Visible to the public Effectiveness of a phishing warning in field settings

TitleEffectiveness of a phishing warning in field settings
Publication TypeConference Proceedings
Year of Publication2015
AuthorsYang, Weining, Chen, Jing, Xiong, Aiping, Proctor, Robert W, Li, Ninghui
Conference NameProceedings of the 2015 Symposium and Bootcamp on the Science of Security
Pagination14
PublisherACM
KeywordsA Human Information-Processing Analysis of Online Deception Detection
Abstract

We have begun to investigate the effectiveness of a phishing warning Chrome extension in a field setting of everyday computer use. A preliminary experiment has been conducted in which participants installed and used the extension. They were required to fill out an online browsing behavior questionnaire by clicking on a survey link sent in a weekly email by us. Two phishing attacks were simulated during the study by directing participants to "fake" (phishing) survey sites we created. Almost all participants who saw the warnings on our fake sites input incorrect passwords, but follow-up interviews revealed that only one participant did so intentionally. A follow-up interview revealed that the warning failure was mainly due to the survey task being mandatory. Another finding of interest from the interview was that about 50% of the participants had never heard of phishing or did not understand its meaning.

Citation Keyyang2015effectiveness

Other available formats:

a14-yang.pdf