{"id":"https://openalex.org/W4416548921","doi":"https://doi.org/10.1145/3719027.3765164","title":"Phishing Susceptibility and the (In-)Effectiveness of Common Anti-Phishing Interventions in a Large University Hospital","display_name":"Phishing Susceptibility and the (In-)Effectiveness of Common Anti-Phishing Interventions in a Large University Hospital","publication_year":2025,"publication_date":"2025-11-19","ids":{"openalex":"https://openalex.org/W4416548921","doi":"https://doi.org/10.1145/3719027.3765164"},"language":"en","primary_location":{"id":"doi:10.1145/3719027.3765164","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3719027.3765164","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3719027.3765164","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3719027.3765164","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5011659062","display_name":"Jan Tolsdorf","orcid":"https://orcid.org/0000-0002-1961-100X"},"institutions":[{"id":"https://openalex.org/I193531525","display_name":"George Washington University","ror":"https://ror.org/00y4zzh67","country_code":"US","type":"education","lineage":["https://openalex.org/I193531525"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Jan Tolsdorf","raw_affiliation_strings":["The George Washington University, Washington, D.C., USA"],"affiliations":[{"raw_affiliation_string":"The George Washington University, Washington, D.C., USA","institution_ids":["https://openalex.org/I193531525"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5006761866","display_name":"David Langer","orcid":"https://orcid.org/0000-0003-0644-4799"},"institutions":[{"id":"https://openalex.org/I155417937","display_name":"Hochschule Bonn-Rhein-Sieg","ror":"https://ror.org/04m2anh63","country_code":"DE","type":"education","lineage":["https://openalex.org/I155417937"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"David Langer","raw_affiliation_strings":["H-BRS University of Applied Sciences, Sankt Augustin, Germany"],"affiliations":[{"raw_affiliation_string":"H-BRS University of Applied Sciences, Sankt Augustin, Germany","institution_ids":["https://openalex.org/I155417937"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5037591969","display_name":"Luigi Lo Iacono","orcid":"https://orcid.org/0000-0002-7863-0622"},"institutions":[{"id":"https://openalex.org/I200763008","display_name":"Justus-Liebig-Universit\u00e4t Gie\u00dfen","ror":"https://ror.org/033eqas34","country_code":"DE","type":"education","lineage":["https://openalex.org/I200763008"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Luigi Lo Iacono","raw_affiliation_strings":["Justus Liebig University Giessen, Giessen, Germany"],"affiliations":[{"raw_affiliation_string":"Justus Liebig University Giessen, Giessen, Germany","institution_ids":["https://openalex.org/I200763008"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5011659062"],"corresponding_institution_ids":["https://openalex.org/I193531525"],"apc_list":null,"apc_paid":null,"fwci":3.0272,"has_fulltext":true,"cited_by_count":1,"citation_normalized_percentile":{"value":0.94005152,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"4334","last_page":"4348"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9506999850273132,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9506999850273132,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12519","display_name":"Cybercrime and Law Enforcement Studies","score":0.005900000222027302,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.004900000058114529,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/phishing","display_name":"Phishing","score":0.8585000038146973},{"id":"https://openalex.org/keywords/psychological-intervention","display_name":"Psychological intervention","score":0.7638000249862671},{"id":"https://openalex.org/keywords/workforce","display_name":"Workforce","score":0.5178999900817871},{"id":"https://openalex.org/keywords/health-care","display_name":"Health care","score":0.4401000142097473},{"id":"https://openalex.org/keywords/intervention","display_name":"Intervention (counseling)","score":0.41819998621940613},{"id":"https://openalex.org/keywords/german","display_name":"German","score":0.34540000557899475},{"id":"https://openalex.org/keywords/point","display_name":"Point (geometry)","score":0.3361999988555908}],"concepts":[{"id":"https://openalex.org/C83860907","wikidata":"https://www.wikidata.org/wiki/Q135005","display_name":"Phishing","level":3,"score":0.8585000038146973},{"id":"https://openalex.org/C27415008","wikidata":"https://www.wikidata.org/wiki/Q7256382","display_name":"Psychological intervention","level":2,"score":0.7638000249862671},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.5691999793052673},{"id":"https://openalex.org/C2778139618","wikidata":"https://www.wikidata.org/wiki/Q13440398","display_name":"Workforce","level":2,"score":0.5178999900817871},{"id":"https://openalex.org/C71924100","wikidata":"https://www.wikidata.org/wiki/Q11190","display_name":"Medicine","level":0,"score":0.4490000009536743},{"id":"https://openalex.org/C160735492","wikidata":"https://www.wikidata.org/wiki/Q31207","display_name":"Health care","level":2,"score":0.4401000142097473},{"id":"https://openalex.org/C2780665704","wikidata":"https://www.wikidata.org/wiki/Q959298","display_name":"Intervention (counseling)","level":2,"score":0.41819998621940613},{"id":"https://openalex.org/C154775046","wikidata":"https://www.wikidata.org/wiki/Q188","display_name":"German","level":2,"score":0.34540000557899475},{"id":"https://openalex.org/C28719098","wikidata":"https://www.wikidata.org/wiki/Q44946","display_name":"Point (geometry)","level":2,"score":0.3361999988555908},{"id":"https://openalex.org/C545542383","wikidata":"https://www.wikidata.org/wiki/Q2751242","display_name":"Medical emergency","level":1,"score":0.33180001378059387},{"id":"https://openalex.org/C2776035688","wikidata":"https://www.wikidata.org/wiki/Q1606558","display_name":"Affect (linguistics)","level":2,"score":0.3179999887943268},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.31349998712539673},{"id":"https://openalex.org/C2779328685","wikidata":"https://www.wikidata.org/wiki/Q1475557","display_name":"Patient safety","level":3,"score":0.29330000281333923},{"id":"https://openalex.org/C3017595490","wikidata":"https://www.wikidata.org/wiki/Q17006263","display_name":"University hospital","level":2,"score":0.29319998621940613},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2897999882698059},{"id":"https://openalex.org/C159110408","wikidata":"https://www.wikidata.org/wiki/Q121176","display_name":"Nursing","level":1,"score":0.2856000065803528},{"id":"https://openalex.org/C2779473830","wikidata":"https://www.wikidata.org/wiki/Q1540899","display_name":"MEDLINE","level":2,"score":0.27950000762939453},{"id":"https://openalex.org/C2779585090","wikidata":"https://www.wikidata.org/wiki/Q3457762","display_name":"Resilience (materials science)","level":2,"score":0.2754000127315521},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.27459999918937683},{"id":"https://openalex.org/C2781460075","wikidata":"https://www.wikidata.org/wiki/Q1399332","display_name":"Compliance (psychology)","level":2,"score":0.2736000120639801},{"id":"https://openalex.org/C71745522","wikidata":"https://www.wikidata.org/wiki/Q2476929","display_name":"Confidentiality","level":2,"score":0.2700999975204468},{"id":"https://openalex.org/C512399662","wikidata":"https://www.wikidata.org/wiki/Q3505712","display_name":"Family medicine","level":1,"score":0.26739999651908875}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3719027.3765164","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3719027.3765164","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3719027.3765164","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},{"id":"pmh:oai:pub.h-brs.de:9349","is_oa":true,"landing_page_url":"https://pub.h-brs.de/frontdoor/index/index/docId/9349","pdf_url":null,"source":{"id":"https://openalex.org/S4306400385","display_name":"Publication Server of Bonn-Rhein-Sieg University of Applied Sciences (Bonn-Rhein-Sieg University of Applied Sciences)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I135140700","host_organization_name":"University of Bonn","host_organization_lineage":["https://openalex.org/I135140700"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Huang, Chen et al. (Eds.): Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security, CCS '25, Taipei, Taiwan, October 13-17, 2025","raw_type":"publishedVersion"}],"best_oa_location":{"id":"doi:10.1145/3719027.3765164","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3719027.3765164","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3719027.3765164","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320321721","display_name":"Bundesministerium f\u00fcr Gesundheit","ror":"https://ror.org/05vp4ka74"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4416548921.pdf","grobid_xml":"https://content.openalex.org/works/W4416548921.grobid-xml"},"referenced_works_count":49,"referenced_works":["https://openalex.org/W1980694603","https://openalex.org/W2002964284","https://openalex.org/W2006901874","https://openalex.org/W2045591401","https://openalex.org/W2074739635","https://openalex.org/W2099889974","https://openalex.org/W2100060804","https://openalex.org/W2142287040","https://openalex.org/W2290364176","https://openalex.org/W2510191132","https://openalex.org/W2532005295","https://openalex.org/W2586631747","https://openalex.org/W2599060790","https://openalex.org/W2611753819","https://openalex.org/W2788456181","https://openalex.org/W2794598542","https://openalex.org/W2883464778","https://openalex.org/W2905450671","https://openalex.org/W2920948679","https://openalex.org/W2922409314","https://openalex.org/W2942101457","https://openalex.org/W2948021903","https://openalex.org/W2948210035","https://openalex.org/W2976990364","https://openalex.org/W2988892516","https://openalex.org/W3008986420","https://openalex.org/W3012440729","https://openalex.org/W3029902578","https://openalex.org/W3047864016","https://openalex.org/W3080706485","https://openalex.org/W3085353310","https://openalex.org/W3136984547","https://openalex.org/W3203517180","https://openalex.org/W4213379419","https://openalex.org/W4220967768","https://openalex.org/W4288057710","https://openalex.org/W4288076474","https://openalex.org/W4292994367","https://openalex.org/W4296079524","https://openalex.org/W4302441632","https://openalex.org/W4311134468","https://openalex.org/W4388543382","https://openalex.org/W4391293993","https://openalex.org/W4392730060","https://openalex.org/W4399266464","https://openalex.org/W4402954709","https://openalex.org/W4404880964","https://openalex.org/W4405181290","https://openalex.org/W4413177878"],"related_works":[],"abstract_inverted_index":{"Phishing":[0],"attacks":[1],"via":[2],"email":[3,46,82,94,188],"remain":[4],"a":[5,71,76,129,136],"major":[6],"entry":[7],"point":[8],"for":[9,30,141,219],"security":[10],"and":[11,27,65,100,104,156,166,180,205,224],"privacy":[12],"breaches":[13],"in":[14,44,222],"hospitals.":[15],"In":[16,175],"the":[17,55,181,208],"European":[18],"Union,":[19],"faced":[20],"with":[21,201],"both":[22],"regulatory":[23],"pressure":[24],"to":[25,35,84],"act":[26],"limited":[28],"resources":[29],"cybersecurity,":[31],"hospitals":[32],"may":[33],"resort":[34],"minimal-effort,":[36],"off-the-shelf":[37],"anti-phishing":[38,109],"interventions":[39,110,148],"such":[40,162,212],"as":[41,96,163],"warning":[42,168],"banners":[43],"enterprise":[45],"systems.":[47],"However,":[48],"their":[49],"effectiveness":[50,122],"remains":[51],"uncertain,":[52],"particularly":[53],"given":[54],"highly":[56],"diverse":[57],"workforce":[58],"comprising":[59],"medical,":[60],"nursing,":[61],"functional,":[62],"administrative,":[63],"IT,":[64],"other":[66],"staff":[67,91,113,126,199],"groups.":[68,127],"We":[69,115],"conducted":[70],"large-scale":[72],"phishing":[73,87,133,158,220],"simulation":[74],"at":[75],"German":[77],"university":[78],"hospital,":[79],"targeting":[80],"7,044":[81],"accounts,":[83],"analyze":[85],"how":[86,93,105],"susceptibility":[88,118],"varies":[89],"across":[90,125],"groups,":[92],"characteristics---such":[95],"timing,":[97],"tone,":[98],"context,":[99],"persuasive":[101],"framing---influence":[102],"susceptibility,":[103],"11":[106],"common":[107],"in-situ":[108],"affect":[111],"risky":[112],"behavior.":[114],"found":[116],"that":[117,139,197],"but":[119,172],"also":[120],"intervention":[121],"differed":[123],"markedly":[124],"Even":[128],"small":[130],"number":[131],"of":[132,185,211],"emails":[134],"posed":[135],"substantial":[137],"risk":[138],"persisted":[140],"about":[142],"three":[143],"days.":[144],"The":[145],"most":[146],"effective":[147],"involved":[149],"robust":[150],"technical":[151],"detection,":[152],"including":[153],"spam":[154],"filtering":[155],"in-email":[157],"warnings.":[159],"Friction-based":[160],"measures,":[161],"disabling":[164],"links":[165],"active":[167],"pages,":[169],"showed":[170],"mixed":[171],"promising":[173],"effects.":[174,194],"contrast,":[176],"display":[177],"name":[178],"suppression":[179],"widely":[182],"used":[183],"method":[184],"generic":[186],"[EXTERNAL]":[187],"tagging":[189],"had":[190],"no":[191],"or":[192],"inconsistent":[193],"Surveys":[195],"revealed":[196],"some":[198],"reacted":[200],"fear,":[202],"shame,":[203],"guilt,":[204],"hostility,":[206],"highlighting":[207],"ethical":[209],"challenges":[210],"simulations.":[213],"Our":[214],"findings":[215],"provide":[216],"actionable":[217],"guidance":[218],"resilience":[221],"healthcare":[223],"similarly":[225],"complex":[226],"organizations.":[227]},"counts_by_year":[{"year":2026,"cited_by_count":1}],"updated_date":"2026-04-14T08:04:32.555800","created_date":"2025-11-23T00:00:00"}