Understanding Security Behavior of Real Users: Analysis of a Phishing Study
Files
Date
2021-01-05
Contributor
Advisor
Department
Instructor
Depositor
Speaker
Researcher
Consultant
Interviewer
Narrator
Transcriber
Annotator
Journal Title
Journal ISSN
Volume Title
Publisher
Volume
Number/Issue
Starting Page
7163
Ending Page
Alternative Title
Abstract
This paper presents a set of statistical analyses on an empirical study of phishing email sorting by real online users. Participants were assigned to multitasking and/or incentive conditions in unattended web-based tasks that are the most realistic in any comparable study to date. Our three stages of analyses included logistic regression models to identify individual phishing “cues” contributing to successful classifications, statistical significance tests assessing the links between participants’ training experience and self-assessments of success to their actual performance, significance tests searching for significant demographic factors influencing task completion performance, and lastly k-means clustering based on a range of performance measures and utilizing participants’ demographic attributes. In particular, the results indicate that multitasking and incentives create complex dynamics while demographic traits and cybersecurity training can be informative predictors of user security behavior. These findings strongly support the benefits of security training and education and advocate for customized and differentiated interventions to increase users’ success of correctly identifying phishing emails.
Description
Keywords
Security and Privacy Aspects of Human-Computer-Interactions, demographic analysis, empirical study, phishing, security, user behavior
Citation
Extent
10 pages
Format
Geographic Location
Time Period
Related To
Proceedings of the 54th Hawaii International Conference on System Sciences
Related To (URI)
Table of Contents
Rights
Attribution-NonCommercial-NoDerivatives 4.0 International
Rights Holder
Local Contexts
Email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.