Users' conceptions of web security: a comparative study
CHI '02 Extended Abstracts on Human Factors in Computing Systems
ACM Transactions on Information and System Security (TISSEC)
The battle against phishing: Dynamic Security Skins
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Human Problem Solving
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Do security toolbars actually prevent phishing attacks?
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Communications of the ACM
Protecting people from phishing: the design and evaluation of an embedded training email system
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Security user studies: methodologies and best practices
CHI '07 Extended Abstracts on Human Factors in Computing Systems
Cantina: a content-based approach to detecting phishing web sites
Proceedings of the 16th international conference on World Wide Web
Anti-Phishing Phil: the design and evaluation of a game that teaches people not to fall for phish
Proceedings of the 3rd symposium on Usable privacy and security
Behavioral response to phishing risk
Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit
Getting users to pay attention to anti-phishing education: evaluation of retention and transfer
Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit
Understanding web credibility: a synthesis of the research literature
Foundations and Trends in Human-Computer Interaction
Itrustpage: a user-assisted anti-phishing tool
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Measuring trust in wi-fi hotspots
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Sesame: informing user security decisions with system visualization
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
You've been warned: an empirical study of the effectiveness of web browser phishing warnings
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
A framework for reasoning about the human in the loop
UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
Analyzing websites for user-visible security design flaws
Proceedings of the 4th symposium on Usable privacy and security
Exploring User Reactions to New Browser Cues for Extended Validation Certificates
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Threat Modelling in User Performed Authentication
ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
Trust modelling for online transactions: a phishing scenario
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Security and usability: the gap in real-world online banking
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
Browser interfaces and extended validation SSL certificates: an empirical study
Proceedings of the 2009 ACM workshop on Cloud computing security
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Investigating an appropriate design for personal firewalls
CHI '10 Extended Abstracts on Human Factors in Computing Systems
BogusBiter: A transparent protection against phishing attacks
ACM Transactions on Internet Technology (TOIT)
What instills trust? a qualitative study of phishing
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Proceedings of the 3rd ACM workshop on Assurable and usable security configuration
F for fake: four studies on how we fall for phish
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
An efficient phishing webpage detector
Expert Systems with Applications: An International Journal
Improving computer security dialogs
INTERACT'11 Proceedings of the 13th IFIP TC 13 international conference on Human-computer interaction - Volume Part IV
Communications of the ACM
Journal of Management Information Systems
A brick wall, a locked door, and a bandit: a physical security metaphor for firewall warnings
Proceedings of the Seventh Symposium on Usable Privacy and Security
Proceedings of the 2012 ACM conference on Computer and communications security
OTO: online trust oracle for user-centric trust establishment
Proceedings of the 2012 ACM conference on Computer and communications security
Measuring SSL indicators on mobile browsers: extended life, or end of the road?
ISC'12 Proceedings of the 15th international conference on Information Security
Understanding the weaknesses of human-protocol interaction
FC'12 Proceedings of the 16th international conference on Financial Cryptography and Data Security
A game design framework for avoiding phishing attacks
Computers in Human Behavior
PhishSafe: leveraging modern JavaScript API's for transparent and robust protection
Proceedings of the 4th ACM conference on Data and application security and privacy
Hi-index | 0.02 |
Phishing emails are semantic attacks that con people into divulging sensitive information using techniques to make the user believe that information is being requested by a legitimate source. In order to develop tools that will be effective in combating these schemes, we first must know how and why people fall for them. This study reports preliminary analysis of interviews with 20 non-expert computer users to reveal their strategies and understand their decisions when encountering possibly suspicious emails. One of the reasons that people may be vulnerable to phishing schemes is that awareness of the risks is not linked to perceived vulnerability or to useful strategies in identifying phishing emails. Rather, our data suggest that people can manage the risks that they are most familiar with, but don't appear to extrapolate to be wary of unfamiliar risks. We explore several strategies that people use, with varying degrees of success, in evaluating emails and in making sense of warnings offered by browsers attempting to help users navigate the web.