本研究旨在探討中原大學師生對陌生隨身碟的使用行為及其風險認知，透過社會實驗與問卷調查，分析資訊安全意識在實際情境中的表現。研究設計分為兩階段：首先於校園不同地點投放共62個隨身碟，觀察其是否被撿拾及開啟；其次在隨身碟中嵌入HTML檔案連結至問卷平台，蒐集開啟者的相關資料。

結果顯示，有75.81 %的隨身碟被撿拾，12.90 %被開啟，與過往研究中的開啟率（約45%）相比大幅下降，顯示校園師生已有初步的資安風險認知。室外地點的開啟率（22.22 %）高於室內（9.09 %），可能因環境影響使用者的好奇與行為動機。開啟行為多發生於校內網域，以Windows系統及Chrome系列瀏覽器為主。問卷結果顯示，大多數開啟者出於好奇動機，但僅少數在讀取前採取掃毒等防範措施，顯示認知與實際行動間仍存在落差。

研究亦指出，即使是學校職員也會有開啟不明隨身碟的行為，這可能對校內資訊系統造成潛在風險。未來應加強資訊素養與社交工程防範教育，並透過多樣化實驗設計與更完善的系統架構，提升研究的準確性與應用價值。本研究提供具體實證資料，可作為校園資訊安全教育及政策制定之重要參考。

This study aims to explore the behavior and risk perception of Chung Yuan Christian University faculty and students regarding the use of unknown USB flash drives. Through a combination of field experiments and questionnaire surveys, the study analyzes how information security awareness manifests in real-life situations. The research was conducted in two stages: first, 62 USB drives were strategically placed in various campus locations to observe whether they would be picked up and opened; second, an HTML file embedded in the USB drives linked to a questionnaire platform to collect data from users who opened the drives.

The results show that 75.81 % of the USB drives were picked up and 12.90% were opened. This opening rate is significantly lower than that reported in previous studies (around 45 %), indicating that campus faculty and students have developed an initial awareness of cybersecurity risks. The opening rate was higher in outdoor locations (22.22 %) compared to indoor locations (9.09 %), suggesting that environmental factors may influence curiosity and behavioral motivation. Most opening incidents occurred within the campus network, predominantly using Windows systems and Chrome-based browsers. Questionnaire responses indicated that most users opened the drives out of curiosity, but only a few took preventive measures, such as scanning for malware, before accessing the files—revealing a gap between risk awareness and actual behavior.

The study also found that even university staff engaged in opening unknown USB drives, posing potential risks to the campus information systems. The findings suggest the need for enhanced information literacy and education on preventing social engineering attacks. Future research should employ more diverse experimental designs and improved system architectures to increase both the accuracy and practical value of the results. This study provides concrete empirical data that can serve as a valuable reference for campus cybersecurity education and policy development.