What instills trust? a qualitative study of phishing

Authors:
Markus Jakobsson;Alex Tsow;Ankur Shah;Eli Blevis;Youn-Kyung Lim
Affiliations:
Indiana University, Bloomington and RavenWhite Inc.;Indiana University, Bloomington;Indiana University, Bloomington;Indiana University, Bloomington;Indiana University, Bloomington
Venue:
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Year:
2007

Citing 6
Cited 7

Users' conceptions of web security: a comparative study

CHI '02 Extended Abstracts on Human Factors in Computing Systems
Gathering evidence: use of visual security cues in web browsers

GI '05 Proceedings of Graphics Interface 2005
Why phishing works

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Designing ethical phishing experiments: a study of (ROT13) rOnl query features

Proceedings of the 15th international conference on World Wide Web
Decision strategies and susceptibility to phishing

SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Messin' with texas deriving mother's maiden names using public records

ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security

Delayed password disclosure

ACM SIGACT News
Threat Modelling in User Performed Authentication

ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
Mixed-initiative security agents

Proceedings of the 2nd ACM workshop on Security and artificial intelligence
So long, and no thanks for the externalities: the rational rejection of security advice by users

NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Targeted risk communication for computer security

Proceedings of the 16th international conference on Intelligent user interfaces
Does domain highlighting help people identify phishing sites?

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Why do people get phished? Testing individual differences in phishing vulnerability within an integrated, information processing model

Decision Support Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper reports the highlights of a user study which gauges reactions to a variety of common "trust indicators" - such as logos, third party endorsements, and padlock icons - over a selection of authentic and phishing stimuli. In the course of the think-aloud protocol, participants revealed different sensitivities to email messages and web pages. Our principal result is the analysis of what makes phishing emails and web pages appear authentic. This is not only of interest from a pure scientific point of view, but can also guide the design of legitimate material to avoid unnecessary risks. A second result of ours are observations of what makes legitimate content appear dubious to consumers. This is a result with obvious applications to online advertising.