[The evaluation of three kinds of training to mitigate phishing attacks]
I am Xiaomeng Zhang, a Cyber Security Risk Management student at the University of Southampton. I am requesting your participation in a study regarding learning to spot phishing attacks. The study should last approximately 15 minutes. You will be asked to fill out a short questionnaire. Personal information will not be released or viewed by anyone other than researchers involved in this project. A debriefing statement will be given to you upon completion of the study.
Any information you give will be kept completely confidential and in no cases will responses from individual participants be identified. As with any piece of research it is important to consider whether there are any risks to participants. The study involves minimal risk to participants (i.e., the level of risk encountered in daily life). There may be no direct benefit to you other than the sense of helping the public at large and contributing to knowledge.
All responses are treated as confidential, and in no case will responses from individual participants be identified. Rather, all data will be pooled and published in aggregate form only. Participants should be aware, however, that the experiment is not being run from a 'secure' https server of the kind typically used to handle credit card transactions, so there is a small possibility that responses could be viewed by unauthorized third parties (e.g., computer hackers). However, the data would appear only as a string of numbers, so your responses will remain totally anonymous.
Visitors to this website are welcome to complete the study, although they will receive no credit or monetary compensation. Participation is voluntary, refusal to take part in the study involves no penalty or loss of benefits to which participants are otherwise entitled, and participants may withdraw from the study at any time without penalty or loss of benefits to which they are otherwise entitled.
If participants have further questions about this study, they may contact the principal investigator, Xiaomeng Zhang at (xz1m17@soton.ac.uk).
If participants have further questions about their rights or if they wish to lodge a complaint or concern, they may contact Head of Research Governance, Research Governance Office, University of Southampton, Southampton, SO17 1BJ. (Phone: 02380 595058, Email: rgoinfo@soton.ac.uk)
In this survey you will do:
1) a pre-test of your ability to identify phishing emails,
2) see some helpful advice about how to identify them,
3) answer three simple questions about how you liked the advice, and
4) do a final test of your ability to spot phishing emails.