TY - GEN
T1 - Use of phishing training to improve security warning compliance
T2 - 4th Annual Symposium and Bootcamp on Hot Topics in the Science of Security, HoTSoS 2017
AU - Yang, Weining
AU - Xiong, Aiping
AU - Chen, Jing
AU - Proctor, Robert W.
AU - Li, Ninghui
N1 - Publisher Copyright:
© 2017 ACM.
PY - 2017/4/4
Y1 - 2017/4/4
N2 - The current approach to protect users from phishing attacks is to display a warning when the webpage is considered suspicious. We hypothesize that users are capable of making correct informed decisions when the warning also conveys the reasons why it is displayed. We chose to use traffic rankings of domains, which can be easily described to users, as a warning trigger and evaluated the effect of the phishing warning message and phishing training. The evaluation was conducted in a field experiment. We found that knowledge gained from the training enhances the effectiveness of phishing warnings, as the number of participants being phished was reduced. However, the knowledge by itself was not sufficient to provide phishing protection. We suggest that integrating training in the warning interface, involving traffic ranking in phishing detection, and explaining why warnings are generated will improve current phishing defense.
AB - The current approach to protect users from phishing attacks is to display a warning when the webpage is considered suspicious. We hypothesize that users are capable of making correct informed decisions when the warning also conveys the reasons why it is displayed. We chose to use traffic rankings of domains, which can be easily described to users, as a warning trigger and evaluated the effect of the phishing warning message and phishing training. The evaluation was conducted in a field experiment. We found that knowledge gained from the training enhances the effectiveness of phishing warnings, as the number of participants being phished was reduced. However, the knowledge by itself was not sufficient to provide phishing protection. We suggest that integrating training in the warning interface, involving traffic ranking in phishing detection, and explaining why warnings are generated will improve current phishing defense.
UR - http://www.scopus.com/inward/record.url?scp=85022009974&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85022009974&partnerID=8YFLogxK
U2 - 10.1145/3055305.3055310
DO - 10.1145/3055305.3055310
M3 - Conference contribution
AN - SCOPUS:85022009974
T3 - ACM International Conference Proceeding Series
SP - 52
EP - 61
BT - HoTSoS 2017 - Symposium and Bootcamp
PB - Association for Computing Machinery
Y2 - 4 April 2017 through 5 April 2017
ER -