I discuss a range of human factors issues for cybersecurity, in particular cybersecurity awareness and education. Topics include mental models, user interfaces, and simulated attacks.
On the left is Nissan Maxima gear shift. It turns out my brother was driving in 3 rd gear for over a year before I pointed out to him that 3 and D are separate. The older Nissan Maxima gear shift on the right makes it hard to make this mistake.
These findings led us to think about how to educate and train people about phishing attacks…
http://news.cnet.com/21007350_361252132.html
These findings led us to think about how to educate and train people about phishing attacks…
These findings led us to think about how to educate and train people about phishing attacks…
ASSUME THAT THIS IS YOUR EMAIL INBOX AND AMONG OTHER EMAILS.. YOU THIS EMAIL FROM AMAZON THAT JUST LOOKS LIKE THE LEGITIMATE EMAIL FROM AMAZON. WHEN YOU OPEN THE EMAIL ….
YOU WILL SEE THIS.. WHICH LOOKS LEGITIMATE.. AND WITH THE DATA THAT WE HAVE .. WE KNOW THAT MOST OF THE USERS WILL CLICK ON THE LINK.. WHEN THEY CLICK ON THE LINK THEY WILL SEE ….
P. Kumaraguru et al. Protecting People from Phishing: The Design and Evaluation of an Embedded Training Email System. CHI 2007. P. Kumaraguru et al. Getting Users to Pay Attention to Anti-Phishing Education: Evaluation of Retention and Transfer . eCrime 2007.
Our evaluation of several blacklists show they catch ~80% of phish after 24 hours, not very good in first few hours Also only catch “shotgun phish” rather than spear-phish
S. Egelman, L. Cranor, and J. Hong. You've Been Warned: An Empirical Study of the Effectiveness of Web Browser Phishing Warnings. CHI 2008.