Use of phishing training to improve security warning compliance: Evidence from a field experiment

Weining Yang, Aiping Xiong, Jing Chen, Robert W. Proctor, Ninghui Li

Research output: Chapter in Book/Report/Conference proceedingConference contribution

39 Scopus citations

Abstract

The current approach to protect users from phishing attacks is to display a warning when the webpage is considered suspicious. We hypothesize that users are capable of making correct informed decisions when the warning also conveys the reasons why it is displayed. We chose to use traffic rankings of domains, which can be easily described to users, as a warning trigger and evaluated the effect of the phishing warning message and phishing training. The evaluation was conducted in a field experiment. We found that knowledge gained from the training enhances the effectiveness of phishing warnings, as the number of participants being phished was reduced. However, the knowledge by itself was not sufficient to provide phishing protection. We suggest that integrating training in the warning interface, involving traffic ranking in phishing detection, and explaining why warnings are generated will improve current phishing defense.

Original languageEnglish (US)
Title of host publicationHoTSoS 2017 - Symposium and Bootcamp
Subtitle of host publicationHot Topics in the Science of Security
PublisherAssociation for Computing Machinery
Pages52-61
Number of pages10
ISBN (Electronic)9781450352741
DOIs
StatePublished - Apr 4 2017
Event4th Annual Symposium and Bootcamp on Hot Topics in the Science of Security, HoTSoS 2017 - Hanover, United States
Duration: Apr 4 2017Apr 5 2017

Publication series

NameACM International Conference Proceeding Series
VolumePart F127186

Conference

Conference4th Annual Symposium and Bootcamp on Hot Topics in the Science of Security, HoTSoS 2017
Country/TerritoryUnited States
CityHanover
Period4/4/174/5/17

All Science Journal Classification (ASJC) codes

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Use of phishing training to improve security warning compliance: Evidence from a field experiment'. Together they form a unique fingerprint.

Cite this