Warning of Phishing Attacks: Supporting Human Information Processing, Identifying Phishing Deception Indicators, and Reducing Vulnerability - January 2016

Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.

PI(s):  Christopher Mayhorn, Emerson Murphy-Hill
Researchers: Allaire Welk, Olga Zielinska

HARD PROBLEM(S) ADDRESSED

• Human Behavior - Ongoing efforts have focused on understanding how mental models vary between novice users, experts (such as IT professionals), and hackers should be useful in accomplishing the ultimate goal of the work: to build secure systems that reduce user vulnerability to phishing. Moreover, mapping out the mental models that underlie security-related decision making should also inform behavioral models of users, security-experts (i.e., system administrators), and adversaries seeking to exploit system functionality. 

PUBLICATIONS
 

ACCOMPLISHMENT HIGHLIGHTS

• Xi Ge (former student) and Emerson Murphy-Hill developed a draft of a manuscript possibly for publication at ACM Interactions that is titled "An exploration of cultural similarities and differences in conceptualizing phishing." This article highlights similiarities and differences in how Indian, Chinese, and Americans conceptualize information security but, unlike previous presentations on the topic, addresses how developers might make practical use of this information in a magazine-like format.

• We are continuing the analysis of the qualitative study to investigate the content of past phishing emails that were compiled from 2010-2015 and housed in databases published by Cornell (n=618), Arizona State (n=106) and Brown University (n=163). Analyses indicate that the majority of entries into the dataset were reported within the 2011-2012 timeframe and that more than 80% utilized a link mechanism for phishing where people were requested to either confirm or update information. Failure to comply with the request would reportedly result in the consequence of account suspension (76.9%) where the sender mentioned a consequence (n=225 emails). 

• Olga Zielinska and Allaire Welk are currently developing proposals for submission to the 3rd Annual HotSoS Conference to be held in Pittsburgh, PA from April 19-21, 2016. Ms. Zielinska plans to submit findings from her work on the qualitative email evaluations listed above while Ms. Allaire (and co-author Carl Pearson) will submit results from an experiment that investigated decision making and the role of reliance on automation.