Rasha Salah El-Din scite author profile

Cairns²,

Clark³

2014

JMS

Phishing is the use of electronic media, like emails and SMS messages, to fraudulently elicit private information or obtain money under false pretence. Though there is considerable interest in phishing as a security problem, there is little previous research from the human factors perspective and in particular very little empirical support for what makes phishing effective or successful and therefore how best to defend people from it. In this paper, we report findings of an experimental lab study to investigate individuals' strategies dealing with mobile phishing attacks.

The Human Factor in Mobile Phishing

Cairns

Clark

2015

Phishing is the use of electronic media, like emails and mobile text messages, to fraudulently elicit private information or obtain money under false pretence. Though there is considerable interest in phishing as a security problem, there is little previous research from the human factors perspective and in particular very little empirical support for what makes mobile phishing effective or successful and therefore how best to defend people from it. This chapter describes some of the research conducted from the field of traditional phishing that already embraces the effect of human factors on phishing vulnerability. The limited amount of research exploiting mobile phishing is discussed; including a review of our previous work involving evaluating mobile users' strategies for managing mobile phishing attacks. By reflecting on how these subjects investigate the threat of phishing, this chapter aims to show that empirical research on mobile phishing is scarce and falling behind in terms of identifying underlying psychological processes and inspire future research in this area.

To Deceive or Not to Deceive! Ethical Questions in Phishing Research

2012

Interest in Human factors in phishing has been growing both in HCI and security communities in the past few years. Despite this interest, conducting covert user studies is associated with a number of ethical and legal challenges for phishing researchers. This paper discusses the need for deception, the implications of deceiving and the legal restrictions in terms of phishing study in the UK. We thematically analyzed these implications from the viewpoints of three stakeholders; ethics committees, researchers and professional bodies. Then we provide a roadmap for researchers to get balanced and timely ethical assessment of their proposed research.

To deceive or not to deceive! Legal implications of phishing covert research

Sugiura

2013

IJIPM

Whilst studying mobile users' susceptibility to phishing attacks, we found ourselves subject to regulations concerning the use of deception in research. We argue that such regulations are misapplied in a way that hinders the progress of security research. Our argument analyses the existing framework and the ethical principles of conducting phishing research in light of these regulations. Building on this analysis and reflecting on real world experience; we present our view of good practice and suggest guidance on how to prepare legally compliant proposals to concerned ethics committees.