Do Users Focus on the Correct Cues to Differentiate Between Phishing and Genuine Emails?
نویسندگان
چکیده
This paper examines the cues that typically differentiate phishing emails from genuine emails. The research is conducted in two stages. In the first stage, we identify the cues that actually differentiate between phishing and genuine emails. These are the consistency and personalisation of the message, the perceived legitimacy of links and sender, and the presence of spelling or grammatical irregularities. In the second stage, we identify the cues that participants use to differentiate between phishing and genuine emails. This revealed that participants often use cues that are not good indicators of whether an email is phishing or genuine. This includes the presence of legal disclaimers, the quality of visual presentation, and the positive consequences emphasised in the email. This study has implications for education and training and provides a basis for the design and development of targeted and more relevant training and risk communication strategies.
منابع مشابه
Breaching the Human Firewall: Social engineering in Phishing and Spear-Phishing Emails
We examined the influence of three social engineering strategies on users’ judgments of how safe it is to click on a link in an email. The three strategies examined were authority, scarcity and social proof, and the emails were either genuine, phishing or spear-phishing. Of the three strategies, the use of authority was the most effective strategy in convincing users that a link in an email was...
متن کاملManaging Phishing Emails: A Scenario-Based Experiment
In this paper, the authors report on a collaborative research project that investigates how people respond to phishing emails compared to genuine emails and what factors contribute to this behaviour. A scenario-based, role-play experiment was conducted by administering a web-based questionnaire via a series of seminars facilitated by a member of the research team. This questionnaire asked each ...
متن کاملRevisiting Email Spoofing Attacks
The email system is the central battleground against phishing and social engineering attacks, and yet email providers still face key challenges to authenticate incoming emails. As a result, attackers can apply spoofing techniques to impersonate a trusted entity to conduct highly deceptive phishing attacks. In this work, we study email spoofing to answer three key questions: (1) How do email pro...
متن کاملUsing Actions and Intentions to Evaluate Categorical Responses to Phishing and Genuine Emails
While many studies have investigated people’s susceptibility to phishing emails, little attention has been paid to how behavioural responses translate into overall intent when users are not informed they are undertaking a phishing study. This paper examines how well the quantitative multiple-choice categorisation used in such studies reflects the underlying reasoning of the users. The results o...
متن کاملCan we fight social engineering attacks by social means? Assessing social salience as a means to improve phish detection
Phishing continues to be a problem for both individuals and organisations, with billions of dollars lost every year. We propose the use of nudges – more specifically social saliency nudges – that aim to highlight important information to the user when evaluating emails. We used Signal Detection Theory to assess the effects of both sender saliency (highlighting important fields from the sender) ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- CoRR
دوره abs/1605.04717 شماره
صفحات -
تاریخ انتشار 2016