Research focusing on educating users about phishing and identifying phishing emails, as opposed to using technology for prevention and detection. The research identified multiple problems, namely: that people were not motivated to learn about security; that security is seen as a secondary task; and that it’s difficult to teach people to identify threats without them also misidentifying non-threats. The authors conclude that education should be used in conjunction with automated detection systems to best stop losses.