Getting users to pay attention to anti-phishing education

Kumaraguru, Ponnurangam; Rhee, Yong; Sheng, Steve; Hasan, Sharique; Acquisti, Alessandro; Cranor, Lorrie Faith; Hong, Jason I.

doi:10.1145/1299015.1299022

Cited by 105 publications

(104 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A number of researchers have focused on training users to spot phish [1,7,8,19,21,22,23,34] but most of them address phish detection in a web browser context. Researchers have shown that training improves phish detection rates.…”

Section: Related Workmentioning

confidence: 99%

User experiences of TORPEDO: TOoltip-poweRed Phishing Email DetectiOn

Volkamer

Renaud

Reinheimer

et al. 2017

Computers & Security

View full text Add to dashboard Cite

We propose a concept called TORPEDO to improve phish detection by providing just-in-time and just-in-place trustworthy tooltips. These help people to identify phish links embedded in emails. TORPEDO's tooltips contain the actual URL with the domain highlighted. Link activation is delayed for a short period, giving the person time to inspect the URL before they click on a link. Furthermore, TORPEDO provides an information diagram to explain phish detection.We evaluated TORPEDO's effectiveness, as compared to the worst case 'status bar' as provided by other Web email interfaces. People using TORPEDO performed significantly better in detecting phishes and identifying legitimate emails (85.17% versus 43.31% correct answers for phish). We then carried out a field study with a number of TORPEDO users to explore actual user experiences of TORPEDO. We conclude the paper by reporting on the outcome of this field study and suggest improvements based on the feedback from the field study participants.

show abstract

Section: Related Workmentioning

confidence: 99%

User experiences of TORPEDO: TOoltip-poweRed Phishing Email DetectiOn

Volkamer

Renaud

Reinheimer

et al. 2017

Computers & Security

View full text Add to dashboard Cite

show abstract

“…For example, comics that present stories about interrelated privacy consequences were proposed to simplify complex privacy notices (Knijnenburg and Cherry 2016). In one study, adults who received comic strip interventions performed better than text/graphic interventions (Kumaraguru et al 2007). Other studies with adults found that comics improved security understanding and motivated positive changes in security management behaviour (ZhangKennedy et al 2014(ZhangKennedy et al , 2016.…”

Section: Figure 1 Sample Screens From Secure Comics' Privacy Chaptermentioning

confidence: 99%

Engaging Children About Online Privacy Through Storytelling in an Interactive Comic

Zhang-Kennedy

Baig

Chiasson

2017

Electronic Workshops in Computing

View full text Add to dashboard Cite

Children's privacy is put at risk through online sharing of location-based information. We study the effectiveness of an educational interactive comic on improving 11-to 13-year-old children's privacy knowledge and behaviour immediately and one week after reading. Children's privacy knowledge increased after reading either the comic or the text-only control, but the comic promoted superior knowledge retention a week later and was more successful at influencing children's reported privacy behaviour than the control. Our 22 child-parent pairs found the comic facilitated learning for children, engaging, and easy to use. We discuss the implication on children's short and long-term knowledge retention and behaviour, and the educational potential of comics at addressing the challenges of privacy and security education for children.

show abstract

“…Several researches (Dhamija, Tygar and Hearst 2006) (Wu, Miller and Gar 2006) (Jakobsson 2007) (Julie S., Mandy and Cranor 2007) (Jagatic, et al 2007) (Kumaraguru, et al 2007) (Huang , et al 2009) (Sheng, Holbrook, et al 2010) Have revealed that users are susceptible to phishing for quite a lot of reasons among them:…”

Section: Why Fall Prey To Phishing?mentioning

confidence: 99%

Tutorial and critical analysis of phishing websites methods

Mohammad

Thabtah

McCluskey

2015

Computer Science Review

132

View full text Add to dashboard Cite

The Internet has become an essential component of our everyday social and financial activities.Internet is not important for individual users only but also for organizations, because organizations that offer online trading can achieve a competitive edge by serving worldwide clients. Internet facilitates reaching customers all over the globe without any market place restrictions and with effective use of e-commerce. As a result, the number of customers who rely on the Internet to perform procurements is increasing dramatically. Hundreds of millions of dollars are transferred through the Internet every day. This amount of money was tempting the fraudsters to carry out their fraudulent operations. Hence, Internet users may be vulnerable to different types of web threats, which may cause financial damages, identity theft, loss of private information, brand reputation damage and loss of customers' confidence in e-commerce and online banking. Therefore, suitability of the Internet for commercial transactions becomes doubtful. Phishing is considered a form of web threats that is defined as the art of impersonating a website of an honest enterprise aiming to obtain user's confidential credentials such as usernames, passwords and social security numbers. In this article, the phishing phenomena will be discussed in detail. In addition, we present a survey of the state of the art research on such attack. Moreover, we aim to recognize the up-to-date developments in phishing and its precautionary measures and provide a comprehensive study and evaluation of these researches to realize the gap that is still predominating in this area. This research will mostly focus on the web based phishing detection methods rather than email based detection methods. INTRODUCTIONAlthough phishing is a relatively new web-threat, it has a massive impact on the commercial and online transaction sectors. Presumably, phishing websites have high visual similarities to the legitimate ones in an attempt to defraud the honest people. Social engineering and technical tricks are commonly combined together in order to start a phishing attack. Typically, a phishing attack starts by sending an e-mail that seems authentic to potential victims urging them to update or validate their information by following a URL link within the e-mail. Predicting and stopping phishing attack is a critical step toward protecting online transactions. Several approaches were proposed to mitigate these attacks. Nonetheless, phishing websites are expected to be more sophisticated in the future. Therefore, a promising solution that must be improved constantly is needed to keep pace with this continuous evolution. Anti-phishing measures may take several forms including: legal, education and technical solutions. To date, there is no complete solution able to capture every phishing attack. The Internet community has put in a considerable amount of effort into defensive techniques against phishing. However, the problem is continuously evolving and ever more complicated decept...

show abstract

Getting users to pay attention to anti-phishing education

Cited by 105 publications

References 16 publications

User experiences of TORPEDO: TOoltip-poweRed Phishing Email DetectiOn

User experiences of TORPEDO: TOoltip-poweRed Phishing Email DetectiOn

Engaging Children About Online Privacy Through Storytelling in an Interactive Comic

Tutorial and critical analysis of phishing websites methods

Contact Info

Product

Resources

About