skip to main content
10.1145/2746194.2746208acmotherconferencesArticle/Chapter ViewAbstractPublication PageshotsosConference Proceedingsconference-collections
poster

Effectiveness of a phishing warning in field settings

Published: 21 April 2015 Publication History

Abstract

We have begun to investigate the effectiveness of a phishing warning Chrome extension in a field setting of everyday computer use. A preliminary experiment has been conducted in which participants installed and used the extension. They were required to fill out an online browsing behavior questionnaire by clicking on a survey link sent in a weekly email by us. Two phishing attacks were simulated during the study by directing participants to "fake" (phishing) survey sites we created. Almost all participants who saw the warnings on our fake sites input incorrect passwords, but follow-up interviews revealed that only one participant did so intentionally. A follow-up interview revealed that the warning failure was mainly due to the survey task being mandatory. Another finding of interest from the interview was that about 50% of the participants had never heard of phishing or did not understand its meaning.

References

[1]
The Oxford English Dictionary. Oxford University Press, 2015.
[2]
A. Bergholz, J. H. Chang, G. Paaß, F. Reichartz, and S. Strobel. Improved phishing detection using model-based features. In CEAS, 2008.
[3]
R. Dhamija, J. D. Tygar, and M. Hearst. Why phishing works. In Proceedings of the SIGCHI conference on Human Factors in computing systems, pages 581--590. ACM, 2006.
[4]
S. Egelman, L. F. Cranor, and J. Hong. You've been warned: an empirical study of the effectiveness of web browser phishing warnings. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pages 1065--1074. ACM, 2008.
[5]
T. N. Jagatic, N. A. Johnson, M. Jakobsson, and F. Menczer. Social phishing. Communications of the ACM, 50(10): 94--100, 2007.
[6]
S. Sheng, B. Wardman, G. Warner, L. Cranor, J. Hong, and C. Zhang. An empirical analysis of phishing blacklists. In Sixth Conference on Email and Anti-Spam (CEAS). California, USA, 2009.

Cited By

View all
  • (2024)Where Do Users Look When Deciding If a Text Message is Safe or Malicious?Proceedings of the Human Factors and Ergonomics Society Annual Meeting10.1177/1071181324126420468:1(221-225)Online publication date: 12-Aug-2024
  • (2024)Investigating Training and Priming to Combat Phishing on Instagram ShopProceedings of the Human Factors and Ergonomics Society Annual Meeting10.1177/1071181324126138468:1(1606-1607)Online publication date: 29-Aug-2024
  • (2024)Cognition in Social Engineering Empirical Research: A Systematic Literature ReviewACM Transactions on Computer-Human Interaction10.1145/363514931:2(1-55)Online publication date: 29-Jan-2024
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
HotSoS '15: Proceedings of the 2015 Symposium and Bootcamp on the Science of Security
April 2015
170 pages
ISBN:9781450333764
DOI:10.1145/2746194
  • General Chair:
  • David Nicol
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Sponsors

  • US Army Research Office: US Army Research Office
  • NSF: National Science Foundation
  • University of Illinois at Urbana-Champaign
  • National Security Agency: National Security Agency

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 April 2015

Check for updates

Author Tags

  1. phishing
  2. phishing warning

Qualifiers

  • Poster

Funding Sources

  • National Security Agency as part of a Science of Security lablet

Conference

HotSoS '15
Sponsor:
  • US Army Research Office
  • NSF
  • National Security Agency

Acceptance Rates

HotSoS '15 Paper Acceptance Rate 13 of 22 submissions, 59%;
Overall Acceptance Rate 34 of 60 submissions, 57%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)15
  • Downloads (Last 6 weeks)6
Reflects downloads up to 17 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Where Do Users Look When Deciding If a Text Message is Safe or Malicious?Proceedings of the Human Factors and Ergonomics Society Annual Meeting10.1177/1071181324126420468:1(221-225)Online publication date: 12-Aug-2024
  • (2024)Investigating Training and Priming to Combat Phishing on Instagram ShopProceedings of the Human Factors and Ergonomics Society Annual Meeting10.1177/1071181324126138468:1(1606-1607)Online publication date: 29-Aug-2024
  • (2024)Cognition in Social Engineering Empirical Research: A Systematic Literature ReviewACM Transactions on Computer-Human Interaction10.1145/363514931:2(1-55)Online publication date: 29-Jan-2024
  • (2021)Phishing Evolves: Analyzing the Enduring CybercrimeVictims & Offenders10.1080/15564886.2020.182922416:3(316-342)Online publication date: 16-Feb-2021
  • (2019)Put Your Warning Where Your Link IsProceedings of the 2019 CHI Conference on Human Factors in Computing Systems10.1145/3290605.3300748(1-15)Online publication date: 2-May-2019
  • (2019)Understanding User Behaviors When Phishing Attacks Occur2019 IEEE International Conference on Intelligence and Security Informatics (ISI)10.1109/ISI.2019.8823468(222-222)Online publication date: Jul-2019
  • (2016)Baiting the hookHuman-centric Computing and Information Sciences10.1186/s13673-016-0065-26:1(1-20)Online publication date: 1-Dec-2016

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media