Can We Fight Social Engineering Attacks By Social Means? Assessing Social Salience as a Means to Improve Phish Detection

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

10 Downloads (Pure)

Abstract

Phishing continues to be a problem for both individuals and organisations, with billions of dollars lost every year. We propose the use of nudges – more specifically social saliency nudges that aim to highlight important information to the user when evaluating emails. We used a signal detection analysis to assess the effects of both sender saliency (highlighting important fields from the sender) and receiver saliency (showing numbers of other users in receipt of the same email). Sender saliency improved phish detection but did not introduce any unwanted response bias. Users were asked to rate their confidence in their own judgements and these confidence scores were poorly calibrated with actual performance, particularly for phishing (as opposed to genuine) emails. We also examined the role of impulsive behaviour on phish detection, concluding that those who score highly on dysfunctional impulsivity are less likely to detect the presence of phishing emails.
Original languageEnglish
Title of host publicationProceedings of the 13th Symposium on Usable Privacy and Security (0SOUPS 2017)
Subtitle of host publicationSanta Clara, CA, USA, July 12–14, 2017
PublisherUsenix
Pages285-298
Number of pages14
ISBN (Electronic)9781931971393
Publication statusPublished - 12 Jul 2017
Event13th Symposium on Usable Privacy and Security, SOUPS 2017 - Santa Clara, United States
Duration: 12 Jul 201714 Jul 2017

Conference

Conference13th Symposium on Usable Privacy and Security, SOUPS 2017
CountryUnited States
CitySanta Clara
Period12/07/1714/07/17

Fingerprint

Dive into the research topics of 'Can We Fight Social Engineering Attacks By Social Means? Assessing Social Salience as a Means to Improve Phish Detection'. Together they form a unique fingerprint.

Cite this