Warning of Phishing Attacks: Supporting Human Information Processing, Identifying Phishing Deception Indicators, and Reducing Vulnerability - October 2015

Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.

PI(s):  Christopher Mayhorn, Emerson Murphy-Hill
Researchers: Allaire Welk, Olga Zielinska

HARD PROBLEM(S) ADDRESSED

• Human Behavior - Ongoing efforts have focused on understanding how mental models vary between novice users, experts (such as IT professionals), and hackers should be useful in accomplishing the ultimate goal of the work: to build secure systems that reduce user vulnerability to phishing. Moreover, mapping out the mental models that underlie security-related decision making should also inform behavioral models of users, security-experts (i.e., system administrators), and adversaries seeking to exploit system functionality. 

PUBLICATIONS

• Welk, A., Zielinska, O., Tembe, R., Xe, G., Hong, K. W., Murphy-Hill, E., Mayhorn, C. B..  In Press.  Will the “Phisher-men” Reel you in? Assessing Individual Differences in a Phishing Detection Task International Journal of Cyber Behavior, Psychology, and Learning.

ACCOMPLISHMENT HIGHLIGHTS

• We began work on a qualitative study to investigate the content of past phishing emails that were compiled from 2010-2015 and housed in databases published by Cornell (n=618), Arizona State (n=106) and Brown University (n=163). 

• Preliminary analyses of results from the 887 emails suggest that a common mode of attack appears to come from an IT Administrator (30%) where users are asked to verify account information by clicking on a provided link. In 46.4% of these cases, capital letters are used to attract attention to the message. Observations from the coders also suggest that many attackers unknowingly leave attentional cues that detract from the "sucess" of the message because users noticed issues such as misspelled words (21.18%) and grammatical errors (34.01%) that alerted users to the  illegitimate nature of the message. Consequences of not responding to the phishing message often included a loss of access to the user's account (32.42%).

• Ongoing analyses are being conducted to determine whether these trends are steady over time (from 2010-2015) or whether phishers are becoming more careful in their use of attentional cues during message generation. Also, we plan to compile a set of "more professional" phishing messages that are potentially more likely to be successful in extracting personal information from users than the "red herring" messages that are easily identified.

• Research assistant, Olga Zielinska will present her lablet work on the differences between expert and novice mental models of the consequences of phishing at the Annual Meeting of the Human Factors and Ergonomics Society on Oct. 25, 2015.