A User-Centered Approach to Phishing Susceptibility: The Role of a Suspicious Personality in Protecting Against Phishing

Harrison, Brynne; Vishwanath, Arun; Rao, Raghav

doi:10.1109/hicss.2016.696

Cited by 34 publications

(30 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We believe that current anti-phishing solutions are useful though insufficient, as phishers always use people's psychological weaknesses to design new types of phishing attacks. Several studies [3,4] have already identified some of the above-mentioned factors, but none of them have carried out a root cause analysis to list all the possible psychological factors at play and the tricks that scammers use to fool people.…”

Section: Introductionmentioning

confidence: 99%

Phishing Attacks Root Causes

Abroshan

Devos

Poels

et al. 2018

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Nowadays, many people are losing considerable wealth due to online scams. Phishing is one of the means that a scammer can use to deceitfully obtain the victim's personal identification, bank account information, or any other sensitive data. There are a number of anti-phishing techniques and tools in place, but unfortunately phishing still works. One of the reasons is that phishers usually use human behaviour to design and then utilise a new phishing technique. Therefore, identifying the psychological and sociological factors used by scammers could help us to tackle the very root causes of fraudulent phishing attacks. This paper recognises some of those factors and creates a cause-andeffect diagram to clearly present the categories and factors which make up the root causes of phishing scams. The illustrated diagram is extendable with additional phishing causes.

show abstract

Section: Introductionmentioning

confidence: 99%

Phishing Attacks Root Causes

Abroshan

Devos

Poels

et al. 2018

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…However, such methodologies are still limited by the explicit nature of the legitimacy judgments, which does not reflect the complexity of the decision-making process that likely occurs in real life. Instead, participants are encouraged to engage in certain behaviours, such as employing more rational decision-making strategies, which results in an artificially high accurate response rate to the email stimulus (Yan & Gozu, 2012;Harrison, Vishwanath, & Rao, 2016).…”

Section: Methodsmentioning

confidence: 99%

Examinations of Email Fraud Susceptibility

Jones

Towse

2018

Advances in Digital Crime, Forensics, and Cyber Terrorism

View full text Add to dashboard Cite

The internet provides an ever-expanding, valuable resource for entertainment, communication, and commerce. However, this comes with the simultaneous advancement and sophistication of cyber-attacks, which have serious implications on both a personal and commercial level, as well as within the criminal justice system. Psychologically, such attacks offer an intriguing, under-exploited arena for the understanding of the decision-making processes leading to online fraud victimisation. In this chapter, the authors focus on approaches taken to understand response behaviour surrounding phishing emails. The chapter outlines how approaches from industry and academic research might work together to more effectively understand and potentially tackle the persistent threat of email fraud. In doing this, the authors address alternative methodological approaches taken to understand susceptibility, key insights drawn from each, how useful these are in working towards preventative security measures, and the usability of each approach. It is hoped that these can contribute to collaborative solutions.

show abstract

“…[266] 4 [225], [229], [247], [265] 2 [233], [252] 1 [219] No 6 [10], [230], [238], [249], [250], [258] 3 [242], [260], [263] Webpage Yes 5 [204], [239], [245], [253], [261] No 4 [203], [212], [236], [264] 3 [211], [213], [216] 3 [61], [217], [ [232] in [211] and [214] used Functional Magnetic Resonance Imaging (fMRI) and Electroencephalogram (EEG) to measure brain's electrical activity and an eye-tracker to have a better understanding of users' decision-making process. They used both existing phishing websites (by downloading and hosting them on their own network) and manually created ones.…”

Section: Selected User Study Literaturementioning

confidence: 99%

SoK: A Comprehensive Reexamination of Phishing Research From the Security Perspective

Das

Baki

Aassal

et al. 2020

IEEE Commun. Surv. Tutorials

108

View full text Add to dashboard Cite

Phishing and spear phishing are typical examples of masquerade attacks since trust is built up through impersonation for the attack to succeed. Given the prevalence of these attacks, considerable research has been conducted on these problems along multiple dimensions. We reexamine the existing research on phishing and spear phishing from the perspective of the unique needs of the security domain, which we call security challenges: real-time detection, active attacker, dataset quality and baserate fallacy. We explain these challenges and then survey the existing phishing/spear phishing solutions in their light. This viewpoint consolidates the literature and illuminates several opportunities for improving existing solutions. We organize the existing literature based on detection techniques for different attack vectors (e.g., URLs, websites, emails) along with studies on user awareness. For detection techniques we examine properties of the dataset, feature extraction, detection algorithms used, and performance evaluation metrics. This work can help guide the development of more effective defenses for phishing, spear phishing and email masquerade attacks of the future, as well as provide a framework for a thorough evaluation and comparison.

show abstract

A User-Centered Approach to Phishing Susceptibility: The Role of a Suspicious Personality in Protecting Against Phishing

Cited by 34 publications

References 13 publications

Phishing Attacks Root Causes

Phishing Attacks Root Causes

Examinations of Email Fraud Susceptibility

SoK: A Comprehensive Reexamination of Phishing Research From the Security Perspective

Contact Info

Product

Resources

About