Abstract

One of the most frequent attacks on the Internet is phishing, in which an attacker impersonates the identity of a trusted person or institution. Because students spend a large part of their university life connected and interacting on the Internet, for social, educational, or personal reasons, it is essential that students acquire the skills to detect these threats. In this article, we show the educational phishing experience at the Faculty of Engineering, Architecture, and Design of the Universidad San Sebastian, in which 1,970 students from three different regions of Chile were sent a communication impersonating the university and asked to update their personal information. The results showed that 18% of the students did not detect phishing. The idea was taken from companies where information security is critical. To our knowledge, this is the first experience applied in a Latin-American university and can be replicated at many levels of education.