Protecting people from phishing: the design and evaluation of an embedded training email system

Authors:
Ponnurangam Kumaraguru;Yong Rhee;Alessandro Acquisti;Lorrie Faith Cranor;Jason Hong;Elizabeth Nunge
Affiliations:
Carnegie Mellon University, Pittsburgh, PA;Carnegie Mellon University, Pittsburgh, PA;Carnegie Mellon University, Pittsburgh, PA;Carnegie Mellon University, Pittsburgh, PA;Carnegie Mellon University, Pittsburgh, PA;Carnegie Mellon University, Pittsburgh, PA
Venue:
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Year:
2007

Citing 12
Cited 20

Multimedia Learning

Multimedia Learning
Trusted Paths for Browsers

Proceedings of the 11th USENIX Security Symposium
Phishing: Cutting the Identity Theft Line

Phishing: Cutting the Identity Theft Line
The battle against phishing: Dynamic Security Skins

SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Phishing Exposed

Phishing Exposed
Why phishing works

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Do security toolbars actually prevent phishing attacks?

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Designing ethical phishing experiments: a study of (ROT13) rOnl query features

Proceedings of the 15th international conference on World Wide Web
Don't be a phish: steps in user education

Proceedings of the 11th annual SIGCSE conference on Innovation and technology in computer science education
Decision strategies and susceptibility to phishing

SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Trust modelling for online transactions: a phishing scenario

Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
e-Learning and the Science of Instruction: Proven Guidelines for Consumers and Designers of Multimedia Learning

e-Learning and the Science of Instruction: Proven Guidelines for Consumers and Designers of Multimedia Learning

Cantina: a content-based approach to detecting phishing web sites

Proceedings of the 16th international conference on World Wide Web
Improving security decisions with polymorphic and audited dialogs

Proceedings of the 3rd symposium on Usable privacy and security
Anti-Phishing Phil: the design and evaluation of a game that teaches people not to fall for phish

Proceedings of the 3rd symposium on Usable privacy and security
Behavioral response to phishing risk

Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit
Getting users to pay attention to anti-phishing education: evaluation of retention and transfer

Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit
You've been warned: an empirical study of the effectiveness of web browser phishing warnings

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
E-Mail Classification for Phishing Defense

ECIR '09 Proceedings of the 31th European Conference on IR Research on Advances in Information Retrieval
School of phish: a real-world evaluation of anti-phishing training

Proceedings of the 5th Symposium on Usable Privacy and Security
Adaptive Security Dialogs for Improved Security Behavior of Users

INTERACT '09 Proceedings of the 12th IFIP TC 13 International Conference on Human-Computer Interaction: Part I
Browser interfaces and extended validation SSL certificates: an empirical study

Proceedings of the 2009 ACM workshop on Cloud computing security
Who falls for phish?: a demographic analysis of phishing susceptibility and effectiveness of interventions

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
BogusBiter: A transparent protection against phishing attacks

ACM Transactions on Internet Technology (TOIT)
Teaching Johnny not to fall for phish

ACM Transactions on Internet Technology (TOIT)
Performance analysis of email systems under three types of attacks

Performance Evaluation
F for fake: four studies on how we fall for phish

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
A study of feature subset evaluators and feature subset searching methods for phishing classification

Proceedings of the 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference
The Influence of Experiential and Dispositional Factors in Phishing: An Empirical Investigation of the Deceived

Journal of Management Information Systems
Secret information display based authentication technique towards preventing phishing attacks

Proceedings of the International Conference on Advances in Computing, Communications and Informatics
Preventing the revealing of online passwords to inappropriate websites with logininspector

lisa'12 Proceedings of the 26th international conference on Large Installation System Administration: strategies, tools, and techniques
A game design framework for avoiding phishing attacks

Computers in Human Behavior

Quantified Score

Hi-index	0.01

Visualization

Abstract

Phishing attacks, in which criminals lure Internet users to websites that impersonate legitimate sites, are occurring with increasing frequency and are causing considerable harm to victims. In this paper we describe the design and evaluation of an embedded training email system that teaches people about phishing during their normal use of email. We conducted lab experiments contrasting the effectiveness of standard security notices about phishing with two embedded training designs we developed. We found that embedded training works better than the current practice of sending security notices. We also derived sound design principles for embedded training systems.