Nikolas Pilavakis, Adam Jenkins, Nadin Kokciyan, Kami Vaniea (University of Edinburgh)

When people identify potential malicious phishing emails one option they have is to contact a help desk to report it and receive guidance. While there is a great deal of effort put into helping people identify such emails and to encourage users to report them, there is relatively little understanding of what people say or ask when contacting a help desk about such emails. In this work, we qualitatively analyze a random sample of 270 help desk phishing tickets collected across nine months. We find that when reporting or asking about phishing emails, users often discuss evidence they have observed or gathered, potential impacts they have identified, actions they have or have not taken, and questions they have. Some users also provide clear arguments both about why the email really is phishing and why the organization needs to take action about it.

View More Papers

Work in Progress: A Comparative Long-Term Study of Fallback...

Philipp Markert, Maximilian Golla (Ruhr University Bochum); Elizabeth Stobert (National Research Council of Canada); Markus Dürmuth (Ruhr University Bochum)

Read More

Adventures in Wonderland: Automotive Cyber beyond the CAN Bus

Michael Westra (In-Vehicle Cyber Security Technical Manager, Ford)

Read More

Thwarting Smartphone SMS Attacks at the Radio Interface Layer

Haohuang Wen (Ohio State University), Phillip Porras (SRI International), Vinod Yegneswaran (SRI International), Zhiqiang Lin (Ohio State University)

Read More

RoVISQ: Reduction of Video Service Quality via Adversarial Attacks...

Jung-Woo Chang (University of California San Diego), Mojan Javaheripi (University of California San Diego), Seira Hidano (KDDI Research, Inc.), Farinaz...

Read More