Abstract
AbstractThis paper reports the findings from an empirical study investigating the effectiveness of using intelligent voice assistants, Amazon Alexa in our case, to deliver a phishing training to users. Because intelligent voice assistants can hardly utilize visual cues but provide for convenient interaction with users, we developed an interaction-based phishing training focused on the principles of persuasion with examples on how to look for them in phishing emails. To test the effectiveness of this training, we conducted a between-subject study where 120 participants were randomly assigned in three groups: no training, interaction-based training with Alexa, and a facts-and-advice training and assessed a vignette of 28 emails. The results show that the participants in the interaction-based group statistically outperformed the others when detecting phishing emails that employed the following persuasion principles (and/or combinations of): authority, authority/scarcity, commitment, commitment/liking, and scarcity/liking. The paper discusses the implication of this result for future phishing training and anti-phishing efforts.
Publisher
Springer Science and Business Media LLC
Subject
Computer Science Applications,Signal Processing
Reference31 articles.
1. H. Hu, G. Wang, in 27th USENIX Security Symposium (USENIX Security 18). End-to-End Measurements of Email Spoofing Attacks (USENIX Association, Baltimore, 2018), pp. 1095–1112. https://www.usenix.org/conference/usenixsecurity18/presentation/hu
2. S. Egelman, L.F. Cranor, J. Hong, in Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. You’ve Been Warned: An Empirical Study of the Effectiveness of Web Browser Phishing Warnings (Association for Computing Machinery, New York, 2008), CHI ’08, p. 1065–1074. https://doi.org/10.1145/1357054.1357219
3. Z.A. Wen, Z. Lin, R. Chen, E. Andersen, in Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems. What.Hack: Engaging Anti-Phishing Training Through a Role-playing Phishing Simulation Game (ACM, New York, 2019), CHI ’19, pp. 108:1–108:12. https://doi.org/10.1145/3290605.3300338
4. C. Bravo-Lillo, S. Komanduri, L.F. Cranor, R.W. Reeder, M. Sleeper, J. Downs, S. Schechter, in Proceedings of the Ninth Symposium on Usable Privacy and Security. Your Attention Please: Designing Security-Decision UIs to Make Genuine Risks Harder to Ignore (Association for Computing Machinery, New York, 2013), SOUPS ’13. https://doi.org/10.1145/2501604.2501610
5. R. Wash, M.M. Cooper, in Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems. Who Provides Phishing Training? Facts, Stories, and People Like Me (Association for Computing Machinery, New York, 2018), CHI ’18. https://doi.org/10.1145/3173574.3174066
Cited by
2 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Exploring the evidence for email phishing training: A scoping review;Computers & Security;2024-04
2. A Survey on the Principles of Persuasion as a Social Engineering Strategy in Phishing;2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom);2023-11-01