The transfer of cognitive skill
The transfer of cognitive skill
Communications of the ACM
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Multimedia Learning
Proceedings of the 11th USENIX Security Symposium
Phishing: Cutting the Identity Theft Line
Phishing: Cutting the Identity Theft Line
The battle against phishing: Dynamic Security Skins
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Security and Usability
Phishing Exposed
Do security toolbars actually prevent phishing attacks?
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Don't be a phish: steps in user education
Proceedings of the 11th annual SIGCSE conference on Innovation and technology in computer science education
Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft
Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft
Protecting people from phishing: the design and evaluation of an embedded training email system
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Learning to detect phishing emails
Proceedings of the 16th international conference on World Wide Web
Anti-Phishing Phil: the design and evaluation of a game that teaches people not to fall for phish
Proceedings of the 3rd symposium on Usable privacy and security
Communications of the ACM
A comparison of machine learning techniques for phishing detection
Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit
Getting users to pay attention to anti-phishing education: evaluation of retention and transfer
Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit
You've been warned: an empirical study of the effectiveness of web browser phishing warnings
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
A framework for reasoning about the human in the loop
UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
e-Learning and the Science of Instruction: Proven Guidelines for Consumers and Designers of Multimedia Learning
An evaluation of extended validation and picture-in-picture phishing attacks
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Phishing IQ tests measure fear, not ability
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Does MoodyBoard make internet use more secure?: evaluating an ambient security visualization tool
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Does domain highlighting help people identify phishing sites?
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Phi.sh/$oCiaL: the phishing landscape through short URLs
Proceedings of the 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference
Communications of the ACM
SMSAssassin: crowdsourcing driven mobile-based system for SMS spam filtering
Proceedings of the 12th Workshop on Mobile Computing Systems and Applications
Learning from early attempts to measure information security performance
CSET'12 Proceedings of the 5th USENIX conference on Cyber Security Experimentation and Test
A pilot study of cyber security and privacy related behavior and personality traits
Proceedings of the 22nd international conference on World Wide Web companion
Hi-index | 0.02 |
Phishing attacks, in which criminals lure Internet users to Web sites that spoof legitimate Web sites, are occurring with increasing frequency and are causing considerable harm to victims. While a great deal of effort has been devoted to solving the phishing problem by prevention and detection of phishing emails and phishing Web sites, little research has been done in the area of training users to recognize those attacks. Our research focuses on educating users about phishing and helping them make better trust decisions. We identified a number of challenges for end-user security education in general and anti-phishing education in particular: users are not motivated to learn about security; for most users, security is a secondary task; it is difficult to teach people to identify security threats without also increasing their tendency to misjudge nonthreats as threats. Keeping these challenges in mind, we developed an email-based anti-phishing education system called “PhishGuru” and an online game called “Anti-Phishing Phil” that teaches users how to use cues in URLs to avoid falling for phishing attacks. We applied learning science instructional principles in the design of PhishGuru and Anti-Phishing Phil. In this article we present the results of PhishGuru and Anti-Phishing Phil user studies that demonstrate the effectiveness of these tools. Our results suggest that, while automated detection systems should be used as the first line of defense against phishing attacks, user education offers a complementary approach to help people better recognize fraudulent emails and websites.