Designing culturally situated technologies for the home
CHI '03 Extended Abstracts on Human Factors in Computing Systems
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Do security toolbars actually prevent phishing attacks?
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Decision strategies and susceptibility to phishing
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Password sharing: implications for security design based on social practice
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Protecting people from phishing: the design and evaluation of an embedded training email system
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Cultural theory and real world design: Dystopian and Utopian Outcomes
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Interaction criticism and aesthetics
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Critical dialogue: interaction, experience and cultural theory
CHI '10 Extended Abstracts on Human Factors in Computing Systems
Using visual website similarity for phishing detection and reporting
CHI '12 Extended Abstracts on Human Factors in Computing Systems
A usability test of whitelist and blacklist-based anti-phishing application
Proceeding of the 16th International Academic MindTrek Conference
Hi-index | 0.01 |
This paper reports findings from a multi-method set of four studies that investigate why we continue to fall for phish. Current security advice suggests poor spelling and grammar in emails can be signs of phish. But a content analysis of a phishing archive indicates that many such emails contain no obvious spelling or grammar mistakes and often use convincing logos and letterheads. An online survey of 224 people finds that although phish are detected approximately 80% of the time, those with logos are significantly harder to detect. A qualitative interview study was undertaken to better understand the strategies used to identify phish. Blind users were selected because it was thought they may be more vulnerable to phishing attacks, however they demonstrated robust strategies for identifying phish based on careful reading of emails. Finally an analysis was undertaken of phish as a literary form. This identifies the main literary device employed as pastiche and draws on critical theory to consider why security based pastiche may be currently very persuasive.