Report: Effectiveness of Public Awareness & Education in Fraud Mitigation

To: Cybersecurity Policymakers & Strategy Units Date: January 31, 2026 Subject: Strategic Evaluation of Anti-Fraud Awareness Campaigns (2014–2025)

Summary

Cybersecurity awareness campaigns have evolved from nice-to-have compliance exercises into a critical layer of national defense. Research from the last decade shows that passive mass-market awareness (billboards, generic TV spots) has limited impact on fraud reduction. But targeted, interactive, and "just-in-time" interventions do yield measurable results.

Here's what the data shows:

• Organizations using sustained, interactive phishing simulations see susceptibility rates drop from around 34% to around 5% over 12 months.
• "Active" browser and banking warnings achieve 79% adherence, compared to just 13% for passive alerts.
• Singapore's integration of public education with technical blocking (ScamShield, SMS Registry) correlated with a 64% reduction in SMS-based scam reports in 2022.
• Targeted postal interventions for known older victims reduced repeat fraud rates by up to 22.4%.

Policymakers should shift focus from general "awareness" to behavioral modification frameworks (like COM-B) and mandate technical "guardrails" that deliver education at the moment of risk.

---

Quantitative Impact

The statistics are clear: education works when it's continuous and measurable, but falls flat when sporadic or generic.

• Reduction in Phishing Susceptibility: KnowBe4's 2024 Phishing by Industry Benchmarking Report shows the "Phish-prone Percentage" across industries averages 34.3% for untrained users. After 90 days of training, this drops to 18.9%, and after 12 months of continuous reinforcement, it falls to 4.6%. One-off training doesn't work—retention requires repetition.
• National-Level Fraud Reduction:
  • Australia: The ACCC's National Anti-Scam Centre reported a 17.8% decrease in scam reports and a 25.9% decrease in financial losses (to $2.03 billion) in 2024. Success came from a "fusion cell" model combining public awareness with rapid intelligence sharing between banks and telcos.
  • Singapore: After the mandatory registration of alphanumeric SMS sender IDs and public education on the ScamShield app, IMDA reported a 64% reduction in SMS scam cases between Q4 2021 and Q2 2022.
• Prevented Losses: UK Finance reported that in the first half of 2025, the banking industry prevented £870 million in unauthorized fraud, partly due to the "Take Five to Stop Fraud" campaign's emphasis on empowering customers to challenge suspicious requests.

---

Behavioral Change

Education influences behavior most effectively when it moves beyond "knowledge transfer" to "habit formation."

• The COM-B Model: Behavioral science frameworks like COM-B (Capability, Opportunity, Motivation) show that knowledge alone isn't enough—you also need Opportunity (easy reporting tools) and Motivation. Research shows successful campaigns must address "Optimism Bias," where people believe they're too smart to be scammed.
• Reporting vs. Susceptibility: A key behavioral metric is the Reporting Rate. Organizations with mature security cultures see users report suspicious emails even if they don't click them. High reporting rates are a leading indicator of resilience—users become "human sensors" for the security team.
• Targeted Interventions for Vulnerable Groups: A randomized control trial by the US Postal Inspection Service found that sending warning letters to older adults who had previously been scammed reduced revictimization rates by 8.6% (single letter) to 22.4% (multiple "Fraud Fighter" mailings). This shows targeted, non-digital education works for specific demographics.

---

Comparing Outreach Methods

Not all educational interventions work equally well.

Method	Efficacy	Key Findings
Passive Mass Media	Low	A 2024 study on a Danish bank's mass-messaging campaign found no significant effect on fraud reduction—broad warnings get tuned out.
Interactive / Gamification	High	Academic research shows gamified training can improve knowledge retention by around 51% compared to traditional slide-based lectures.
"Just-in-Time" Alerts	Very High	Research shows "active" blocking warnings (requiring users to click through a barrier) have a 79% adherence rate, while "passive" toolbar icons are ignored by 87% of users.
Social Media Campaigns	Mixed	Effective for reach (Europol's #ThinkB4UClick), but social media channels themselves suffer from high rates of impersonation—fraudsters mimic the very agencies issuing warnings.

---

Limitations and Challenges

Policymakers need to account for structural and psychological barriers that limit campaign success.

• Security Fatigue: When users get bombarded with too many warnings, they experience cognitive exhaustion and start clicking through to get their task done.
• The "Forgetting Curve": Without reinforcement, security knowledge decays rapidly. Training effects wear off significantly after 4–6 months—continuous micro-learning beats annual seminars.
• Adaptive Adversaries: As awareness of "typos and bad grammar" improves, criminals have shifted to "Pig Butchering" (long-con investment fraud) and AI-driven social engineering (deepfake voice clones). ENISA warned in late 2025 that 80% of social engineering attacks now involve AI elements.

---

Global Best Practices

• Singapore: The "Swiss Cheese" Defense doesn't rely on education alone. It layers public education (ScamShield) with infrastructure changes (SMS Sender ID Registry, limiting banking transaction amounts for vulnerable users). The "Add, Check, Tell" campaign is reinforced by the tangible ability to "Check" using the official app.
• UK: "Take Five to Stop Fraud" simplified the call to action: "Stop, Challenge, Protect." Its success comes from unified messaging across all major banks, creating a consistent "brand" of security that reduces consumer confusion.
• Australia: Fusion Cell Collaboration prioritizes real-time data sharing. When a new scam narrative emerges, awareness messaging adjusts rapidly—moving from general advice to specific warnings about current threats (like "Hi Mum" family impersonation scams).

---

Recommendations

1. Mandate "Active" Interventions: Go beyond passive advice. Mandate that financial institutions and telcos implement "friction" (cooling-off periods, active confirmation screens) for high-risk transactions. Education should happen on these screens—Just-in-Time.
2. Standardize the "Verify" Step: Create a verified national channel (like Singapore's SMS Registry or a "111" government trust number) where citizens can instantly verify communication authenticity. Education is useless if users have no reliable way to verify claims.
3. Target "Repeat Victims": Allocate resources to identify and support chronic victims (especially the elderly), who are disproportionately targeted. Postal and community-based interventions work better than digital ads here.
4. Measure Behavior, Not Clicks: Shift KPIs from "number of people reached" to behavioral metrics: Reporting Rates (of suspicious texts/emails) and Adherence Rates (to security warnings).
5. Regulate Social Media Advertising: Since social media is a primary vector for investment fraud, place the burden of "Know Your Business Customer" on platforms to prevent fraudsters from buying ads that mimic legitimate awareness campaigns.

---

References

1. KnowBe4. (2024). 2024 Phishing by Industry Benchmarking Report.
2. ACCC. (2025). Targeting Scams: Report of the National Anti-Scam Centre on scams activity 2024. Scamwatch.
3. IMDA. (2022). Public Consultation on Mandatory SMS Sender ID Registration. Singapore Government.
4. UK Finance. (2025). 2025 Half Year Fraud Update. Take Five to Stop Fraud.
5. CybSafe. (2024). An empirical study of the effectiveness of web browser phishing warnings.
6. USPIS. (2024). A Fraud Awareness Mail Campaign Significantly Reduces Rates of Revictimization Among Older Victims.
7. Copenhagen Business School. (2024). Do Awareness Campaigns Reduce Financial Fraud?
8. ENISA. (2025). European Cybersecurity Month 2025: Phishing and AI Social Engineering Trends.
9. ScamShield. (2025). Annual Scams and Cybercrime Brief 2024. Singapore Police Force.