Assessing end-user awareness of social engineering and phishing

This experiment revolved around a web-based survey, which presented a mix of 20 legitimate and illegitimate emails to participants. Researchers asked participants to classify emails as either legitimate or illegitimate and explain their rationale. The 179 participants were 36% successful in identifying legitimate emails, versus 45% successful in spotting illegitimate ones. In many cases, the participants who identified illegitimate emails correctly could not provide convincing reasons for their selections.