Abstract. Ever more processes of our daily lives are shifting into the digital realm. Consequently, users face a variety of IT-security threats with possibly severe ramifications. It has been shown that technical measures alone are insufficient to counter all threats. For instance, it takes technical measures on average 32 hours before identifying and blocking phishing websites. Therefore, teaching users how to identify malicious websites is of utmost importance, if they are to be protected at all times. A number of ways to deliver the necessary knowledge to users exist. Among the most broadly used are instructor-based, computer-based and text-based training. We compare all three formats in the security context, or to be more precise in the context of anti-phishing training.
Phishing is a prevalent issue in today's Internet. It can have financial or personal consequences. Attacks continue to become more and more sophisticated and the advanced ones (including spear phishing) can only be detected if people carefully check URLs -be it in messages or in the address bar of the web browser. We developed a game-based smartphone app -NoPhish -to educate people in accessing, parsing and checking URLs; i.e. enabling them to distinguish between trustworthy and non-trustworthy messages and websites. Throughout several levels of the game information is provided and phishing detection is exercised in a playful manner. Several learning principles were applied and the interfaces and texts were developed in a user-centered design.
Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.Abstract-Phishing attacks still pose a significant problem and purely technical solutions cannot solve this problem. While research literature in general shows that educating users in security is hard, the Anti-Phishing Landing Page proposed by CMU researchers seems promising as it appears in the most teachable moment -namely once someone clicked on a link and was very likely to fall for phishing. While this page is already in use and exists in many languages we show that it is not effective in Germany as most users leave the page immediately without having read any advice. We therefore explore options to adopt their ideas for Germany. We focus on which are the trustworthy institutes that could provide such a landing page on their web pages and what is an appropriate headline and design.
Purpose – The purpose of this study was to develop and test SCoP. Users find comparing long meaningless strings of alphanumeric characters difficult. While visual hashes – where users compare images rather than strings – have been proposed as an alternative, people are unable to sufficiently distinguish more than 30 bits, which does not provide adequate security against collision attacks. Our goal is to improve the situation. Design/methodology/approach – A visual hash scheme was developed using shapes, colours, patterns and position parameters. It was evaluated in a series of pilot user studies and improved iteratively, leading to SCoP, which encodes 60 distinguishable bits. We tested SCoP further in two follow-up studies, simulating verifying in remote electronic voting and https certificate validation. Findings – Participants attained an average accuracy rate of 97 per cent with SCoP when comparing two visual hash images, one placed above the other. From the follow-up studies, SCoP was seen to be more promising for the https certificate validation use case, with direct image comparison, while a low average accuracy rate in simulating verifiability in remote electronic voting limits its applicability in an image-recall use case. Research limitations/implications – Participants achieved high accuracy rates in unrealistic situations, where the images appeared on the screen at the same time and in the same size. Studies in more realistic situations are therefore necessary. Originality/value – We identify a visual hash scheme encoding a higher number of distinguishable bits than previously reported in literature, and extend the testing to realistic scenarios.
Abstract. Advances in information technology have simplified many processes in our lives. However, in many cases trust issues arise when new technology is introduced, and voting is one prominent example. To increase voters' trust, current e-voting systems provide paper audit trails (PATs) which enable automatic tally and/or manual audit of the election result. PATs may contain only the encrypted vote or the plaintext vote in human-readable and/or machine-readable format. Previous studies report voter privacy concerns with PATs containing additional information (e.g. QR-Codes) other than the human-readable plaintext vote. However, omitting such PATs negatively influences security and/or efficiency. Hence, to address these concerns we applied the coping and threat appraisal principles of the protection motivation theory in the communication process. We evaluated them in separate surveys focused on the EasyVote system [15]. Results show that the coping appraisal is more promising than the threat appraisal approach. While our findings provide novel directions on addressing privacy concerns in the e-voting context, corresponding limitations need to be considered for future user studies.
Phishing ist noch immer ein verbreitetes Problem im Internet. Konsequenzen von Phishing können sowohl finanzieller als auch persönlicher Natur sein. Phishingangriffe werden ausgefeilter und sind nicht mehr einfach anhand fehlerhafter Rechtschreibung oder Grammatik zu identifizieren. Somit ist es für Internetnutzer wichtig den Aufbau von URLs zu verstehen um sich gegen Phishingangriffe schutzen zu können. Das von uns entwickelte "NoPhish" Training basiert auf der Idee Nutzern sowohl die notwendige Awareness als auch die notwendigen Fähigkeiten zur Identifikation von Phishingangriffen zu vermitteln. Wir haben NoPhish mit einer Nutzerstudie empirisch evaluiert und können eine signifikante Verbesserung der Teilnehmer in diesen Bereichen zeigen.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.