Online social engineering attacks have been often used for cybercrime activities. These attacks are low cost and complicate attack attribution. Pure technical defense solutions cannot counter them, which rely on human gullibility. Humans often engage in short-cut decision-making, which can lead to errors. Another expectation is that users should be able to understand complex security tips, which do not consider user demographics. User age has been overlooked in understanding these attacks and user behavior related to them. This project investigates the influence of user age on the type and the effectiveness of social engineering attacks through user studies involving young and older adults. In this research, participants are first monitored in their homes while using the Internet and receiving age-targeted malicious e-mails. Then, in a lab session involving benign and malicious Internet activities, the experimental group receives age-targeted cues about the attacks. Participants' visual attention is monitored with eye tracking technology. The results of these studies allow the development of a browser extension to cue users in an age-targeted fashion about risky situations online. This project represents a paradigm change: age-targeted security information reaches users at the time they need it, and not the other way around. This research will lead to widespread benefits on Internet safety for end-users, especially to the population of older adults, who will likely be a target of the next generation of social engineering attacks.
EAGER: Age-Targeted Automated Cueing Against Cyber Social Engineering Attacks