text-only page produced automatically by LIFT Text Transcoder Skip all navigation and go to page contentSkip top navigation and go to directorate navigationSkip top navigation and go to page navigation
National Science Foundation Home National Science Foundation - Computer & Information Science & Engineering (CISE)
Computer & Information Science & Engineering (CISE)
design element
About CISE
Funding Opportunities
Advisory Committee
Career Opportunities
Advisory Committee for Cyberinfrastructure
See Additional CISE Resources
View CISE Staff
CISE Organizations
Advanced Cyberinfrastructure (ACI)
Computing and Communication Foundations (CCF)
Computer and Network Systems (CNS)
Information & Intelligent Systems (IIS)
Proposals and Awards
Proposal and Award Policies and Procedures Guide
Proposal Preparation and Submission
bullet Grant Proposal Guide
  bullet Grants.gov Application Guide
Award and Administration
bullet Award and Administration Guide
Award Conditions
Merit Review
NSF Outreach
Policy Office
Additional CISE Resources
Advisory Committee Meetings
Career Opportunities
Funding Rates
Budget Excerpt
Assistant Director's Presentations and Congressional Testimony
CS Bits & Bytes
CISE Distinguished Lecture Series
Cyberlearning Webinar Series
Data Science Webinar Series
Smart & Connected Health Webinar Series
WATCH Series
CISE Strategic Plan for Broadening Participation
Keith Marzullo on Serving in CISE
Cybersecurity Ideas Lab Report
Other Site Features
Special Reports
Research Overviews
Multimedia Gallery
Classroom Resources
NSF-Wide Investments

Save the dateEmail this pagePrint this page
WATCH - Going Spear Phishing: Exploring Embedded Training & Awareness

WATCH - Deanna Caputo - Feb 20 at noon

February 20, 2014 12:00 PM  to 
February 20, 2014 1:00 PM
NSF Room 110


To explore the effectiveness of embedded training, we conducted a large-scale experiment that tracked workers' reactions to a series of carefully crafted spear phishing emails and to a variety of immediate training and awareness activities. Based on behavioral science findings, the experiment included four different training conditions, each of which used a different type of message framing. The results from three trials showed that framing had no significant effect on the likelihood that a participant would click on a subsequent spear phishing email, and that many participants either clicked on all links or none regardless of whether they received training or what kind of training they received. The results suggest that embedded training was ineffective because employees failed to read the training materials. We were therefore unable to determine whether the embedded training materials created framing changes on susceptibility to spear phishing attacks. Dr. Caputo will discuss the study results, why users may have feared the training, and what this means for strengthening our human firewalls against advanced spear phishing attacks


Deanna D. Caputo received her Ph.D. in Social and Personality Psychology from Cornell University, with specialization in Judgment and Decision-making and Psychology and Law. She currently works in the Washington D.C area for the MITRE Corporation as a Principal Behavioral Psychologist supporting the United States law enforcement and intelligence communities, and previously worked for the US Department of Defense as a senior human factors intelligence analyst. Dr. Caputo has almost 20 years experience in designing, conducting, and analyzing experimental research with human participants, using both quantitative and qualitative analyses. She is also proficient in profiling human decision-making behavior and conducting social network analyses. Her main area of research and operational consultation is human behavior and cyber security, particularly insider threat. Dr. Caputo has multiple psychological articles published in peer-reviewed journals, authored a book chapter, and her most recent publications are "Going Spear phishing: Exploring Embedded Training and Awareness," IEE Security & Privacy, (In Press); "Leveraging Behavioral Science to Mitigate Cyber Security Risk, Computers and Security, May 2012; and "Detecting the Theft of Trade Secrets by Insiders: A Summary of MITRE Insider Threat Research," IEEE Security & Privacy, Nov/Dec 2009.

To Join the Webinar:

The Webinar will be held from 12:00-1:00pm EDT on February 20, 2014 in Room 110.

To attend virtually, please register at: http://www.tvworldwide.com/events/nsf/140220/

This event is part of Webinars/Webcasts.

Meeting Type

Keith Marzullo, (703) 292-8950, kmarzull@nsf.gov

NSF Related Organizations
Directorate for Computer & Information Science & Engineering


Save the dateEmail this pagePrint this page
Back to Top of page