A CASE STUDY ON STEM PROBLEM-BASED LEARNING APPROACH IN DEVELOPING COMPETENCIES FOR RECOGNIZING PHISHING EMAILS

STEM/ STEAM/ STREAM APPROACH IN THEORY AND PRACTICE OF CONTEMPORARY EDUCATION, 2025 (pp. 259-267)

AUTHOR(S) / АУТОР(И): Andrej Ignjatić, Diana Božić

Download Full Pdf   

DOI: 10.46793/STREAM25.259I

ABSTRACT / САЖЕТАК:

This research aims to explore if problem-based learning has an effect on employees’ ability within an organization to detect phishing emails. Specifically, this paper tries to answer the following research question: Does the problem-based learning method in STEM affect the ability of an organization’s employees to recognize potential phishing emails? The research was carried out through a case study involving a phishing simulation conducted within a Central European company. A total of 221 employees were targeted with phishing emails over two separate rounds, which lasted for four weeks. Between the rounds of the phishing campaign, problem-based learning education about phishing was provided to all employees. The research findings highlight several key points. Initially, there’s been a reduction in the count of employees who clicked on links found in phishing emails. Second, there has been a decline in employees providing their user credentials to phishing websites. Lastly, the number of employees reporting suspected phishing emails to the IT department has also decreased. To our knowledge, this is the first paper that links STEM through problem-based learning with phishing.

KEYWORDS / КЉУЧНЕ РЕЧИ:

problem-based learning, PBL, phishing, STEM

REFERENCES / ЛИТЕРАТУРA:

  • Alhaddad, M., Mohd, M., Qamar, F., & Imam, M. (2023). Study of Student Personality Trait on Spear-Phishing Susceptibility Behavior. International Journal of Advanced Computer Science and Applications, 14(5): 667–678.
  • Alwanain, M. (2019). An Evaluation of User Awareness for the Detection of Phishing Emails. International Journal of Advanced Computer Science and Applications, 10(10): 323–328.
  • Alwanain, M. (2021). How Do Children Interact with Phishing Attacks? International Journal of Computer Science and Network Security, 21(3) : 127–133. Available at: https://doi.org/10.22937/IJCSNS.2021.21.3.17
  • Broadhurst, R., Skinner, K., Sifniotis, N., Matamoros-Macias, B., & Ipsen, Y. (2020). Phishing risks in a university student community. Trends and Issues in Crime and Criminal Justice, 587.
  • Burda, P., Chotza, T., Allodi, L., & Zannone, N. (2020). Testing the effectiveness of tailored phishing techniques in industry and academia: A field experiment. ACM International Conference Proceeding Series. Available at: https://doi.org/10.1145/3407023.3409178
  • Caputo, D. D., Pfleeger, S. L., Freeman, J. D., & Johnson, M. E. (2014). Going spear phishing: Exploring embedded training and awareness. IEEE Security and Privacy, 12(1): 28–38. Available at: https://doi.org/10.1109/MSP.2013.106
  • Carella, A., Kotsoev, M., & Truta, T. M. (2017). Impact of security awareness training on phishing click-through rates. In: Nie J.-Y., Obradovic Z., Suzumura T., Ghosh R., Nambiar R., Wang C., Zang H., Baeza-Yates R., Baeza-Yates R., Hu X., Kepner J., Cuzzocrea A., Tang J., & Toyoda M. (eds.), Proc. – IEEE Int. Conf. Big Data, Big Data. Institute of Electrical and Electronics Engineers Inc.,  4458–4466. Available at: https://doi.org/10.1109/BigData.2017.8258485
  • DATAtab Team. (2024). DATAtab: Online Statistics Calculator. Available at: https://datatab.net/
  • Elsayary, A., Forawi, S., & Mansour, N. (2015). STEM education and problem-based learning. The Routledge International Handbook of Research on Teaching Thinking, 357–368.
  • Gavett, B. E., Zhao, R., John, S. E., Bussell, C. A., Roberts, J. R., & Yue, C. (2017). Phishing suspiciousness in older and younger adults: The role of executive functioning. PLOS ONE, 12(2). Available at: e0171620. https://doi.org/10.1371/journal.pone.0171620
  • Gordon, W., Wright, A., Glynn, R., Kadakia, J., Mazzone, C., Leinbach, E., & Landman, A. (2019). Evaluation of a mandatory phishing training program for high-risk employees at a US healthcare system. Journal of the American Medical Informatics Association, 26(6): 547–552. Available at: https://doi.org/10.1093/jamia/ocz005
  • Heartfield, R., Loukas, G., & Gan, D. (2016). You Are Probably Not the Weakest Link: Towards Practical Prediction of Susceptibility to Semantic Social Engineering Attacks. IEEE Access, 4: 6910–6928. Available at: https://doi.org/10.1109/ACCESS.2016.2616285
  • Hmelo-Silver, C. E. (2004). Problem-Based Learning: What and How Do Students Learn? Educational Psychology Review, 16(3): 235–266. Available at: https://doi.org/10.1023/B:EDPR.0000034022.16470.f3
  • Iuga, C., Nurse, J. R. C., & Erola, A. (2016). Baiting the hook: Factors impacting susceptibility to phishing attacks. Human-Centric Computing and Information Sciences, 6(1), 8. Available at: https://doi.org/10.1186/s13673-016-0065-2
  • Jampen, D., Gür, G., Sutter, T., & Tellenbach, B. (2020). Don’t click: Towards an effective anti-phishing training. A comparative literature review. Human-Centric Computing and Information Sciences, 10(1): 33. Available at: https://doi.org/10.1186/s13673-020-00237-7
  • Lain, D., Kostiainen, K., & Capkun, S. (2022). Phishing in Organizations: Findings from a Large-Scale and Long-Term Study. 2022-May, 842–859. Available at: https://doi.org/10.1109/SP46214.2022.9833766
  • McElwee, S., Murphy, G., & Shelton, P. (2018). Influencing Outcomes and Behaviors in Simulated Phishing Exercises. Conf Proc IEEE SOUTHEASTCON. Available at: https://doi.org/10.1109/SECON.2018.8479109
  • Mihelic, A., Jevscek, M., Vrhovec, S., & Bernik, I. (2019). Testing the Human Backdoor: Organizational Response to a Phishing Campaign. Journal of Universal Computer Science, 25(11): 1458–1477.
  • Smith, K., Maynard, N., Berry, A., Stephenson, T., Spiteri, T., Corrigan, D., Mansfield, J., Ellerton, P., & Smith, T. (2022). Principles of Problem-Based Learning (PBL) in STEM Education: Using Expert Wisdom and Research to Frame Educational Practice. Education Sciences, 12(10), 10. Available at: https://doi.org/10.3390/educsci12100728
  • Tomičić, I. (2023). Social Engineering Aspects of Email Phishing: An Overview and Taxonomy. 2023 46th MIPRO ICT and Electronics Convention (MIPRO), 1201–1207. Available at: https://doi.org/10.23919/MIPRO57284.2023.10159691
  • Verizon. (2023). 2023 Data Breach Investigations Report. Available at: https://www.verizon.com/business/resources/Tec2/reports/2023-data-breach-investigations-report-dbir.pdf
  • Widya, Rifandi, R., & Rahmi, Y. L. (2019). STEM education to fulfill the 21st century demand: A literature review. Journal of Physics: Conference Series, 1317(1), 012208. Available at: https://doi.org/10.1088/1742-6596/1317/1/012208