EyeBit: Eye-Tracking Approach for Enforcing Phishing Prevention Habits

Miyamoto, Daisuke; Iimura, Takuji; Blanc, Grégory; Tazaki, Hajime; Kadobayashi, Youki

doi:10.1109/badgers.2014.14

Cited by 15 publications

(15 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Mobile users are even more oblivious of their presence when dealing with the reduced screens of their smartphones [25]. Indeed, there is no objection to the increased security brought by using SSL/TLS in HTTP communications, and research works specifically aiming to educate users into recognizing security icons [26] should be encouraged. But even security-savvy users may fall victims to phishing traps if they do not use their discernment when dealing with seemingly secure websites.…”

Section: Discussionmentioning

confidence: 99%

AJNA: Anti-phishing JS-based Visual Analysis, to Mitigate Users' Excessive Trust in SSL/TLS

Mensah¹,

Blanc²,

Okada³

et al. 2015

2015 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS)

Self Cite

View full text Add to dashboard Cite

Section: Discussionmentioning

confidence: 99%

AJNA: Anti-phishing JS-based Visual Analysis, to Mitigate Users' Excessive Trust in SSL/TLS

Mensah¹,

Blanc²,

Okada³

et al. 2015

2015 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS)

Self Cite

View full text Add to dashboard Cite

“…This highlights the need to better understand the mechanisms behind a successful phishing attack. By using eye tracking it is possible to explore what factors predict whether someone will be tricked by a phishing website, by considering the interaction between the structure of the website and what the person looks at, or indeed fails to look at (Miyamoto et al, 2014). This has been used for example to understand how and if users pay attention to web browser security indicators, such as the Firefox Mozilla SSL certificate (Sobey et al, 2008).…”

Section: Introductionmentioning

confidence: 99%

“…Further uses of eye tracking in cybersecurity have become evident as the research field and technology have continued to develop. For instance it has been demonstrated that the technology can be used to change risky behaviors, such as for example by preventing a user from continuing with use of input forms in a website unless an eye tracker has determined that the individual has looked at the address bar (Miyamoto et al, 2014). Similarly, eye trackers can be used to detect anomalous user behavior.…”

Section: Introductionmentioning

confidence: 99%

Understanding Phishing Email Processing and Perceived Trustworthiness Through Eye Tracking

McAlaney

Hills

2020

Front. Psychol.

View full text Add to dashboard Cite

Social engineering attacks in the form of phishing emails represent one of the biggest risks to cybersecurity. There is a lack of research on how the common elements of phishing emails, such as the presence of misspellings and the use of urgency and threatening language, influences how the email is processed and judged by individuals. Eye tracking technology may provide insight into this. In this exploratory study a sample of 22 participants viewed a series of emails with or without indicators associated with phishing emails, whilst their eye movements were recorded using a SMI RED 500 eyetracker. Participants were also asked to give a numerical rating of how trustworthy they deemed each email to be. Overall, it was found that participants looked more frequently at the indicators associated with phishing than would be expected by chance but spent less overall time viewing these elements than would be expected by chance. The emails that included indicators associated with phishing were rated as less trustworthy on average, with the presence of misspellings or threatening language being associated with the lowest trustworthiness ratings. In addition, it was noted that phishing indicators relating to threatening language or urgency were viewed before misspellings. However, there was no significant interaction between the trustworthiness ratings of the emails and the amount of scanning time for phishing indicators within the emails. These results suggest that there is a complex relationship between the presence of indicators associated with phishing within an email and how trustworthy that email is judged to be. This study also demonstrates that eye tracking technology is a feasible method with which to identify and record how phishing emails are processed visually by individuals, which may contribute toward the design of future mitigation approaches.

show abstract

“…Therefore, researchers are now experimenting with active applications of eye-tracking. Miyamoto et al [17] have developed EyeBit-an eyetracking based system to inculcate the habit of looking at the URL address bar before entering sensitive information in the website's input fields, in order to prevent phishing. The system first deactivates the input fields in a website, and using the eye-tracking data determines if the user has looked at the website's URL.…”

Section: Eye-tracking For User Attention and Comprehensionmentioning

confidence: 99%

“…The decision buttons are initially deactivated, and once the user reads and scrolls down on the policy, they are activated. Second is an eye-tracking based mechanism to put the user into the habit of looking at the URL address bar to determine the website's legitimacy before entering sensitive information [17]. The input fields are initially deactivated, and once the user looks at the URL address (determined using the eyegaze fixations on the URL address bar screen coordinates), they are activated.…”

Section: Introductionmentioning

confidence: 99%

Look before you Authorize: Using Eye-Tracking to Enforce User Attention towards Application Permissions

Javed

Shehab

2017

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

Abstract:Habituation is a key factor behind the lack of attention towards permission authorization dialogs during third party application installation. Various solutions have been proposed to combat the problem of achieving attention switch towards permissions. However, users continue to ignore these dialogs, and authorize dangerous permissions, which leads to security and privacy breaches. We leverage eye-tracking to approach this problem, and propose a mechanism for enforcing user attention towards application permissions before users are able to authorize them. We deactivate the dialog's decision buttons initially, and use feedback from the eye-tracker to ensure that the user has looked at the permissions. After determining user attention, the buttons are activated. We implemented a prototype of our approach as a Chrome browser extension, and conducted a user study on Facebook's application authorization dialogs. Using participants' permission identification, eye-gaze fixations, and authorization decisions, we evaluate participants' attention towards permissions. The participants who used our approach on authorization dialogs were able to identify the permissions better, compared to the rest of the participants, even after the habituation period. Their average number of eye-gaze fixations on the permission text was significantly higher than the other group participants. However, examining the rate in which participants denied a dangerous and unnecessary permission, the hypothesized increase from the control group to the treatment group was not statistically significant.

show abstract

EyeBit: Eye-Tracking Approach for Enforcing Phishing Prevention Habits

Cited by 15 publications

References 30 publications

AJNA: Anti-phishing JS-based Visual Analysis, to Mitigate Users' Excessive Trust in SSL/TLS

AJNA: Anti-phishing JS-based Visual Analysis, to Mitigate Users' Excessive Trust in SSL/TLS

Understanding Phishing Email Processing and Perceived Trustworthiness Through Eye Tracking

Look before you Authorize: Using Eye-Tracking to Enforce User Attention towards Application Permissions

Contact Info

Product

Resources

About