Technical defenses (such as email filtering, malware detection, firewalls, limited user privileges, and system monitoring) leave systems unnecessarily exposed to phishing attacks because the human attack surface remains easily accessible and subject to successful attacks based on principles of psychology which are exploited using military deception. The authors propose deception countermeasures which modify the email interface, thereby making the user less susceptible to email-based deception.
