Home // International Journal On Advances in Security, volume 18, numbers 1 and 2, 2025 // View article
Authors:
Fabian Engl
Meret Kristen
Juergen Mottok
Keywords: Phishing; Security Awareness; Eye-Tracking; IT-Security; Usability and UX
Abstract:
This paper builds upon a previous study that analyzed phishing detection using eye-tracking data from 103 participants tasked with classifying 18 emails. Additionally, a phishing awareness system (PAS) was introduced, highlighting relevant information for half of the participants. While the original analysis found no significant improvements in detection effectiveness, the eye-tracking data did reveal that participants using the supportive software spent less time examining key phishing indicators. Expanding on these findings, this work incorporates further questionnaire data and a more advanced Area of Interest (AoI) analysis to provide deeper insights. The results indicate that demographic factors such as age, gender, and education have no significant impact on phishing detection. However, industry sectors and weekly screen time did influence performance, particularly in terms of the time required for classification. A qualitative eye movement analysis further revealed distinct AoI hit patterns between participants who correctly classified all emails and those who misclassified more. Additionally, gaze behavior varied based on participants' usability and user experience ratings of the supportive software, highlighting a potential impact for specific user groups, when it comes to phishing detection efficiency.
Pages: 61 to 76
Copyright: Copyright (c) to authors, 2025. Used with permission.
Publication date: June 30, 2025
Published in: journal
ISSN: 1942-2636