Security Symposium. USENIX Association , Berkeley, CA, 263--279. Ye, Z. E. and Smith, S. 2002. Trusted paths for browsers. In Proceedings of the 11th USENIX Security Symposium. USENIX Association, Berkeley, CA, 263--279."},{"key":"e_1_2_1_82_1","volume-title":"Proceedings of the 14th Annual Network and Distributed System Security Symposium. http:\/\/lorrie.cranor.org\/pubs\/ndss-phish-tools-final.pdf.","author":"Zhang Y.","unstructured":"Zhang , Y. , Egelman , S. , Cranor , L. , and Hong , J . 2007. Phinding phish: Evaluating anti-phishing tools . In Proceedings of the 14th Annual Network and Distributed System Security Symposium. http:\/\/lorrie.cranor.org\/pubs\/ndss-phish-tools-final.pdf. Zhang, Y., Egelman, S., Cranor, L., and Hong, J. 2007. Phinding phish: Evaluating anti-phishing tools. In Proceedings of the 14th Annual Network and Distributed System Security Symposium. http:\/\/lorrie.cranor.org\/pubs\/ndss-phish-tools-final.pdf."}],"container-title":["ACM Transactions on Internet Technology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1754393.1754396","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1754393.1754396","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T11:22:50Z","timestamp":1750245770000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1754393.1754396"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010,5]]},"references-count":81,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2010,5]]}},"alternative-id":["10.1145\/1754393.1754396"],"URL":"https:\/\/doi.org\/10.1145\/1754393.1754396","relation":{},"ISSN":["1533-5399","1557-6051"],"issn-type":[{"value":"1533-5399","type":"print"},{"value":"1557-6051","type":"electronic"}],"subject":[],"published":{"date-parts":[[2010,5]]},"assertion":[{"value":"2009-03-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2009-11-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2010-06-10","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}