In this study, we aim to evaluate a locally deployed phishing email detection tool in real-world use while strictly protecting participants’ privacy.  Volunteers who regularly use email for study or work will install an Outlook plug-in on their personal computers and continue using email as usual. The tool analyzes emails only on the local device and does not upload or store any message content or personal identifiers; instead, it reports aggregated anonymous statistics such as the number of detections, false positives and false negatives, and users’ optional confirmation clicks. 

Step 1: Volunteers agree to the informed consent

Step 2: Volunteers read the 5-min demo on how to spot phishing emails

Step 3: Volunteers judge the reported phishing emails from their own inboxes

Step 4: Volunteers get the statistics and report the numbers to the authors