Home // SECURWARE 2024, The Eighteenth International Conference on Emerging Security Information, Systems and Technologies // View article
Authors:
Meret Kristen
Fabian Engl
Jürgen Mottok
Keywords: Phishing; Security Awareness; Eye-Tracking; IT-Security; Usability and UX.
Abstract:
Phishing remains a significant threat to organizational security, necessitating effective countermeasures. This paper presents findings from an in-depth eye-tracking study with 103 participants, evaluating the effectiveness of phishing awareness tools and trainings. The study examines how a phishing awareness system influences user behavior, efficiency, and the ability to identify phishing attempts. By analyzing eye movements, the study reveals real-time interactions and oversights, providing insights into the decision-making process. Results indicate that while the system improves the efficiency of users already proficient in phishing detection, it does not universally enhance recognition rates. Notably, participants using the tool spent significantly less time looking at attachment-related phishing markers, indicating partial efficiency improvements. Since phishing attempts containing suspicious attachments were successful in 19% of cases, as compared to an overall phishing success rate of 15%, the phishing awareness tool is particularly useful here. A usability evaluation revealed that users reporting a higher perceived usability score profited more from the help of the tool. Additionally, no improvement in phishing detection rates was observed in users who had completed prior IT-security training, highlighting the necessity for a paradigm shift in phishing training to adequately prepare users for phishing attempts.
Pages: 71 to 80
Copyright: Copyright (c) IARIA, 2024
Publication date: November 3, 2024
Published in: conference
ISSN: 2162-2116
ISBN: 978-1-68558-206-7
Location: Nice, France
Dates: from November 3, 2024 to November 7, 2024