{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,4]],"date-time":"2026-05-04T14:05:21Z","timestamp":1777903521451,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":63,"publisher":"ACM","funder":[{"name":"European Union","award":["ROF-SG20-3066-3-2-2"],"award-info":[{"award-number":["ROF-SG20-3066-3-2-2"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2026,4,13]]},"DOI":"10.1145\/3772318.3791490","type":"proceedings-article","created":{"date-parts":[[2026,4,13]],"date-time":"2026-04-13T06:44:11Z","timestamp":1776062651000},"page":"1-28","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Lending a Hand: The Effectiveness of Support Systems in Assisting Users to Detect Phishing Attacks"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0004-5128-0257","authenticated-orcid":false,"given":"Katharina","family":"Schiller","sequence":"first","affiliation":[{"name":"Hof University of Applied Sciences, Hof, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9742-6080","authenticated-orcid":false,"given":"J\u00f6rg","family":"Scheidt","sequence":"additional","affiliation":[{"name":"Hof University of Applied Sciences, Hof, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-6642-6904","authenticated-orcid":false,"given":"Florian","family":"Adamsky","sequence":"additional","affiliation":[{"name":"Hof University of Applied Sciences, Hof, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-7158-0219","authenticated-orcid":false,"given":"Zinaida","family":"Benenson","sequence":"additional","affiliation":[{"name":"IT Security Infrastructures Lab, Friedrich-Alexander-Universit\u00e4t Erlangen-N\u00fcrnberg, Erlangen, Germany"}]}],"member":"320","published-online":{"date-parts":[[2026,4,13]]},"reference":[{"key":"e_1_3_3_2_2_2","unstructured":"2025. Identity-Centric Threats: The New Reality. https:\/\/esentire-dot-com-assets.s3.amazonaws.com\/assets\/resourcefiles\/eSentire_Report_Identity-Centric-Threats.pdf"},{"key":"e_1_3_3_2_3_2","volume-title":"Fake \"Security Alert\" Issues on GitHub Use OAuth App to Hijack Accounts","author":"Abrams Lawrence","year":"2025","unstructured":"Lawrence Abrams. 2025. Fake \"Security Alert\" Issues on GitHub Use OAuth App to Hijack Accounts. https:\/\/www.bleepingcomputer.com\/news\/security\/fake-security-alert-issues-on-github-use-oauth-app-to-hijack-accounts\/"},{"key":"e_1_3_3_2_4_2","volume-title":"USENIX Security Symposium","author":"Akhawe Devdatta","year":"2013","unstructured":"Devdatta Akhawe and Adrienne\u00a0Porter Felt. 2013. Alice in warningland: a large-scale field study of browser security warning effectiveness. In USENIX Security Symposium."},{"key":"e_1_3_3_2_5_2","doi-asserted-by":"publisher","DOI":"10.1145\/3313831.3376168"},{"key":"e_1_3_3_2_6_2","doi-asserted-by":"publisher","DOI":"10.1145\/3411764.3445574"},{"key":"e_1_3_3_2_7_2","first-page":"1","volume-title":"Symposium on Digital Behaviour Intervention for Cyber Security","author":"Althobaiti Kholoud","year":"2018","unstructured":"Kholoud Althobaiti, Kami Vaniea, and Serena Zheng. 2018. Faheem: Explaining URLs to people using a Slack bot. In Symposium on Digital Behaviour Intervention for Cyber Security. 1\u20138."},{"key":"e_1_3_3_2_8_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-46540-7_10"},{"key":"e_1_3_3_2_9_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-70278-0_39"},{"key":"e_1_3_3_2_10_2","doi-asserted-by":"publisher","DOI":"10.1145\/2501604.2501610"},{"key":"e_1_3_3_2_11_2","doi-asserted-by":"publisher","unstructured":"Robert\u00a0L. Brennan and Dale\u00a0J. Prediger. 1981. Coefficient Kappa: Some Uses Misuses and Alternatives. Educational and Psychological Measurement 41 3 (1981) 687\u2013699. 10.1177\/001316448104100307","DOI":"10.1177\/001316448104100307"},{"key":"e_1_3_3_2_12_2","volume-title":"USENIX Security Symposium","author":"Brunken Lina","year":"2023","unstructured":"Lina Brunken, Annalina Buckmann, Jonas Hielscher, and M.\u00a0Angela Sasse. 2023. \"To Do This Properly, You Need More Resources\": The Hidden Costs of Introducing Simulated Phishing Campaigns. In USENIX Security Symposium."},{"key":"e_1_3_3_2_13_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-18500-2_8"},{"key":"e_1_3_3_2_14_2","doi-asserted-by":"crossref","unstructured":"Deanna\u00a0D Caputo Shari\u00a0Lawrence Pfleeger Jesse\u00a0D Freeman and M\u00a0Eric Johnson. 2013. Going spear phishing: Exploring embedded training and awareness. IEEE Security & Privacy 12 1 (2013) 28\u201338.","DOI":"10.1109\/MSP.2013.106"},{"key":"e_1_3_3_2_15_2","doi-asserted-by":"publisher","DOI":"10.1109\/BigData.2017.8258485"},{"key":"e_1_3_3_2_16_2","doi-asserted-by":"publisher","unstructured":"Xiaowei Chen Margault Sacr\u00e9 Gabriele Lenzini Samuel Greiff Verena Distler and Anastasia Sergeeva. 2024. The Effects of Group Discussion and Role-playing Training on Self-efficacy Support-seeking and Reporting Phishing Emails: Evidence from a Mixed-design Experiment. (Feb. 2024). 10.1145\/3613904.3641943arXiv:https:\/\/arXiv.org\/abs\/2402.11862 [cs].","DOI":"10.1145\/3613904.3641943"},{"key":"e_1_3_3_2_17_2","volume-title":"SOUPS","author":"Conway Dan","year":"2017","unstructured":"Dan Conway, Ronnie Taib, Mitch Harris, Kun Yu, Shlomo Berkovsky, and Fang Chen. 2017. A Qualitative Investigation of Bank Employee Experiences of Information Security and Phishing. In SOUPS. Santa Clara, CA. https:\/\/www.usenix.org\/conference\/soups2017\/technical-sessions\/presentation\/conway"},{"key":"e_1_3_3_2_18_2","doi-asserted-by":"publisher","unstructured":"Ronald\u00a0C. Dodge Curtis Carver and Aaron\u00a0J. Ferguson. 2007. Phishing for user security awareness. Computers & Security 26 1 (Feb. 2007) 73\u201380. 10.1016\/j.cose.2006.10.009","DOI":"10.1016\/j.cose.2006.10.009"},{"key":"e_1_3_3_2_19_2","doi-asserted-by":"publisher","DOI":"10.1145\/1357054.1357219"},{"key":"e_1_3_3_2_20_2","doi-asserted-by":"publisher","unstructured":"William\u00a0J. Gordon Adam Wright Ranjit Aiyagari Leslie Corbo Robert\u00a0J. Glynn Jigar Kadakia Jack Kufahl Christina Mazzone James Noga Mark Parkulo Brad Sanford Paul Scheib and Adam\u00a0B. Landman. 2019. Assessment of Employee Susceptibility to Phishing Attacks at US Health Care Institutions. JAMA Network Open 2 3 (2019) e190393. 10.1001\/jamanetworkopen.2019.0393","DOI":"10.1001\/jamanetworkopen.2019.0393"},{"key":"e_1_3_3_2_21_2","doi-asserted-by":"publisher","unstructured":"Kristen Greene Michelle Steves and Mary Theofanos. 2018. No Phishing beyond This Point. Computer 51 6 (June 2018). 10.1109\/MC.2018.2701632","DOI":"10.1109\/MC.2018.2701632"},{"key":"e_1_3_3_2_22_2","doi-asserted-by":"publisher","DOI":"10.14722\/usec.2018.23016"},{"key":"e_1_3_3_2_23_2","doi-asserted-by":"publisher","unstructured":"Frank\u00a0L. Greitzer Wanru Li Kathryn\u00a0B. Laskey James Lee and Justin Purl. 2021. Experimental Investigation of Technical and Human Factors Related to Phishing Susceptibility. ACM Transactions on Social Computing 4 2 (June 2021) 1\u201348. 10.1145\/3461672","DOI":"10.1145\/3461672"},{"key":"e_1_3_3_2_24_2","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2015.670"},{"key":"e_1_3_3_2_25_2","volume-title":"SOUPS","author":"Hasegawa Ayako\u00a0A.","year":"2021","unstructured":"Ayako\u00a0A. Hasegawa, Naomi Yamashita, Mitsuaki Akiyama, and Tatsuya Mori. 2021. Why They Ignore English Emails: The Challenges of Non-Native Speakers in Identifying Phishing Emails. In SOUPS. https:\/\/www.usenix.org\/conference\/soups2021\/presentation\/hasegawa"},{"key":"e_1_3_3_2_26_2","doi-asserted-by":"publisher","unstructured":"Doron Hillman Yaniv Harel and Eran Toch. 2023. Evaluating organizational phishing awareness training on an enterprise scale. Computers & Security 132 (Sept. 2023) 103364. 10.1016\/j.cose.2023.103364","DOI":"10.1016\/j.cose.2023.103364"},{"key":"e_1_3_3_2_27_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP61157.2025.00076"},{"key":"e_1_3_3_2_28_2","volume-title":"Nearly Half a Billion Emails to Businesses Contain Malicious Content, Hornetsecurity Report Finds","year":"2024","unstructured":"Hornetsecurity. 2024. Nearly Half a Billion Emails to Businesses Contain Malicious Content, Hornetsecurity Report Finds. Hornetsecurity \u2013 Next-Gen Microsoft 365 Security. https:\/\/www.hornetsecurity.com\/en\/blog\/cyber-security-report-2025-press-release\/"},{"key":"e_1_3_3_2_29_2","doi-asserted-by":"publisher","DOI":"10.1109\/SecDev.2018.00020"},{"key":"e_1_3_3_2_30_2","doi-asserted-by":"publisher","unstructured":"K. Jansson and R.\u00a0V. Solms. 2013. Phishing for Phishing Awareness. Behaviour & Information Technology 32 6 (2013). 10.1080\/0144929X.2011.632650","DOI":"10.1080\/0144929X.2011.632650"},{"key":"e_1_3_3_2_31_2","volume-title":"2025 Phishing Statistics: (Updated August 2025) - Keepnet","author":"Labs Keepnet","unstructured":"Keepnet Labs. [n. d.]. 2025 Phishing Statistics: (Updated August 2025) - Keepnet. Keepnet Labs Blog. https:\/\/keepnetlabs.com\/blog\/top-phishing-statistics-and-trends-you-must-know"},{"key":"e_1_3_3_2_32_2","doi-asserted-by":"publisher","DOI":"10.1109\/CRISIS.2012.6378951"},{"key":"e_1_3_3_2_33_2","doi-asserted-by":"publisher","DOI":"10.1145\/1240624.1240760"},{"key":"e_1_3_3_2_34_2","doi-asserted-by":"crossref","unstructured":"Ponnurangam Kumaraguru Steve Sheng Alessandro Acquisti Lorrie\u00a0Faith Cranor and Jason\u00a0I. Hong. 2010. Teaching Johnny not to fall for phish. ACM Transactions on Internet Technology 10 (2010) 1\u201331.","DOI":"10.1145\/1754393.1754396"},{"key":"e_1_3_3_2_35_2","doi-asserted-by":"publisher","unstructured":"Daniele Lain Kari Kostiainen and Srdjan \u010capkun. 2022. Phishing in Organizations: Findings from a Large-Scale and Long-Term Study. 10.1109\/SP46214.2022.9833766","DOI":"10.1109\/SP46214.2022.9833766"},{"key":"e_1_3_3_2_36_2","volume-title":"USENIX Security Symposium","author":"Lain Daniele","year":"2025","unstructured":"Daniele Lain, Yoshimichi Nakatsuka, Kari Kostiainen, Gene Tsudik, and Srdjan Capkun. 2025. URL inspection tasks: helping users detect phishing links in emails. In USENIX Security Symposium."},{"key":"e_1_3_3_2_37_2","doi-asserted-by":"crossref","unstructured":"Sourena Maroofi Maciej Korczy\u0144ski Arnold H\u00f6lzel and Andrzej Duda. 2021. Adoption of email anti-spoofing schemes: a large scale analysis. IEEE Transactions on Network and Service Management 18 3 (2021) 3184\u20133196.","DOI":"10.1109\/TNSM.2021.3065422"},{"key":"e_1_3_3_2_38_2","doi-asserted-by":"publisher","DOI":"10.1109\/SECON.2018.8479109"},{"key":"e_1_3_3_2_39_2","doi-asserted-by":"publisher","DOI":"10.1145\/3290605.3300748"},{"key":"e_1_3_3_2_40_2","volume-title":"SOUPS","author":"Reinheimer Benjamin","year":"2020","unstructured":"Benjamin Reinheimer, Lukas Aldag, Peter Mayer, Mattia Mossano, Reyhan Duezguen, Bettina Lofthouse, Tatiana von Landesberger, and Melanie Volkamer. 2020. An investigation of phishing awareness and education over time: When and how to best remind users. In SOUPS. https:\/\/www.usenix.org\/conference\/soups2020\/presentation\/reinheimer"},{"key":"e_1_3_3_2_41_2","doi-asserted-by":"publisher","DOI":"10.1145\/3313831.3376298"},{"key":"e_1_3_3_2_42_2","doi-asserted-by":"publisher","DOI":"10.1145\/1140124.1140187"},{"key":"e_1_3_3_2_43_2","doi-asserted-by":"publisher","DOI":"10.1145\/3658644.3690212"},{"key":"e_1_3_3_2_44_2","unstructured":"Martin Schrepp. 2023. User Experience Questionnaire Handbook (Version 11). https:\/\/www.ueq-online.org\/Material\/Handbook.pdf"},{"key":"e_1_3_3_2_45_2","volume-title":"UEQ - User Experience Questionnaire","author":"Schrepp Martin","year":"2018","unstructured":"Martin Schrepp. 2018. UEQ - User Experience Questionnaire. https:\/\/www.ueq-online.org\/"},{"key":"e_1_3_3_2_46_2","doi-asserted-by":"publisher","unstructured":"Martin Schrepp Andreas Hinderks and J\u00f6rg Thomaschewski. 2017. Design and Evaluation of a Short Version of the User Experience Questionnaire (UEQ-S). 4 6 (2017) 103. 10.9781\/ijimai.2017.09.001","DOI":"10.9781\/ijimai.2017.09.001"},{"key":"e_1_3_3_2_47_2","doi-asserted-by":"publisher","unstructured":"Jasmin Schwab Alexander Nu\u00dfbaum Anastasia Sergeeva Florian Alt and Verena Distler. 2024. What Makes Phishing Simulation Campaigns (Un)Acceptable? A Vignette Experiment on the Acceptance and Manipulation Intention Related to Phishing Simulation Campaigns. 4737715 (Feb. 2024). 10.2139\/ssrn.4737715","DOI":"10.2139\/ssrn.4737715"},{"key":"e_1_3_3_2_48_2","doi-asserted-by":"publisher","DOI":"10.1145\/1280680.1280692"},{"key":"e_1_3_3_2_49_2","volume-title":"USENIX Workshop on CSET","author":"Siadati Hossein","year":"2017","unstructured":"Hossein Siadati, Sean Palka, Avi Siegel, and Damon McCoy. 2017. Measuring the Effectiveness of Embedded Phishing Exercises. In USENIX Workshop on CSET. USENIX Association. https:\/\/www.usenix.org\/conference\/cset17\/workshop-program\/presentation\/siadatii"},{"key":"e_1_3_3_2_50_2","doi-asserted-by":"publisher","unstructured":"Michelle Steves Kristen Greene and Mary Theofanos. 2020. Categorizing human phishing difficulty: a Phish Scale. Journal of Cybersecurity 6 1 (09 2020). 10.1093\/cybsec\/tyaa009tyaa009.","DOI":"10.1093\/cybsec\/tyaa009"},{"key":"e_1_3_3_2_51_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-33630-5_10"},{"key":"e_1_3_3_2_52_2","volume-title":"USENIX Security Symposium","author":"Sunshine Joshua","year":"2009","unstructured":"Joshua Sunshine, Serge Egelman, Hazim Almuhimedi, Neha Atri, and Lorrie\u00a0Faith Cranor. 2009. Crying Wolf: An Empirical Study of SSL Warning Effectiveness. In USENIX Security Symposium."},{"key":"e_1_3_3_2_53_2","doi-asserted-by":"publisher","DOI":"10.1145\/3719027.3765164"},{"key":"e_1_3_3_2_54_2","volume-title":"Hackers Now Use \u2018Sock Puppets\u2019 for More Realistic Phishing Attacks","author":"Toulas Bill","year":"2022","unstructured":"Bill Toulas. 2022. Hackers Now Use \u2018Sock Puppets\u2019 for More Realistic Phishing Attacks. BleepingComputer. https:\/\/www.bleepingcomputer.com\/news\/security\/hackers-now-use-sock-puppets-for-more-realistic-phishing-attacks\/"},{"key":"e_1_3_3_2_55_2","doi-asserted-by":"publisher","unstructured":"Kai\u00a0Florian Tschakert and Sudsanguan Ngamsuriyaroj. 2019. Effectiveness of and user preferences for security awareness training methodologies. Heliyon 5 6 (June 2019) e02010. 10.1016\/j.heliyon.2019.e02010","DOI":"10.1016\/j.heliyon.2019.e02010"},{"key":"e_1_3_3_2_56_2","doi-asserted-by":"publisher","unstructured":"Melanie Volkamer Karen Renaud Benjamin Reinheimer and Alexandra Kunz. 2017. User experiences of TORPEDO: TOoltip-poweRed Phishing Email DetectiOn. Computers & Security 71 (2017) 100\u2013113. 10.1016\/j.cose.2017.02.004","DOI":"10.1016\/j.cose.2017.02.004"},{"key":"e_1_3_3_2_57_2","doi-asserted-by":"publisher","unstructured":"Melanie Volkamer Martina\u00a0Angela Sasse and Franziska Boehm. 2020. Analysing Simulated Phishing Campaigns for Staff. 312\u2013328. 10.1007\/978-3-030-66504-3_19","DOI":"10.1007\/978-3-030-66504-3_19"},{"key":"e_1_3_3_2_58_2","doi-asserted-by":"publisher","DOI":"10.1145\/3173574.3174066"},{"key":"e_1_3_3_2_59_2","volume-title":"SOUPS","author":"Wash Rick","year":"2021","unstructured":"Rick Wash, Norbert Nthala, and Emilee Rader. 2021. Knowledge and Capabilities that Non-Expert Users Bring to Phishing Detection. In SOUPS. USENIX Association. https:\/\/www.usenix.org\/conference\/soups2021\/presentation\/wash"},{"key":"e_1_3_3_2_60_2","doi-asserted-by":"publisher","unstructured":"Patrickson Weanquoi J. Johnson and Jinghua Zhang. 2018. Using a Game to Improve Phishing Awareness. Journal of Cybersecurity Education Research and Practice 2018 2 (2018). 10.62915\/2472-2707.1040","DOI":"10.62915\/2472-2707.1040"},{"key":"e_1_3_3_2_61_2","doi-asserted-by":"publisher","DOI":"10.1145\/3290605.3300338"},{"key":"e_1_3_3_2_62_2","doi-asserted-by":"publisher","unstructured":"Emma\u00a0J. Williams Joanne Hinds and Adam\u00a0N. Joinson. 2018. Exploring susceptibility to phishing in the workplace. International Journal of Human-Computer Studies 120 (2018) 1\u201313. 10.1016\/j.ijhcs.2018.06.004","DOI":"10.1016\/j.ijhcs.2018.06.004"},{"key":"e_1_3_3_2_63_2","doi-asserted-by":"publisher","unstructured":"William Yeoh He Huang Wang-Sheng Lee Fadi\u00a0Al Jafari and Rachel Mansson. 2022. Simulated Phishing Attack and Embedded Training Campaign. Journal of Computer Information Systems 62 4 (2022) 802\u2013821. 10.1080\/08874417.2021.1919941","DOI":"10.1080\/08874417.2021.1919941"},{"key":"e_1_3_3_2_64_2","volume-title":"SOUPS","author":"Zheng Sarah\u00a0Y.","year":"2023","unstructured":"Sarah\u00a0Y. Zheng and Ingolf Becker. 2023. Checking, nudging or scoring? Evaluating e-mail user security tools. In SOUPS. https:\/\/www.usenix.org\/conference\/soups2023\/presentation\/zheng"}],"event":{"name":"CHI 2026: CHI Conference on Human Factors in Computing Systems","location":"Barcelona Spain","acronym":"CHI '26","sponsor":["SIGCHI ACM Special Interest Group on Computer-Human Interaction"]},"container-title":["Proceedings of the 2026 CHI Conference on Human Factors in Computing Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3772318.3791490","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,13]],"date-time":"2026-04-13T07:22:24Z","timestamp":1776064944000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3772318.3791490"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,4,13]]},"references-count":63,"alternative-id":["10.1145\/3772318.3791490","10.1145\/3772318"],"URL":"https:\/\/doi.org\/10.1145\/3772318.3791490","relation":{},"subject":[],"published":{"date-parts":[[2026,4,13]]},"assertion":[{"value":"2026-04-13","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}