{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,13]],"date-time":"2026-04-13T16:31:53Z","timestamp":1776097913057,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":45,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,12,2]],"date-time":"2024-12-02T00:00:00Z","timestamp":1733097600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"European Union","award":["ROF-SG20-3066-3-2-2"],"award-info":[{"award-number":["ROF-SG20-3066-3-2-2"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,12,2]]},"DOI":"10.1145\/3658644.3690212","type":"proceedings-article","created":{"date-parts":[[2024,12,9]],"date-time":"2024-12-09T12:19:20Z","timestamp":1733746760000},"page":"4167-4181","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":6,"title":["Employees' Attitudes towards Phishing Simulations: \"It's like when a child reaches onto the hot hob\""],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0004-5128-0257","authenticated-orcid":false,"given":"Katharina","family":"Schiller","sequence":"first","affiliation":[{"name":"Hof University of Applied Sciences, Hof, Bavaria, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-6642-6904","authenticated-orcid":false,"given":"Florian","family":"Adamsky","sequence":"additional","affiliation":[{"name":"Hof University of Applied Sciences, Hof, Bavaria, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1077-7537","authenticated-orcid":false,"given":"Christian","family":"Eichenm\u00fcller","sequence":"additional","affiliation":[{"name":"Friedrich-Alexander-Universit\u00e4t Erlangen-N\u00fcrnberg (FAU), Erlangen, Bavaria, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-9405-2335","authenticated-orcid":false,"given":"Matthias","family":"Reimert","sequence":"additional","affiliation":[{"name":"Independent Researcher, Munich, Bavaria, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-7158-0219","authenticated-orcid":false,"given":"Zinaida","family":"Benenson","sequence":"additional","affiliation":[{"name":"Friedrich-Alexander-Universit\u00e4t Erlangen-N\u00fcrnberg (FAU), Erlangen, Bavaria, Germany"}]}],"member":"320","published-online":{"date-parts":[[2024,12,9]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Anti-Phishing Working Group (APWG). 2023. Phishing Activity Trends Report. Technical Report. Anti Phishing Working Group (APWG). https:\/\/docs.apwg.org\/reports\/apwg_trends_report_q4_2023.pdf"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3--319--70278-0_39"},{"key":"e_1_3_2_1_3_1","volume-title":"You Need More Resources\": The Hidden Costs of Introducing Simulated Phishing Campaigns. In 32textsuperscriptnd USENIX Security Symposium","author":"Brunken Lina","unstructured":"Lina Brunken, Annalina Buckmann, Jonas Hielscher, and M. Angela Sasse. 2023. \"To Do This Properly, You Need More Resources\": The Hidden Costs of Introducing Simulated Phishing Campaigns. In 32textsuperscriptnd USENIX Security Symposium. Anaheim, CA, 4105--4122."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3-031--48057--7_20"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2013.106"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/BigData.2017.8258485"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/3613904.3641943"},{"key":"e_1_3_2_1_8_1","volume-title":"Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017","author":"Conway Dan","year":"2017","unstructured":"Dan Conway, Ronnie Taib, Mitch Harris, Kun Yu, Shlomo Berkovsky, and Fang Chen. 2017. A Qualitative Investigation of Bank Employee Experiences of Information Security and Phishing. In Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017). USENIX Association, Santa Clara, CA, 115--129. https:\/\/www.usenix.org\/conference\/soups2017\/technical-sessions\/presentation\/conway"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/3544548.3581170"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2006.10.009"},{"key":"e_1_3_2_1_11_1","volume-title":"ENISA Threat Landscape 2023","author":"European Union Agency for Cybersecurity. 2023.","year":"2022","unstructured":"European Union Agency for Cybersecurity. 2023. ENISA Threat Landscape 2023: July 2022 to June 2023. Technical Report. Publications Office. https:\/\/data.europa.eu\/doi\/10.2824\/782573"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1001\/jamanetworkopen.2019.0393"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.14722\/usec.2018.23016"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/3461672"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103364"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/SecDev.2018.00020"},{"key":"e_1_3_2_1_17_1","volume-title":"A Large-Scale Interview Study on Information Security in and Attacks against Small and Medium-sized Enterprises. In 30textsuperscriptth USENIX Security Symposium (USENIX Security 21)","author":"Huaman Nicolas","unstructured":"Nicolas Huaman, Bennet von Skarczinski, Christian Stransky, Dominik Wermke, Yasemin Acar, Arne Drei\u00dfigacker, and Sascha Fahl. 2021. A Large-Scale Interview Study on Information Security in and Attacks against Small and Medium-sized Enterprises. In 30textsuperscriptth USENIX Security Symposium (USENIX Security 21). USENIX Association, 1235--1252. https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/huaman"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1080\/0144929X.2011.632650"},{"key":"e_1_3_2_1_19_1","unstructured":"knowbe4. [n. d.]. Security Awareness Training | KnowBe4. https:\/\/www.knowbe4.com\/"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1572532.1572536"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/1240624.1240760"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/1299015.1299022"},{"key":"e_1_3_2_1_23_1","volume-title":"ACM Transactions on Internet Technology","volume":"10","author":"Kumaraguru Ponnurangam","year":"2010","unstructured":"Ponnurangam Kumaraguru, Steve Sheng, Alessandro Acquisti, Lorrie Faith Cranor, and Jason I. Hong. 2010-05. Teaching Johnny not to fall for phish. ACM Transactions on Internet Technology, Vol. 10 (2010-05), 1--31."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","unstructured":"Daniele Lain Kari Kostiainen and Srdjan Capkun. 2022. Phishing in Organizations: Findings from a Large-Scale and Long-Term Study. 842--859. https:\/\/doi.org\/10.1109\/SP46214.2022.9833766","DOI":"10.1109\/SP46214.2022.9833766"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/SECON.2018.8479109"},{"key":"e_1_3_2_1_26_1","unstructured":"Aimee Picchi. 2020. Tribune workers got an email dangling a bonus ? but it was a hoax from their employer - CBS News. https:\/\/www.cbsnews.com\/news\/tribune-bonus-email-hoax-cybersecurity-test\/"},{"key":"e_1_3_2_1_27_1","unstructured":"Proofpoint. 2020. Assess - Phishing Simulations Tests & Training textbar Proofpoint US. https:\/\/www.proofpoint.com\/us\/products\/security-awareness-training\/phishing-simulations"},{"key":"e_1_3_2_1_28_1","volume-title":"Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020","author":"Reinheimer Benjamin","year":"2020","unstructured":"Benjamin Reinheimer, Lukas Aldag, Peter Mayer, Mattia Mossano, Reyhan Duezguen, Bettina Lofthouse, Tatiana von Landesberger, and Melanie Volkamer. 2020. An investigation of phishing awareness and education over time: When and how to best remind users. In Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020). USENIX Association, 259--284. https:\/\/www.usenix.org\/conference\/soups2020\/presentation\/reinheimer"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1140124.1140187"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3658644.3690212"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.2139\/ssrn.4737715"},{"key":"e_1_3_2_1_32_1","unstructured":"Terranova Security. 2024. Phishing Simulation. https:\/\/terranovasecurity.com\/phishing-simulation\/"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/1280680.1280692"},{"key":"e_1_3_2_1_34_1","volume-title":"Measuring the Effectiveness of Embedded Phishing Exercises. In 10textsuperscriptth USENIX Workshop on Cyber Security Experimentation and Test (CSET 17)","author":"Siadati Hossein","unstructured":"Hossein Siadati, Sean Palka, Avi Siegel, and Damon McCoy. 2017. Measuring the Effectiveness of Embedded Phishing Exercises. In 10textsuperscriptth USENIX Workshop on Cyber Security Experimentation and Test (CSET 17). USENIX Association, Vancouver, BC. https:\/\/www.usenix.org\/conference\/cset17\/workshop-program\/presentation\/siadatii"},{"key":"e_1_3_2_1_35_1","unstructured":"SoSafe. 2022. Drive secure behavior at scale. https:\/\/sosafe-awareness.com\/"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1093\/cybsec\/tyaa009"},{"key":"e_1_3_2_1_37_1","volume-title":"Proceedings of the 31textsuperscriptst International Conference on ICT Systems Security and Privacy Protection (IFIP SEC 2016).","author":"Stockhardt Simon","unstructured":"Simon Stockhardt, Benjamin Reinheimer, M. Volkamer, P. Mayer, Alexandra Kunz, P. Rack, and D. Lehmann. 2016. Teaching Phishing-Security: Which Way is Best?. In Proceedings of the 31textsuperscriptst International Conference on ICT Systems Security and Privacy Protection (IFIP SEC 2016)."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.heliyon.2019.e02010"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3-030--66504--3_19"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/3173574.3174066"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.62915\/2472-2707.1040"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/3290605.3300338"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijhcs.2018.06.004"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1080\/08874417.2021.1919941"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.14722\/usec.2024.23024"}],"event":{"name":"CCS '24: ACM SIGSAC Conference on Computer and Communications Security","location":"Salt Lake City UT USA","acronym":"CCS '24","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3690212","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3658644.3690212","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T06:12:25Z","timestamp":1755843145000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3690212"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,2]]},"references-count":45,"alternative-id":["10.1145\/3658644.3690212","10.1145\/3658644"],"URL":"https:\/\/doi.org\/10.1145\/3658644.3690212","relation":{},"subject":[],"published":{"date-parts":[[2024,12,2]]},"assertion":[{"value":"2024-12-09","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}