Visible to the public Exploring expert and novice mental models of phishing

TitleExploring expert and novice mental models of phishing
Publication TypeConference Proceedings
Year of Publication2015
AuthorsOlga Zielinska, Allaire Welk, Christopher B. Mayhorn, Emerson Murphy-Hill
Conference NameHotSoS: Symposium and Bootcamp on the Science of Security
Conference LocationUrbana-Champaign, IL
KeywordsWarning of Phishing Attacks, Supporting Human Information Processing, Identifying Phishin Deception Indicators, and Reducing Vulnerability
Abstract

Experience influences actions people take in protecting themselves against phishing. One way to measure experience is through mental models. Mental models are internal representations of a concept or system that develop with experience. By rating pairs of concepts on the strength of their relationship, networks can be created through Pathfinder, showing an in-depth analysis of how information is organized. Researchers had novice and expert computer users rate three sets of terms related to phishing. The terms were divided into three categories: prevention of phishing, trends and characteristics of phishing attacks, and the consequences of phishing. Results indicated that expert mental models were more complex with more links between concepts. Specifically, experts had sixteen, thirteen, and fifteen links in the networks describing the prevention, trends, and consequences of phishing, respectively; however, novices only had eleven, nine, and nine links in the networks describing prevention, trends, and consequences of phishing, respectively. These preliminary results provide quantifiable network displays of mental models of novices and experts that cannot be seen through interviews. This information could provide a basis for future research on how mental models could be used to determine phishing vulnerability and the effectiveness of phishing training.

Citation Keynode-18823
Refereed DesignationUnknown