Shakthidhar Reddy Gopavaram (Indiana University), Jayati Dev (Indiana University), Marthie Grobler (CSIRO’s Data61), DongInn Kim (Indiana University), Sanchari Das (University of Denver), L. Jean Camp (Indiana University)

Phishing is a ubiquitous global problem that is both the simple crime of theft of authenticating information and the first step in advanced persistent attack chains. Despite receiving worldwide attention and investments in targeted anti-phishing campaigns, a large proportion of people are still vulnerable to phishing. This is not only due to the evolution of phishing attacks, but also due to the diversity of those exposed to phishing attacks in terms of demographics, jurisdiction, and technical expertise. To explore phishing resilience, we conducted a cross-national study to identify demographic and other factors that might have an impact on phishing resilience across nations. Specifically, we recruited 250 participants from the United States, Australia, New Zealand, Canada, and the United Kingdom to observe their responses to phishing websites in a simulated environment. We identified how factors including demographics, knowledge, skills, website familiarity, and self-reported risk assessment behaviors relate to efficacy in phishing detection. While participants’ phishing knowledge, familiarity with the target website, and their reported use of the lock icon as a phishing indicator increases participants’ probability of correctly identifying a legitimate website, we found that these factors did not specifically make them more resilient to phishing attacks. Our results further show that computer expertise has a significant positive impact on phishing resilience and that increased age correlates with the probability of misconstruing a phishing site as legitimate. These findings were applicable across all five countries in our study.

View More Papers

Forward and Backward Private Conjunctive Searchable Symmetric Encryption

Sikhar Patranabis (ETH Zurich), Debdeep Mukhopadhyay (IIT Kharagpur)

Read More

Sn4ke: Practical Mutation Analysis of Tests at Binary Level

Mohsen Ahmadi (Arizona State University), Pantea Kiaei (Worcester Polytechnic Institute), Navid Emamdoost (University of Minnesota)

Read More

HTTPS-Only: Upgrading all connections to https: in Web Browsers

Christoph Kerschbaumer, Julian Gaibler, Arthur Edelstein (Mozilla Corporation), Thyla van der Merwey (ETH Zurich)

Read More