Date of Original Version

2008

Type

Conference Proceeding

Rights Management

© ACM, 2008. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in Proceeding of the twenty-sixth annual SIGCHI conference on Human factors in computing systems {978-1-60558-011-1 (2008)} http://doi.acm.org/10.1145/1357054.1357219

Abstract or Description

Many popular web browsers now include active phishing warnings since research has shown that passive warnings are often ignored. In this laboratory study we examine the effectiveness of these warnings and examine if, how, and why they fail users. We simulated a spear phishing attack to expose users to browser warnings. We found that 97% of our sixty participants fell for at least one of the phishing messages that we sent them. However, we also found that when presented with the active warnings, 79% of participants heeded them, which was not the case for the passive warning that we tested—where only one participant heeded the warnings. Using a model from the warning sciences we analyzed how users perceive warning messages and offer suggestions for creating more effective phishing warnings.

Comments

© ACM, 2008. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in Proceeding of the twenty-sixth annual SIGCHI conference on Human factors in computing systems {978-1-60558-011-1 (2008)} http://doi.acm.org/10.1145/1357054.1357219

Share

COinS