One of the most severe and challenging threats to Internet security and privacy is phishing, which uses fake websites to steal users' online identities and sensitive information. Existing studies have evaluated younger users' susceptibility to phishing attacks, but have not paid sufficient attention to elderly users' susceptibility to phishing in realistic environments. As the elderly population in the United States and the world continues to grow rapidly, the elderly Internet user population also continues to grow, and seniors have become very attractive targets for online fraud. Traditional forms of phishing have been prevalent for over a decade; in contrast, web single sign-on phishing is a more modern strategy, with unique characteristics that make it more profitable, insidious, and harder to detect than traditional phishing. The goal of this project is to systematically compare younger and older computer users' susceptibility to both the traditional and the newly emergent web single sign-on phishing. We build a comprehensive computer testbed that measures phishing susceptibility in a realistic environment. We hypothesize that older adults will differ from younger adults in terms of their susceptibility to both types of phishing, and that this susceptibility can be explained by differences in cognitive abilities, specifically executive functioning and decision-making skills. The results of this project will advance our knowledge on how and why elderly users may fall victim to phishing, and will provide a solid basis for researchers to further design effective mechanisms to protect elderly users against phishing from both technical and cognitive perspectives.
EAGER: Investigating Elderly Computer Users' Susceptibility to Phishing