@Article{schwab2024ssrn,
  author    = {Schwab, Jasmin and Nußbaum, Alexander and Sergeeva, Anastasia and Alt, Florian and Distler, Verena},
  journal   = {Available at SSRN},
  title     = {What Makes Phishing Simulation Campaigns (Un)Acceptable? A Vignette Experiment on the Acceptance and Manipulation Intention Related to Phishing Simulation Campaigns},
  year      = {2024},
  note      = {schwab2024ssrn},
  abstract  = {Organizations depend on their employees' long-term cooperation to protect themselves from threats. The acceptance of cybersecurity training measures is thus crucial. Phishing attacks are the point of entry for harmful follow-up attacks, and many organizations use simulated phishing campaigns to train employees to adopt secure behaviors. We conducted a pre-registered vignette experiment (N=793), investigating the factors that make a simulated phishing campaign seem (un)acceptable, and their influence on intention to manipulate the campaign. In an online experiment, we varied whether employees gave prior consent, whether the phishing email promised a financial incentive and the consequences for employees who clicked on the phishing link. We found that employees' prior consent had a positive effect on the acceptance of a simulated phishing campaign. The consequences ``employee interview'' and ``termination of the work contract'' had a negative effect on acceptance. We found no statistically significant effects of consent, monetary incentive, and consequences on manipulation probability. Few participants described reasons for ``manipulating'' the campaign, mainly mentioning curiosity. Our results shed light on the factors influencing acceptance of simulated phishing campaigns and provide take-aways for future work in this space.},
  doi       = {10.2139/ssrn.4737715},
  timestamp = {2024.03.25},
  url       = {http://www.florian-alt.org/unibw/wp-content/publications/schwab2024ssrn.pdf},
}