It's all about the Benjamins: An empirical study on incentivizing users to ignore security advice

Nicolas Christin, Serge Egelman, Timothy Vidas, Jens Grossklags

Research output: Chapter in Book/Report/Conference proceedingConference contribution

23 Scopus citations

Abstract

We examine the cost for an attacker to pay users to execute arbitrary code-potentially malware. We asked users at home to download and run an executable we wrote without being told what it did and without any way of knowing it was harmless. Each week, we increased the payment amount. Our goal was to examine whether users would ignore common security advice-not to run untrusted executables-if there was a direct incentive, and how much this incentive would need to be. We observed that for payments as low as $0.01, 22% of the people who viewed the task ultimately ran our executable. Once increased to $1.00, this proportion increased to 43%. We show that as the price increased, more and more users who understood the risks ultimately ran the code. We conclude that users are generally unopposed to running programs of unknown provenance, so long as their incentives exceed their inconvenience.

Original languageEnglish (US)
Title of host publicationFinancial Cryptography and Data Security - 15th International Conference, FC 2011, Revised Selected Papers
Pages16-30
Number of pages15
DOIs
StatePublished - 2012
Event15th International Conference on Financial Cryptography and Data Security, FC 2011 - Gros Islet, Saint Lucia
Duration: Feb 28 2011Mar 4 2011

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7035 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other15th International Conference on Financial Cryptography and Data Security, FC 2011
CountrySaint Lucia
CityGros Islet
Period2/28/113/4/11

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'It's all about the Benjamins: An empirical study on incentivizing users to ignore security advice'. Together they form a unique fingerprint.

Cite this