Visible to the public Alexa in Phishingland: Empirical Assessment of Susceptibility to Phishing Pretexting in Voice Assistant Environments

TitleAlexa in Phishingland: Empirical Assessment of Susceptibility to Phishing Pretexting in Voice Assistant Environments
Publication TypeConference Paper
Year of Publication2021
AuthorsSharevski, Filipo, Jachim, Peter
Conference Name2021 IEEE Security and Privacy Workshops (SPW)
Date Publishedmay
KeywordsAmazon Alexa, Conferences, Electronic mail, Human Behavior, IoT security, phishing, Phishing Susceptibility, privacy, pubcrawl, security, Virtual assistants, Voice assistant security
AbstractThis paper investigates what cues people use to spot a phishing email when the email is spoken back to them by the Alexa voice assistant, instead of read on a screen. We configured Alexa to read there emails to a sample of 52 participants and ask for their phishing evaluations. We also asked a control group of another 52 participants to evaluate these emails on a regular screen to compare the plausibility of phishing pretexting in voice assistant environments. The results suggest that Alexa can be used for pretexting users that lack phishing awareness to receive and act upon a relatively urgent email from an authoritative sender. Inspecting the sender (authority cue") and relying on their personal experiences helped participants with higher phishing awareness to use Alexa towards a preliminary email screening to flag an email as potentially "phishing."
DOI10.1109/SPW53761.2021.00034
Citation Keysharevski_alexa_2021