Dissecting Spear Phishing Emails for Older vs Young Adults

Oliveira, Daniela; Rocha, Harold A.; Yang, Huizi; Ellis, Donovan M.; Dommaraju, Sandeep; Muradoglu, Melis; Weir, Devon; Soliman, Adam; Lin, Tian; Ebner, Natalie C.

doi:10.1145/3025453.3025831

Cited by 101 publications

(52 citation statements)

References 41 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The real phishing emails were selected such that they spanned a range of effectiveness, from obvious phishing to more convincing attacks (based on subjective judgments of two of the authors, ZMH and KL). Simulated phishing emails were taken from the eighty four emails used in the PHishing Internet Task (PHIT) (Lin et al, 2019;Oliveira et al, 2017), see below for details.…”

Section: The Phishing Email Suspicion Test (Pest)mentioning

confidence: 99%

“…Phishing efficacy of the 84 simulated phishing emails had previously been assessed in a field experiment by our group (Lin et al, 2019;Oliveira et al, 2017). In this Phishing Internet Task (PHIT), 158 participants were sent emails to the email address they had registered with the study, and a browser plug in recorded whether participants clicked on the link embedded in each email.…”

Section: Real-world Phishing Efficacy For a Subset Of Emailsmentioning

confidence: 99%

“…Indeed there are even websites (such as ("Test and Optimize your Emails for the Inbox," n.d.)) where attackers can test whether a particular email will be flagged or not by several leading email providers. Thus, human decision-making is the last line of defense against phishing and there is much interest in understanding the cognitive and neural processes underlying phishing detection in order to identify those individuals who are most susceptible (Ebner et al, 2018;Lin et al, 2019;Oliveira et al, 2017) as well as to evaluate the outcome of training programs designed to reduce phishing victimization (Norris, Brookes, & Dowell, 2019).…”

Section: Introductionmentioning

confidence: 99%

“…Perhaps the Gold Standard for measuring an individual's susceptibility to phishing deception is to actually try to phish them in the home or office setting -that is, to send them a phishing email and measure whether they engage with it or not (Caputo, Pfleeger, Freeman, & Eric Johnson, 2014;Kumaraguru et al, 2009;Luo, Zhang, Burd, & Seazzu, 2013;Oliveira et al, 2017;Vishwanath, 2015;Williams et al, 2018). This direct approach has high ecological validity because the only difference from a real phishing attack is that the participants are not harmed.…”

Section: Introductionmentioning

confidence: 99%

“…Using a new task, the Phishing Email Suspicion Test (PEST), we asked participants to rate the degree to which a series of 160 emails appeared suspicious. By design, 84 of these emails had been previously used in a field-experimental phishing study using an independent sample of participants (Oliveira et al, 2017). This allowed us to determine whether emails that were effective in real life (i.e., people had fallen for them in the field experiment), were also effective in the lab (i.e., were rated as less suspicious in PEST).…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Evaluating the cognitive mechanisms of phishing detection with PEST, an ecologically valid lab-based measure of phishing susceptibility

Zm¹,

Ebner²,

Oliveira³

et al. 2019

Preprint

Self Cite

View full text Add to dashboard Cite

Phishing emails constitute a major public health problem, linked to negative health outcomes due to fraud and exploitation. Because of their sheer volume and because phishing emails are designed to deceive, purely technological solutions such as filters only go so far, leaving human judgment as the last line of defense against phishing. However, in part because it is difficult to phish people under controlled laboratory conditions, little is known about the cognitive and neural mechanisms underlying phishing susceptibility. There is therefore a critical need to develop an ecologically valid measure of phishing susceptibility that can be used in the lab to test cognitive models of phishing detection. In this work, we present such a task: PEST, the Phishing Email Suspicion Test, in which participants rate a series of phishing and non-phishing emails according to their level of suspicion. By comparing suspicion scores for each email to its real-world efficacy (assessed in a field experiment in an independent group of participants), we find support for the ecological validity of PEST in that phishing emails that were more effective in the real world were more effective at deceiving people in the lab. By modeling behavior in PEST, we find evidence that the suspicion level of emails is assessed using a comparison process in which the current email is compared with previously encountered emails to determine its suspicion level. Together our task and model provide a framework for studying the cognitive neuroscience of email phishing detection in the lab.

show abstract

Section: The Phishing Email Suspicion Test (Pest)mentioning

confidence: 99%

Section: Real-world Phishing Efficacy For a Subset Of Emailsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Evaluating the cognitive mechanisms of phishing detection with PEST, an ecologically valid lab-based measure of phishing susceptibility

Zm¹,

Ebner²,

Oliveira³

et al. 2019

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

CISDA: Changes in Integration for Social Decisions in Aging

Frazier

Lighthall

Horta

et al. 2019

WIRES Cognitive Science

View full text Add to dashboard Cite

The aging of our population has been accompanied by increasing concerns about older adults' vulnerability to violations of trust and a growing interest in normative age-related changes to decision making involving social partners. This intersection has spurred research on age-related neurocognitive and affective changes underlying social decision making. Based on our review and synthesis of this literature, we propose a specification that targets social decision making in aging to the recently proposed Affect-Integration-Motivation (AIM) framework. Our framework specification, Changes in Integration for Social Decisions in Aging (CISDA), emphasizes three key components of value integration with particular relevance for social decisions in aging: theory of mind, emotion regulation, and memory for past experience. CISDA builds on converging research from economic decision making, cognitive neuroscience, and lifespan development to outline how age-related changes to neurocognition and behavior impact social decision making. We conclude with recommendations for future research based on CISDA's predictions, including implications for the development of interventions to enhance social decision outcomes in older adults.

show abstract