Shakthidhar Reddy Gopavaram (Indiana University), Jayati Dev (Indiana University), Marthie Grobler (CSIRO’s Data61), DongInn Kim (Indiana University), Sanchari Das (University of Denver), L. Jean Camp (Indiana University)

Phishing is a ubiquitous global problem that is both the simple crime of theft of authenticating information and the first step in advanced persistent attack chains. Despite receiving worldwide attention and investments in targeted anti-phishing campaigns, a large proportion of people are still vulnerable to phishing. This is not only due to the evolution of phishing attacks, but also due to the diversity of those exposed to phishing attacks in terms of demographics, jurisdiction, and technical expertise. To explore phishing resilience, we conducted a cross-national study to identify demographic and other factors that might have an impact on phishing resilience across nations. Specifically, we recruited 250 participants from the United States, Australia, New Zealand, Canada, and the United Kingdom to observe their responses to phishing websites in a simulated environment. We identified how factors including demographics, knowledge, skills, website familiarity, and self-reported risk assessment behaviors relate to efficacy in phishing detection. While participants’ phishing knowledge, familiarity with the target website, and their reported use of the lock icon as a phishing indicator increases participants’ probability of correctly identifying a legitimate website, we found that these factors did not specifically make them more resilient to phishing attacks. Our results further show that computer expertise has a significant positive impact on phishing resilience and that increased age correlates with the probability of misconstruing a phishing site as legitimate. These findings were applicable across all five countries in our study.

View More Papers

Polypyus – The Firmware Historian

Jan Friebertshauser, Florian Kosterhon, Jiska Classen, Matthias Hollick (Secure Mobile Networking Lab, TU Darmstad)

Read More

A First Look at Scams on YouTube

Elijah Bouma-Sims, Bradley Reaves (North Carolina State University)

Read More

V2X Security: Status and Open Challenges

Jonathan Petit (Director Of Engineering at Qualcomm Technologies) Dr. Jonathan Petit is Director of Engineering at Qualcomm Technologies, Inc., where...

Read More

Refining Indirect Call Targets at the Binary Level

Sun Hyoung Kim (Penn State), Cong Sun (Xidian University), Dongrui Zeng (Penn State), Gang Tan (Penn State)

Read More