| 1. |
- Canova, Gamze, et al.
(author)
-
NoPhish App Evaluation : Lab and Retention Study
- 2015
-
In: NDSS Workshop on Usable Security 2015.
-
Conference paper (peer-reviewed)abstract
- Phishing is a prevalent issue of today’s Internet. Previous approaches to counter phishing do not draw on a crucial factor to combat the threat - the users themselves. We believe user education about the dangers of the Internet is a further key strategy to combat phishing. For this reason, we developed an Android app, a game called –NoPhish–, which educates the user in the detection of phishing URLs. It is crucial to evaluate NoPhish with respect to its effectiveness and the users’ knowledge retention. Therefore, we conducted a lab study as well as a retention study (five months later). The outcomes of the studies show that NoPhish helps users make better decisions with regard to the legitimacy of URLs immediately after playing NoPhish as well as after some time has passed. The focus of this paper is on the description and the evaluation of both studies. This includes findings regarding those types of URLs that are most difficult to decide on as well as ideas to further improve NoPhish.
|
|
| 2. |
- Kulyk, Oksana, et al.
(author)
-
Advancing Trust Visualisations for Wider Applicability and User Acceptance
- 2017
-
In: Trustcom/BigDataSE/ICESS, 2017 IEEE. - Piscataway : IEEE. - 9781509049066 - 9781509049073 ; , s. 562-569
-
Conference paper (peer-reviewed)abstract
- There are only a few visualisations targeting the communication of trust statements. Even though there are some advanced and scientifically founded visualisations-like, for example, the opinion triangle, the human trust interface, and T-Viz-the stars interface known from e-commerce platforms is by far the most common one. In this paper, we propose two trust visualisations based on T-Viz, which was recently proposed and successfully evaluated in large user studies. Despite being the most promising proposal, its design is not primarily based on findings from human-computer interaction or cognitive psychology. Our visualisations aim to integrate such findings and to potentially improve decision making in terms of correctness and efficiency. A large user study reveals that our proposed visualisations outperform T-Viz in these factors
|
|
| 3. |
|
|
| 4. |
- Kulyk, Oksana, et al.
(author)
-
Sharing Information with Web Services : A Mental Model Approach in the Context of Optional Information
- 2017
-
In: Human Aspects of Information Security, Privacy and Trust. - Cham : Springer. ; , s. 675-690
-
Conference paper (peer-reviewed)abstract
- Web forms are a common way for web service providers to collect data from their users. Usually, the users are asked for a lot of information while some items are labeled as optional and others as mandatory. When filling in the web form, users have to decide, which data, often of personal and sensitive nature, they want to share. The factors that influence the decision whether or not to share some information has been studied in the literature in various contexts. However, it is unclear to which extent their results can be transferred to other contexts. In this work we conduct a qualitative user study to verify, whether the reasons for sharing optional information from previous studies [12] are relevant for the context of interacting with a commercial website. We found, that only a few of them were named by the participants of our study.
|
|
| 5. |
- Neumann, Stephan, et al.
(author)
-
Don’t Be Deceived : The Message Might Be Fake
- 2017
-
In: Trust, Privacy and Security in Digital Business, Trustbus 2017. - Cham : Springer. - 9783319644820 - 9783319644837 ; , s. 199-214
-
Conference paper (peer-reviewed)abstract
- In an increasingly digital world, fraudsters, too, exploit this new environment and distribute fraudulent messages that trick victims into taking particular actions. There is no substitute for making users aware of scammers’ favoured techniques and giving them the ability to detect fraudulent messages. We developed an awareness-raising programme, specifically focusing on the needs of small and medium-sized enterprises (SMEs). The programme was evaluated in the field. The participating employees demonstrated significantly improved skills in terms of ability to classify messages as fraudulent or genuine. Particularly with regard to one of the most widespread attack types, namely fraudulent messages with links that contain well-known domains as sub-domains of generic domains, recipients of the programme improved their recognition rates from \(56.6\%\) to \(88\%\). Thus, the developed security awareness-raising programme contributes to improving the security in SMEs.
|
|
| 6. |
- Stockhardt, Simon, et al.
(author)
-
Teaching Phishing-Security: Which Way is Best?
- 2016
-
In: ICT Systems Security and Privacy Protection. - Cham : Springer. - 9783319336299 - 9783319336305 ; , s. 135-149
-
Conference paper (peer-reviewed)
|
|
| 7. |
- Volkamer, Melanie, et al.
(author)
-
Design and Field Evaluation of PassSec : Raising and Sustaining Web Surfer Risk Awareness
- 2015
-
In: Trust and Trustworthy Computing, Trust 2015. - Cham : Springer. - 9783319228464 - 9783319228457 ; , s. 104-122
-
Conference paper (peer-reviewed)abstract
- This paper presents PassSec, a Firefox Add-on that raises user awareness about safe and unsafe password entry while they surf the web. PassSec comprises a two-stage approach: highlighting as the web page loads, then bringing up a just-in-time helpful dialogue when the user demonstrates an intention to enter a password on an unsafe web page. PassSec was developed using a human-centred design approach. We performed a field study with 31 participants that showed that PassSec significantly reduces the number of logins on websites where password entry is unsafe.
|
|
| 8. |
|
|
| 9. |
- Volkamer, Melanie, et al.
(author)
-
User experiences of TORPEDO : TOoltip-powered phishing email DetectiOn
- 2017
-
In: Computers & security (Print). - : Elsevier. - 0167-4048 .- 1872-6208. ; 71, s. 110-113
-
Journal article (peer-reviewed)abstract
- We propose a concept called TORPEDO to improve phish detection by providing just-in-time and just-in-place trustworthy tooltips. These help people to identify phish links embedded in emails. TORPEDO's tooltips contain the actual URL with the domain highlighted. Link activation is delayed for a short period, giving the person time to inspect the URL before they click on a link. Furthermore, TORPEDO provides an information diagram to explain phish detection. We evaluated TORPEDO's effectiveness, as compared to the worst case “status bar” as provided by other Web email interfaces. People using TORPEDO performed significantly better in detecting phishes and identifying legitimate emails (85.17% versus 43.31% correct answers for phish). We then carried out a field study with a number of TORPEDO users to explore actual user experiences of TORPEDO. We conclude the paper by reporting on the outcome of this field study and suggest improvements based on the feedback from the field study participants.
|
|
