TY - GEN
T1 - Effectiveness of a phishing warning in field settings
AU - Yang, Weining
AU - Chen, Jing
AU - Xiong, Aiping
AU - Proctor, Robert W.
AU - Li, Ninghui
N1 - Publisher Copyright:
Copyright is held by the owner/author(s).
PY - 2015/4/21
Y1 - 2015/4/21
N2 - We have begun to investigate the effectiveness of a phishing warning Chrome extension in a field setting of everyday computer use. A preliminary experiment has been conducted in which participants installed and used the extension. They were required to fill out an online browsing behavior questionnaire by clicking on a survey link sent in a weekly email by us. Two phishing attacks were simulated during the study by directing participants to "fake" (phishing) survey sites we created. Almost all participants who saw the warnings on our fake sites input incorrect passwords, but follow-up interviews revealed that only one participant did so intentionally. A follow-up interview revealed that the warning failure was mainly due to the survey task being mandatory. Another finding of interest from the interview was that about 50% of the participants had never heard of phishing or did not understand its meaning.
AB - We have begun to investigate the effectiveness of a phishing warning Chrome extension in a field setting of everyday computer use. A preliminary experiment has been conducted in which participants installed and used the extension. They were required to fill out an online browsing behavior questionnaire by clicking on a survey link sent in a weekly email by us. Two phishing attacks were simulated during the study by directing participants to "fake" (phishing) survey sites we created. Almost all participants who saw the warnings on our fake sites input incorrect passwords, but follow-up interviews revealed that only one participant did so intentionally. A follow-up interview revealed that the warning failure was mainly due to the survey task being mandatory. Another finding of interest from the interview was that about 50% of the participants had never heard of phishing or did not understand its meaning.
UR - http://www.scopus.com/inward/record.url?scp=84986538270&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84986538270&partnerID=8YFLogxK
U2 - 10.1145/2746194.2746208
DO - 10.1145/2746194.2746208
M3 - Conference contribution
AN - SCOPUS:84986538270
T3 - ACM International Conference Proceeding Series
BT - Proceedings of the 2015 Symposium and Bootcamp on the Science of Security, HotSoS 2015
PB - Association for Computing Machinery
T2 - Symposium and Bootcamp on the Science of Security, HotSoS 2015
Y2 - 21 April 2015 through 22 April 2015
ER -