Issue No. 02 - March/April (2012 vol. 10)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2011.179
M. Angela Sasse , University College London
Iacovos Kirlappos , University College London
User education must focus on challenging and correcting the misconceptions that guide current user behavior. To date, user education on phishing has tried to persuade them to check URLs and a number of other indicators, with limited success. The authors evaluate a novel antiphishing tool in a realistic setting—participants had to buy tickets under time pressure and lost money if they bought from bad sites. Although none of the participants bought from sites the tool clearly identified as bad, 40 percent risked money with sites flagged as potentially risky, but offering bargains. When tempted by a good deal, participants didn't focus on the warnings; rather, they looked for signs they thought confirmed a site's trustworthiness.
Security, electronic commerce, computers and society, management of computing and information systems
M. Angela Sasse, Iacovos Kirlappos, "Security Education against Phishing: A Modest Proposal for a Major Rethink", IEEE Security & Privacy, vol. 10, no. , pp. 24-32, March/April 2012, doi:10.1109/MSP.2011.179