Warning of Phishing Attacks: Supporting Human Information Processing, Identifying Phishing Deception Indicators, and Reducing Vulnerability - July 2016

Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.

PI(s):  Christopher Mayhorn, Emerson Murphy-Hill
Researchers: Allaire Welk, Olga Zielinska

HARD PROBLEM(S) ADDRESSED

• Human Behavior - Ongoing efforts have focused on understanding how mental models vary between novice users, experts (such as IT professionals), and hackers should be useful in accomplishing the ultimate goal of the work: to build secure systems that reduce user vulnerability to phishing. Moreover, mapping out the mental models that underlie security-related decision making should also inform behavioral models of users, security-experts (i.e., system administrators), and adversaries seeking to exploit system functionality. 

PUBLICATIONS

• Zielinska, Olga, Welk, Allaire, Mayhorn, Christopher B., Murphy-Hill, Emerson.  2016.  The Persuasive Phish: Examining the Social Psychological Principles Hidden in Phishing Emails. Proceedings of the Symposium and Bootcamp on the Science of Security. :126–126. doi: 10.1145/2898375.2898382
  URL: http://doi.acm.org/10.1145/2898375.2898382

• Pearson, Carl J., Welk, Allaire K., Boettcher, William A., Mayer, Roger C., Streck, Sean, Simons-Rudolph, Joseph M., Mayhorn, Christopher B..  2016.  Differences in Trust Between Human and Automated Decision Aids. Proceedings of the Symposium and Bootcamp on the Science of Security. :95–98. doi: 10.1145/2898375.2898385
  URL: http://doi.acm.org/10.1145/2898375.2898385

ACCOMPLISHMENT HIGHLIGHTS

• We are in the process of completing our study of the interaction between personality and susceptibility to different phishing attacks (that vary by persuasion principles) identified from our corpus of phishing stimuli used in previous efforts. We encountered some difficulties with stimulus development but have been able to proceed to populating Qualtrics, the software used to present our stimulus materials. Data collection will begin no later than mid-July. 
• In April, Olga Zielinska's work with the SoS Lablet was featured in the College of Humanities and Social Sciences newsletter at NCSU (see link: http://news.chass.ncsu.edu/2016/04/21/exploring-the-evolution-of-phishing/)