Personalized Guidelines for Design, Implementation and Evaluation of Anti-Phishing Interventions

Background: Current anti-phishing interventions, which typically involve one-size-fits-all solutions, suffer from limitations such as inadequate usability and poor implementation. Human-centric challenges in anti-phishing technologies remain little understood. Research shows a deficiency in the comprehension of end-user preferences, mental states, and cognitive requirements by developers and practitioners involved in the design, implementation, and evaluation of anti-phishing interventions. Aims: This study addresses the current lack of resources and guidelines for the design, implementation and evaluation of anti-phishing interventions, by presenting personalized guidelines to the developers and practitioners. Method: Through an analysis of 53 academic studies and 16 items of grey literature studies, we systematically identified the challenges and recommendations within the anti-phishing interventions, across different practitioner groups and intervention types. Results: We identified 22 dominant factors at the individual, technical, and organizational levels, that affected the effectiveness of anti-phishing interventions and, accordingly, reported 41 guidelines based on the suggestions and recommendations provided in the studies to improve the outcome of anti-phishing interventions. Conclusions: Our dominant factors can help developers and practitioners enhance their understanding of human-centric, technical and organizational issues in anti-phishing interventions. Our customized guidelines can empower developers and practitioners to counteract phishing attacks.