Behavioral response to phishing risk

Authors:
Julie S. Downs;Mandy Holbrook;Lorrie Faith Cranor
Affiliations:
Carnegie Mellon University, Pittsburgh, PA;Carnegie Mellon University, Pittsburgh, PA;Carnegie Mellon University, Pittsburgh, PA
Venue:
Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit
Year:
2007

Citing 7
Cited 7

Why phishing works

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Do security toolbars actually prevent phishing attacks?

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Decision strategies and susceptibility to phishing

SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Protecting people from phishing: the design and evaluation of an embedded training email system

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
The Emperor's New Security Indicators

SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Anti-Phishing Phil: the design and evaluation of a game that teaches people not to fall for phish

Proceedings of the 3rd symposium on Usable privacy and security
Social phishing

Communications of the ACM

The psychology of security

Communications of the ACM - The psychology of security: why do good users make bad decisions?
Online phishing classification using adversarial data mining and signaling games

Proceedings of the ACM SIGKDD Workshop on CyberSecurity and Intelligence Informatics
Who falls for phish?: a demographic analysis of phishing susceptibility and effectiveness of interventions

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
It won't happen to me: Promoting secure behaviour among internet users

Computers in Human Behavior
Why do people get phished? Testing individual differences in phishing vulnerability within an integrated, information processing model

Decision Support Systems
Improving computer security dialogs

INTERACT'11 Proceedings of the 13th IFIP TC 13 international conference on Human-computer interaction - Volume Part IV
A game design framework for avoiding phishing attacks

Computers in Human Behavior

Quantified Score

Hi-index	0.00

Visualization

Abstract

Tools that aim to combat phishing attacks must take into account how and why people fall for them in order to be effective. This study reports a pilot survey of 232 computer users to reveal predictors of falling for phishing emails, as well as trusting legitimate emails. Previous work suggests that people may be vulnerable to phishing schemes because their awareness of the risks is not linked to perceived vulnerability or to useful strategies in identifying phishing emails. In this survey, we explore what factors are associated with falling for phishing attacks in a role-play exercise. Our data suggest that deeper understanding of the web environment, such as being able to correctly interpret URLs and understanding what a lock signifies, is associated with less vulnerability to phishing attacks. Perceived severity of the consequences does not predict behavior. These results suggest that educational efforts should aim to increase users' intuitive understanding, rather than merely warning them about risks.