Children can learn how to spot scam emails or unreliable websites. However, it’s important to continue pointing them to these online threats, because they lose their recognition skills over time, according to research conducted by the University of Twente.
Children acquire internet skills at a very young age. They learn how to use computers, smartphones and tablets simply by doing. They are mostly self-taught. But do they also learn how to recognize the negative sides of the internet? And if the answer is no, how effective is anti-phishing training for children?
To find out, researchers at the University of Twente have created an anti-phishing test and training programme for children aged between 8 and 13. It includes examples of emails and websites that look authentic, but also ask for confidential information.
The research was conducted among a total of 353 children at six schools. In each class, there was at least one child who knew someone who had fallen victim to phishing and had lost money because of it. Other children said they knew TV ads warning about phishing.
The test shows that children have an average ability to distinguish phishing from non-phishing. They get it right about six out of ten times. After training, the score goes up by 14 percent. There is no difference between boys and girls.
The children were told to take a close look at email address and URLs, and to the way the message is written: does it include threats or a sense of urgency (“if you do not respond immediately, then …”), or does it contain poor language or spelling mistakes?
Although anti-phishing training improved the children’s overall score, a re-test after four weeks showed that their ability to recognize phishing had dropped to pre-training levels. Their skills hadn’t completely gone, because the children still recognized authentic messages.
This led the researchers to conclude that anti-phishing training raises children’s awareness, but this needs to be constantly nurtured, particularly because phishing techniques are getting more and more sophisticated. For example, phishing may pop up in the games that children play online.
The first step, according to the researchers, is training the teachers. “But children learn best if it really becomes an issue for them, also at home,” they write.