Effectiveness of a phishing warning in field settings

Weining Yang, Jing Chen, Aiping Xiong, Robert W. Proctor, Ninghui Li

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

We have begun to investigate the effectiveness of a phishing warning Chrome extension in a field setting of everyday computer use. A preliminary experiment has been conducted in which participants installed and used the extension. They were required to fill out an online browsing behavior questionnaire by clicking on a survey link sent in a weekly email by us. Two phishing attacks were simulated during the study by directing participants to "fake" (phishing) survey sites we created. Almost all participants who saw the warnings on our fake sites input incorrect passwords, but follow-up interviews revealed that only one participant did so intentionally. A follow-up interview revealed that the warning failure was mainly due to the survey task being mandatory. Another finding of interest from the interview was that about 50% of the participants had never heard of phishing or did not understand its meaning.

Original languageEnglish (US)
Title of host publicationProceedings of the 2015 Symposium and Bootcamp on the Science of Security, HotSoS 2015
PublisherAssociation for Computing Machinery
ISBN (Electronic)9781450333764
DOIs
StatePublished - Apr 21 2015
EventSymposium and Bootcamp on the Science of Security, HotSoS 2015 - Urbana, United States
Duration: Apr 21 2015Apr 22 2015

Publication series

NameACM International Conference Proceeding Series
Volume21-22-April-2015

Other

OtherSymposium and Bootcamp on the Science of Security, HotSoS 2015
CountryUnited States
CityUrbana
Period4/21/154/22/15

Fingerprint

Electronic mail
Telecommunication links
Experiments

All Science Journal Classification (ASJC) codes

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications

Cite this

Yang, W., Chen, J., Xiong, A., Proctor, R. W., & Li, N. (2015). Effectiveness of a phishing warning in field settings. In Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, HotSoS 2015 [2746208] (ACM International Conference Proceeding Series; Vol. 21-22-April-2015). Association for Computing Machinery. https://doi.org/10.1145/2746194.2746208
Yang, Weining ; Chen, Jing ; Xiong, Aiping ; Proctor, Robert W. ; Li, Ninghui. / Effectiveness of a phishing warning in field settings. Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, HotSoS 2015. Association for Computing Machinery, 2015. (ACM International Conference Proceeding Series).
@inproceedings{1465ca21fb694f689e1a703b6fc39498,
title = "Effectiveness of a phishing warning in field settings",
abstract = "We have begun to investigate the effectiveness of a phishing warning Chrome extension in a field setting of everyday computer use. A preliminary experiment has been conducted in which participants installed and used the extension. They were required to fill out an online browsing behavior questionnaire by clicking on a survey link sent in a weekly email by us. Two phishing attacks were simulated during the study by directing participants to {"}fake{"} (phishing) survey sites we created. Almost all participants who saw the warnings on our fake sites input incorrect passwords, but follow-up interviews revealed that only one participant did so intentionally. A follow-up interview revealed that the warning failure was mainly due to the survey task being mandatory. Another finding of interest from the interview was that about 50{\%} of the participants had never heard of phishing or did not understand its meaning.",
author = "Weining Yang and Jing Chen and Aiping Xiong and Proctor, {Robert W.} and Ninghui Li",
year = "2015",
month = "4",
day = "21",
doi = "10.1145/2746194.2746208",
language = "English (US)",
series = "ACM International Conference Proceeding Series",
publisher = "Association for Computing Machinery",
booktitle = "Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, HotSoS 2015",

}

Yang, W, Chen, J, Xiong, A, Proctor, RW & Li, N 2015, Effectiveness of a phishing warning in field settings. in Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, HotSoS 2015., 2746208, ACM International Conference Proceeding Series, vol. 21-22-April-2015, Association for Computing Machinery, Symposium and Bootcamp on the Science of Security, HotSoS 2015, Urbana, United States, 4/21/15. https://doi.org/10.1145/2746194.2746208

Effectiveness of a phishing warning in field settings. / Yang, Weining; Chen, Jing; Xiong, Aiping; Proctor, Robert W.; Li, Ninghui.

Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, HotSoS 2015. Association for Computing Machinery, 2015. 2746208 (ACM International Conference Proceeding Series; Vol. 21-22-April-2015).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Effectiveness of a phishing warning in field settings

AU - Yang, Weining

AU - Chen, Jing

AU - Xiong, Aiping

AU - Proctor, Robert W.

AU - Li, Ninghui

PY - 2015/4/21

Y1 - 2015/4/21

N2 - We have begun to investigate the effectiveness of a phishing warning Chrome extension in a field setting of everyday computer use. A preliminary experiment has been conducted in which participants installed and used the extension. They were required to fill out an online browsing behavior questionnaire by clicking on a survey link sent in a weekly email by us. Two phishing attacks were simulated during the study by directing participants to "fake" (phishing) survey sites we created. Almost all participants who saw the warnings on our fake sites input incorrect passwords, but follow-up interviews revealed that only one participant did so intentionally. A follow-up interview revealed that the warning failure was mainly due to the survey task being mandatory. Another finding of interest from the interview was that about 50% of the participants had never heard of phishing or did not understand its meaning.

AB - We have begun to investigate the effectiveness of a phishing warning Chrome extension in a field setting of everyday computer use. A preliminary experiment has been conducted in which participants installed and used the extension. They were required to fill out an online browsing behavior questionnaire by clicking on a survey link sent in a weekly email by us. Two phishing attacks were simulated during the study by directing participants to "fake" (phishing) survey sites we created. Almost all participants who saw the warnings on our fake sites input incorrect passwords, but follow-up interviews revealed that only one participant did so intentionally. A follow-up interview revealed that the warning failure was mainly due to the survey task being mandatory. Another finding of interest from the interview was that about 50% of the participants had never heard of phishing or did not understand its meaning.

UR - http://www.scopus.com/inward/record.url?scp=84986538270&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84986538270&partnerID=8YFLogxK

U2 - 10.1145/2746194.2746208

DO - 10.1145/2746194.2746208

M3 - Conference contribution

T3 - ACM International Conference Proceeding Series

BT - Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, HotSoS 2015

PB - Association for Computing Machinery

ER -

Yang W, Chen J, Xiong A, Proctor RW, Li N. Effectiveness of a phishing warning in field settings. In Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, HotSoS 2015. Association for Computing Machinery. 2015. 2746208. (ACM International Conference Proceeding Series). https://doi.org/10.1145/2746194.2746208