Sciweavers

CHI
2008
ACM

You've been warned: an empirical study of the effectiveness of web browser phishing warnings

15 years 25 days ago
You've been warned: an empirical study of the effectiveness of web browser phishing warnings
Many popular web browsers now include active phishing warnings since research has shown that passive warnings are often ignored. In this laboratory study we examine the effectiveness of these warnings and examine if, how, and why they fail users. We simulated a spear phishing attack to expose users to browser warnings. We found that 97% of our sixty participants fell for at least one of the phishing messages that we sent them. However, we also found that when presented with the active warnings, 79% of participants heeded them, which was not the case for the passive warning that we tested--where only one participant heeded the warnings. Using a model from the warning sciences we analyzed how users perceive warning messages and offer suggestions for creating more effective phishing warnings. Author Keywords Phishing, warning messages, mental models, usable privacy and security ACM Classification Keywords
Serge Egelman, Lorrie Faith Cranor, Jason I. Hong
Added 30 Nov 2009
Updated 30 Nov 2009
Type Conference
Year 2008
Where CHI
Authors Serge Egelman, Lorrie Faith Cranor, Jason I. Hong
Comments (0)