Can We Fight Social Engineering Attacks By Social Means? Assessing Social Salience as a Means to Improve Phish Detection

Nicholson, James, Coventry, Lynne and Briggs, Pamela (2017) Can We Fight Social Engineering Attacks By Social Means? Assessing Social Salience as a Means to Improve Phish Detection. In: Symposium on Usable Privacy and Security (SOUPS) 2017, 12th - 14th July 2017, Santa Clara, CA, USA. (In Press)

[img]
Preview
Text (Full text)
Nicholson et al - Can We Fight Social Engineering Attacks By Social Means.pdf - Accepted Version

Download (2MB) | Preview

Abstract

Phishing continues to be a problem for both individuals and organisations, with billions of dollars lost every year. We propose the use of nudges – more specifically social saliency nudges that aim to highlight important information to the user when evaluating emails. We used a signal detection analysis to assess the effects of both sender saliency (highlighting important fields from the sender) and receiver saliency (showing numbers of other users in receipt of the same email). Sender saliency improved phish detection but did not introduce any unwanted response bias. Users were asked to rate their confidence in their own judgements and these confidence scores were poorly calibrated with actual performance, particularly for phishing (as opposed to genuine) emails. We also examined the role of impulsive behaviour on phish detection, concluding that those who score highly on dysfunctional impulsivity are less likely to detect the presence of phishing emails.

Item Type: Conference or Workshop Item (Paper)
Subjects: C800 Psychology
G900 Others in Mathematical and Computing Sciences
Department: Faculties > Health and Life Sciences > School of Life Sciences > Psychology
Related URLs:
Depositing User: James Nicholson
Date Deposited: 26 May 2017 12:13
Last Modified: 13 Jul 2017 09:34
URI: http://nrl.northumbria.ac.uk/id/eprint/30862

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics


Policies: NRL Policies | NRL University Deposit Policy | NRL Deposit Licence