Warning of Phishing Attacks: Supporting Human Information Processing, Identifying Phishing Deception Indicators, and Reducing Vulnerability - October 2014

Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.

PI(s):  Christopher Mayhorn, Emerson Murphy-Hill
Researchers: Allaire Welk, Olga Zielinska

HARD PROBLEM(S) ADDRESSED

• Human Behavior - This preliminary work in understanding how mental models vary between novice users, experts (such as IT professionals), and hackers should be useful in accomplishing the ultimate goal of the work: to build secure systems that reduce user vulnerability to phishing.

PUBLICATIONS
Report papers written as a results of this research. If accepted by or submitted to a journal, which journal. If presented at a conference, which conference.

ACCOMPLISHMENT HIGHLIGHTS

• We have completed data collection from the novices recruited for the mental models experiment. In preparation for the Industry Day Lablet meeting at NCSU on Oct. 24, we plan to recruit our "knowledgeable" sample of computer security professionals so that we can complete data collection on this project. By recruiting from these two diverse samples that vary considerably on security-related knowledge, we hope to expose how novices differ from experts on how they conceptualize system security attributes. Knowledge of these differences in mental models should allow us to recommend interventions that can promote security for all users (but most specifically novices). 
• Preliminary data analysis on this project has been initiated. 
• To demonstrate our knowledge dissemination, we are presenting our Lablet research at the Oct. 24 (Industry Day), a meeting of the Carolinas Chapter of the Human Factors and Ergonomics Society (HFES) on Oct. 23, and at the international conference for HFES in Chicago from Oct. 27-31.