Eyes on the Phish(er): Towards Understanding Users' Email Processing Pattern and Mental Models in Phishing Detection
0
Sign in to get full access
Overview
- Researchers examined how users process and detect phishing emails
- Conducted eye-tracking experiments to understand users' visual attention and mental models
- Identified key indicators that influenced users' phishing detection abilities
Plain English Explanation
The researchers in this study wanted to understand how people identify and detect phishing emails. They conducted experiments where they tracked people's eye movements as they looked at emails to see what parts of the emails they focused on. This helped the researchers understand the mental processes and "mental models" people use when deciding if an email is real or a phishing attempt.
The key findings from this research include identifying specific indicators that influence people's ability to spot phishing emails, such as the sender's email address, the content of the email, and visual cues. The researchers also found that people's past experiences and expectations about what a legitimate email should look like play a big role in their ability to detect phishing attempts.
By understanding these mental models and attention patterns, the researchers hope to develop better ways to train people to recognize phishing emails and protect themselves from these types of online scams.
Technical Explanation
The researchers conducted a series of eye-tracking experiments to study how users process and detect phishing emails. Participants were shown a mix of legitimate and phishing emails while their eye movements were recorded. This allowed the researchers to see what parts of the emails users focused on and for how long.
The analysis of the eye-tracking data revealed several key phishing indicators that influenced users' ability to detect phishing attempts. These included the sender's email address, the content and tone of the email, and visual cues like logos and formatting.
The researchers also found that users' past experiences and mental models about what a legitimate email should look like played a significant role in their phishing detection abilities. Users tended to focus more on areas of the email that matched their expectations, and were less likely to scrutinize areas that seemed consistent with a real message.
By understanding these cognitive processes, the researchers hope to develop more effective phishing awareness training and phishing detection systems that can better account for how users actually engage with and interpret emails.
Critical Analysis
The researchers acknowledge several limitations in their study. The experiments were conducted in a controlled lab setting, which may not fully capture the real-world context and distractions users face when processing emails. Additionally, the sample size, while typical for eye-tracking studies, may not be representative of the broader population.
The researchers also note that their findings are based on a single interaction with each email, whereas in practice users may revisit messages or receive follow-up communications that could shape their overall assessment. Further research is needed to understand how users' phishing detection evolves over time and across multiple interactions.
It would also be valuable to explore how factors like email visual similarity and the use of personalization or social engineering tactics influence users' mental models and attention patterns. Incorporating these additional variables could lead to a more comprehensive understanding of phishing susceptibility.
Conclusion
This study provides valuable insights into the cognitive processes and mental models that users employ when detecting phishing emails. By identifying key indicators that influence phishing susceptibility, the researchers have laid the groundwork for developing more effective phishing awareness training and detection systems.
However, further research is needed to account for the real-world complexity and evolving nature of phishing attacks. Expanding the scope of this work to consider additional factors and longitudinal user interactions could lead to a deeper understanding of how to best protect individuals and organizations from these persistent online threats.
This summary was produced with help from an AI and may contain inaccuracies - check out the links to read the original source documents!
Related Papers
0
Eyes on the Phish(er): Towards Understanding Users' Email Processing Pattern and Mental Models in Phishing Detection
Sijie Zhuo, Robert Biddle, Jared Daniel Recomendable, Giovanni Russello, Danielle Lottridge
Phishing emails typically masquerade themselves as reputable identities to trick people into providing sensitive information and credentials. Despite advancements in cybersecurity, attackers continuously adapt, posing ongoing threats to individuals and organisations. While email users are the last line of defence, they are not always well-prepared to detect phishing emails. This study examines how workload affects susceptibility to phishing, using eye-tracking technology to observe participants' reading patterns and interactions with tailored phishing emails. Incorporating both quantitative and qualitative analysis, we investigate users' attention to two phishing indicators, email sender and hyperlink URLs, and their reasons for assessing the trustworthiness of emails and falling for phishing emails. Our results provide concrete evidence that attention to the email sender can reduce phishing susceptibility. While we found no evidence that attention to the actual URL in the browser influences phishing detection, attention to the text masking links can increase phishing susceptibility. We also highlight how email relevance, familiarity, and visual presentation impact first impressions of email trustworthiness and phishing susceptibility.
Read more9/14/2024
🔎
0
A Quantitative Study of SMS Phishing Detection
Daniel Timko, Daniel Hernandez Castillo, Muhammad Lutfor Rahman
With the booming popularity of smartphones, threats related to these devices are increasingly on the rise. Smishing, a combination of SMS (Short Message Service) and phishing has emerged as a treacherous cyber threat used by malicious actors to deceive users, aiming to steal sensitive information, money or install malware on their mobile devices. Despite the increase in smishing attacks in recent years, there are very few studies aimed at understanding the factors that contribute to a user's ability to differentiate real from fake messages. To address this gap in knowledge, we have conducted an online survey on smishing detection with 187 participants. In this study, we presented them with 16 SMS screenshots and evaluated how different factors affect their decision making process in smishing detection. Next, we conducted a post-survey to garner information on the participants' security attitudes, behavior and knowledge. Our results highlighted that attention and security behavioral scores had a significant impact on participants' accuracy in identifying smishing messages. We found that participants had more difficulty identifying real messages from fake ones, with an accuracy of 67.1% with fake messages and 43.6% with real messages. Our study is crucial in developing proactive strategies to encounter and mitigate smishing attacks. By understanding what factors influence smishing detection, we aim to bolster users' resilience against such threats and create a safer digital environment for all.
Read more5/31/2024
💬
0
Large Language Models Spot Phishing Emails with Surprising Accuracy: A Comparative Analysis of Performance
Het Patel, Umair Rehman, Farkhund Iqbal
Phishing, a prevalent cybercrime tactic for decades, remains a significant threat in today's digital world. By leveraging clever social engineering elements and modern technology, cybercrime targets many individuals, businesses, and organizations to exploit trust and security. These cyber-attackers are often disguised in many trustworthy forms to appear as legitimate sources. By cleverly using psychological elements like urgency, fear, social proof, and other manipulative strategies, phishers can lure individuals into revealing sensitive and personalized information. Building on this pervasive issue within modern technology, this paper aims to analyze the effectiveness of 15 Large Language Models (LLMs) in detecting phishing attempts, specifically focusing on a randomized set of 419 Scam emails. The objective is to determine which LLMs can accurately detect phishing emails by analyzing a text file containing email metadata based on predefined criteria. The experiment concluded that the following models, ChatGPT 3.5, GPT-3.5-Turbo-Instruct, and ChatGPT, were the most effective in detecting phishing emails.
Read more6/10/2024
0
Phishing Website Detection through Multi-Model Analysis of HTML Content
Furkan c{C}olhak, Mert .Ilhan Ecevit, Bilal Emir Uc{c}ar, Reiner Creutzburg, Hasan Dau{g}
The way we communicate and work has changed significantly with the rise of the Internet. While it has opened up new opportunities, it has also brought about an increase in cyber threats. One common and serious threat is phishing, where cybercriminals employ deceptive methods to steal sensitive information.This study addresses the pressing issue of phishing by introducing an advanced detection model that meticulously focuses on HTML content. Our proposed approach integrates a specialized Multi-Layer Perceptron (MLP) model for structured tabular data and two pretrained Natural Language Processing (NLP) models for analyzing textual features such as page titles and content. The embeddings from these models are harmoniously combined through a novel fusion process. The resulting fused embeddings are then input into a linear classifier. Recognizing the scarcity of recent datasets for comprehensive phishing research, our contribution extends to the creation of an up-to-date dataset, which we openly share with the community. The dataset is meticulously curated to reflect real-life phishing conditions, ensuring relevance and applicability. The research findings highlight the effectiveness of the proposed approach, with the CANINE demonstrating superior performance in analyzing page titles and the RoBERTa excelling in evaluating page content. The fusion of two NLP and one MLP model,termed MultiText-LP, achieves impressive results, yielding a 96.80 F1 score and a 97.18 accuracy score on our research dataset. Furthermore, our approach outperforms existing methods on the CatchPhish HTML dataset, showcasing its efficacies.
Read more7/11/2024