Understanding Phishing Email Processing and Perceived Trustworthiness Through Eye Tracking

McAlaney, John; Hills, Peter J.

doi:10.3389/fpsyg.2020.01756

Cited by 19 publications

(17 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In RQ1, we identified the nature of cybersecurity attacks being experienced by healthcare organisations, and the articles selected in the review received higher rankings than the papers with a lower ranking. This is due to the fact that several articles reported studies on the impact of ransomware (e.g., WannaCry) [ 20 , 32 , 42 , 43 ] and phishing attacks [ 9 , 10 , 13 , 14 , 15 , 41 , 44 , 45 , 46 , 47 ], to name a few being launched against healthcare organisations.…”

Section: Resultsmentioning

confidence: 99%

Influence of Human Factors on Cyber Security within Healthcare Organisations: A Systematic Review

Nifakos

Chandramouli

Nikolaou

et al. 2021

Sensors

View full text Add to dashboard Cite

Background: Cybersecurity is increasingly becoming a prominent concern among healthcare providers in adopting digital technologies for improving the quality of care delivered to patients. The recent reports on cyber attacks, such as ransomware and WannaCry, have brought to life the destructive nature of such attacks upon healthcare. In complement to cyberattacks, which have been targeted against the vulnerabilities of information technology (IT) infrastructures, a new form of cyber attack aims to exploit human vulnerabilities; such attacks are categorised as social engineering attacks. Following an increase in the frequency and ingenuity of attacks launched against hospitals and clinical environments with the intention of causing service disruption, there is a strong need to study the level of awareness programmes and training activities offered to the staff by healthcare organisations. Objective: The objective of this systematic review is to identify commonly encountered factors that cybersecurity postures of a healthcare organisation, resulting from the ignorance of cyber threat to healthcare. The systematic review aims to consolidate the current literature being reported upon human behaviour resulting in security gaps that mitigate the cyber defence strategy adopted by healthcare organisations. Additionally, the paper also reviews the organisational risk assessment methodology implemented and the policies being adopted to strengthen cybersecurity. Methods: The topic of cybersecurity within healthcare and the clinical environment has attracted the interest of several researchers, resulting in a broad range of literature. The inclusion criteria for the articles in the review stem from the scope of the five research questions identified. To this end, we conducted seven search queries across three repositories, namely (i) PubMed®/MED-LINE; (ii) Cumulative Index to Nursing and Allied Health Literature (CINAHL); and (iii) Web of Science (WoS), using key words related to cybersecurity awareness, training, organisation risk assessment methodologies, policies and recommendations adopted as counter measures within health care. These were restricted to around the last 12 years. Results: A total of 70 articles were selected to be included in the review, which addresses the complexity of cybersecurity measures adopted within the healthcare and clinical environments. The articles included in the review highlight the evolving nature of cybersecurity threats stemming from exploiting IT infrastructures to more advanced attacks launched with the intent of exploiting human vulnerability. A steady increase in the literature on the threat of phishing attacks evidences the growing threat of social engineering attacks. As a countermeasure, through the review, we identified articles that provide methodologies resulting from case studies to promote cybersecurity awareness among stakeholders. The articles included highlight the need to adopt cyber hygiene practices among healthcare professionals while accessing social media platforms, which forms an ideal test bed for the attackers to gain insight into the life of healthcare professionals. Additionally, the review also includes articles that present strategies adopted by healthcare organisations in countering the impact of social engineering attacks. The evaluation of the cybersecurity risk assessment of an organisation is another key area of study reported in the literature that recommends the organisation of European and international standards in countering social engineering attacks. Lastly, the review includes articles reporting on national case studies with an overview of the economic and societal impact of service disruptions encountered due to cyberattacks. Discussion: One of the limitations of the review is the subjective ranking of the authors associated to the relevance of literature to each of the research questions identified. We also acknowledge the limited amount of literature that focuses on human factors of cybersecurity in health care in general; therefore, the search queries were formulated using well-established cybersecurity related topics categorised according to the threats, risk assessment and organisational strategies reported in the literature.

show abstract

Section: Resultsmentioning

confidence: 99%

Influence of Human Factors on Cyber Security within Healthcare Organisations: A Systematic Review

Nifakos

Chandramouli

Nikolaou

et al. 2021

Sensors

View full text Add to dashboard Cite

show abstract

“…In particular, researches have investigated the users' gaze behaviors and attention when reading Uniform Resource Locators (URLs) [3], phishing webs [15], and phishing email [16]- [18]. These works illustrate the users' visual processing of phishing contents [3], [15], [17], [19] and the effects of visual aids [18]. The authors in [15] further establish correlations between eye movements and phishing identification to estimate the likelihood that users may fall victim to phishing attacks.…”

Section: B Counterdeception Technologiesmentioning

confidence: 99%

“…Therefore, we need to compress the sensory outcomes and remove the information that hardly contributes to attention evaluation and phishing recognition. Previous works [3], [15], [17] have identified the role of Areas of Interest (AoIs) in helping human users recognize phishing. Thus, we aggregate the potential gaze locations (i.e., pixels of the email area) into a finite number of I AoIs that include the email address, the subject line, the addressee, attachments, hyperlinks, and the phishing indicators such as misspellings and grammar mistakes.…”

Section: Attention Enhancement Mechanismmentioning

confidence: 99%

“…Previous works, e.g., [17], [19], have defined attention metrics based on the AoIs, e.g., the proportion of time spent on each AOI, gaze duration means, fixation count, and average duration. Compared to these low-level metrics extracted directly from eye-gaze data, we propose systemlevel attention metrics based on the sufficient statistics, e.g., v k (t), of the eye-gaze data [s t ] t∈[0,T ] , which preserve the user privacy.…”

Section: Attention Evaluation and Visual-aid Designmentioning

confidence: 99%

See 1 more Smart Citation

ADVERT: An Adaptive and Data-Driven Attention Enhancement Mechanism for Phishing Prevention

Huang,

Jia,

Balcetis

et al. 2021

Preprint

View full text Add to dashboard Cite

Deceptive attacks exploiting the innate and the acquired vulnerabilities of human users have posed severe threats to information and infrastructure security. This work proposes INADVERT, a systematic solution that generates interactive visual aids in real-time to prevent users from inadvertence and counter visual-deception attacks. Based on the eye-tracking outcomes and proper data compression, the INADVERT platform automatically adapts the visual aids to the user's varying attention status captured by the gaze location and duration. We extract system-level metrics to evaluate the user's average attention level and characterize the magnitude and frequency of the user's mind-wandering behaviors. These metrics contribute to an adaptive enhancement of the user's attention through reinforcement learning.To determine the optimal hyper-parameters in the attention enhancement mechanism, we develop an algorithm based on Bayesian optimization to efficiently update the design of the INADVERT platform and maximize the accuracy of the users' phishing recognition.

show abstract

“…Tracking the point of gaze as a window to the internal state of the human mind is a key requirement in cognitive tasks, where it is important to control the attention of human subjects. This application has been the focus of classic studies ( Yarbus, 1967 ), and more recently, the approach has been used not only as a clinical tool to detect neurological and neuropsychiatric disorders by studying the patients’ gaze patterns ( Adhikari and Stark, 2017 ), but also has been shown to be useful in every-day applications, such as analyzing the trustworthiness of phishing emails ( McAlaney and Hills, 2020 ). While there are different existing technologies to eye tracking on the market, an affordable and practical technology is still missing, limiting the use of this technique to a broader audience.…”

Section: Introductionmentioning

confidence: 99%

A Deep Learning-Based Approach to Video-Based Eye Tracking for Human Psychophysics

Zdarsky

Treue

Esghaei

2021

Front. Hum. Neurosci.

View full text Add to dashboard Cite

Real-time gaze tracking provides crucial input to psychophysics studies and neuromarketing applications. Many of the modern eye-tracking solutions are expensive mainly due to the high-end processing hardware specialized for processing infrared-camera pictures. Here, we introduce a deep learning-based approach which uses the video frames of low-cost web cameras. Using DeepLabCut (DLC), an open-source toolbox for extracting points of interest from videos, we obtained facial landmarks critical to gaze location and estimated the point of gaze on a computer screen via a shallow neural network. Tested for three extreme poses, this architecture reached a median error of about one degree of visual angle. Our results contribute to the growing field of deep-learning approaches to eye-tracking, laying the foundation for further investigation by researchers in psychophysics or neuromarketing.

show abstract

Understanding Phishing Email Processing and Perceived Trustworthiness Through Eye Tracking

Cited by 19 publications

References 26 publications

Influence of Human Factors on Cyber Security within Healthcare Organisations: A Systematic Review

Influence of Human Factors on Cyber Security within Healthcare Organisations: A Systematic Review

ADVERT: An Adaptive and Data-Driven Attention Enhancement Mechanism for Phishing Prevention

A Deep Learning-Based Approach to Video-Based Eye Tracking for Human Psychophysics

Contact Info

Product

Resources

About