Ethical Implications and Consequences of Phishing Studies in Organizations - An Empirical Perspective

  • Marc Busch (Speaker)
  • Yung Shin Van der Sype (Author)
  • Michaela Reisinger (Author)
  • Peter Fröhlich (Author)
  • Christina Hochleitner (Author)
  • Tscheligi, M. (Author)

Activity: Talk or presentation / LecturePresentation at a scientific conference / workshop

Description

With employees being still the weakest link in organizational information security, phishing studies are becoming increasingly important and are more frequently employed as a research method. Ensuring the validity of results often calls for the use of deception in phishing research. Yet, deception as a research practice has severe ethical implications: researchers and practitioners have to account for possible emotional harm and distress of participants. Unfortunately, empirical data to estimate this potential harm and distress is still rare. In an ongoing study, we are collecting quantitative and qualitative data on emotional and social effects on employees participating in an organizational phishing study. From this data, we will derive guidelines to estimate possible negative effects and suggest interventions for remediation.
Period7 May 201612 May 2016
Event titleCHI 2016 - Conference on Human Factors in Computing Systems
Event typeOther
Degree of RecognitionInternational

Research Field

  • Former Research Field - Technology Experience