Effectiveness of a phishing warning in field settings

Weining Yang, Jing Chen, Aiping Xiong, Robert W. Proctor, Ninghui Li

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Scopus citations

Abstract

We have begun to investigate the effectiveness of a phishing warning Chrome extension in a field setting of everyday computer use. A preliminary experiment has been conducted in which participants installed and used the extension. They were required to fill out an online browsing behavior questionnaire by clicking on a survey link sent in a weekly email by us. Two phishing attacks were simulated during the study by directing participants to "fake" (phishing) survey sites we created. Almost all participants who saw the warnings on our fake sites input incorrect passwords, but follow-up interviews revealed that only one participant did so intentionally. A follow-up interview revealed that the warning failure was mainly due to the survey task being mandatory. Another finding of interest from the interview was that about 50% of the participants had never heard of phishing or did not understand its meaning.

Original languageEnglish (US)
Title of host publicationProceedings of the 2015 Symposium and Bootcamp on the Science of Security, HotSoS 2015
PublisherAssociation for Computing Machinery
ISBN (Electronic)9781450333764
DOIs
StatePublished - Apr 21 2015
EventSymposium and Bootcamp on the Science of Security, HotSoS 2015 - Urbana, United States
Duration: Apr 21 2015Apr 22 2015

Publication series

NameACM International Conference Proceeding Series
Volume21-22-April-2015

Other

OtherSymposium and Bootcamp on the Science of Security, HotSoS 2015
CountryUnited States
CityUrbana
Period4/21/154/22/15

    Fingerprint

All Science Journal Classification (ASJC) codes

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications

Cite this

Yang, W., Chen, J., Xiong, A., Proctor, R. W., & Li, N. (2015). Effectiveness of a phishing warning in field settings. In Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, HotSoS 2015 [2746208] (ACM International Conference Proceeding Series; Vol. 21-22-April-2015). Association for Computing Machinery. https://doi.org/10.1145/2746194.2746208