Warning of Phishing Attacks: Supporting Human Information Processing, Identifying Phishing Deception Indicators, and Reducing Vulnerability - April 2016

Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.

PI(s):  Christopher Mayhorn, Emerson Murphy-Hill
Researchers: Allaire Welk, Olga Zielinska

HARD PROBLEM(S) ADDRESSED

• Human Behavior - Ongoing efforts have focused on understanding how mental models vary between novice users, experts (such as IT professionals), and hackers should be useful in accomplishing the ultimate goal of the work: to build secure systems that reduce user vulnerability to phishing. Moreover, mapping out the mental models that underlie security-related decision making should also inform behavioral models of users, security-experts (i.e., system administrators), and adversaries seeking to exploit system functionality. 

PUBLICATIONS

• Olga A. Zielinska, Allaire K. Welk, Emerson Murphy-Hill, Christopher B. Mayhorn.  2016.  A temporal analysis of persuasion principles in phishing emails. Human Factors and Ergonomics Society 60th Annual Meeting.

• Olga A. Zielinska, Allaire K. Welk, Murphy-Hill, Emerson, Mayhorn, Christopher B..  2016.  The underlying phish: Examining the social psychological principles hidden in the phishing email message. Symposium and Bootcamp on the Science of Security..

• C. Pearson, Allaire K. Welk, Mayhorn, Christopher B..  2016.  In automation we trust: Identifying varying levels of trust in human and automated information sources. Human Factors and Ergonomics Society 60th Annual Meeting.

• C. Pearson, Allaire K. Welk, W. Boettcher, R. Mayer, S. Streck, J. Simons-Rodolph, Mayhorn, Christopher B..  2016.  Differences in trust between human and automated decision aids. Symposium and Bootcamp on the Science of Security.

ACCOMPLISHMENT HIGHLIGHTS

• In preparation for the next experiment where we will investigate the relationship between personality characteristics and persuasion techniques used in particular phishing messages, an IRB application has been submitted to both NCSU and Leslie Pool at the NSA. IRB status has been approved and programming of the Qualtrics tool is underway with data collection to begin in late April.