The Community for Technology Leaders
Green Image
Issue No. 02 - March/April (2012 vol. 10)
ISSN: 1540-7993
pp: 24-32
M. Angela Sasse , University College London
Iacovos Kirlappos , University College London
ABSTRACT
User education must focus on challenging and correcting the misconceptions that guide current user behavior. To date, user education on phishing has tried to persuade them to check URLs and a number of other indicators, with limited success. The authors evaluate a novel antiphishing tool in a realistic setting—participants had to buy tickets under time pressure and lost money if they bought from bad sites. Although none of the participants bought from sites the tool clearly identified as bad, 40 percent risked money with sites flagged as potentially risky, but offering bargains. When tempted by a good deal, participants didn't focus on the warnings; rather, they looked for signs they thought confirmed a site's trustworthiness.
INDEX TERMS
Security, electronic commerce, computers and society, management of computing and information systems
CITATION
M. Angela Sasse, Iacovos Kirlappos, "Security Education against Phishing: A Modest Proposal for a Major Rethink", IEEE Security & Privacy, vol. 10, no. , pp. 24-32, March/April 2012, doi:10.1109/MSP.2011.179
345 ms
(Ver )