Phishing emails present a threat to both personal and organizational data. Phishing is a cyber-attack using social engineering. About 94% of cybersecurity incidents are due to phishing and/or social engineering. A significant volume of prior literature documented that users are continuing to click on phishing links in emails, even after phishing awareness training. It appears there is a strong need for creative ways to alert and warn users to signs of phishing in emails.
The main goal of the experiments in this study was to measure participants’ time for recognizing signs of phishing in emails, thus, reducing susceptibility to phishing in emails on mobile devices. This study included three phases. The first phase included 32 Subject Matter Experts (SMEs) that provided feedback on the top signs of phishing in emails, audio/visual/haptic pairings with the signs of phishing, and developmental constructs toward a phishing alert and warning system. The second phase included a pilot study with five participants to validate a phishing alert and warning system prototype. The third phase included delivery of the Phishing Alert and Warning System, (PAWS Mobile App™) with 205 participants.
The results of the first phase aligned the constructs for the alert and warning system. A female voice-over warning was chosen by the SMEs as well as visual icon alerts for the top signs of phishing in emails. This study designed, developed, as well as empirically tested the PAWS Mobile App, that alerted and warned participants to the signs of phishing in emails on mobile devices. PAWS displayed a randomized series of 20 simulated emails to participants with varying displays of either no alerts and warnings, or a combination of alerts and warnings. The results indicated audio alerts and visual warnings potentially lower phishing susceptibility in emails. Audio and visual warnings appeared to have assisted the study participants in noticing phishing emails more easily, and in less time than without audio and visual warnings. The results of this study also indicated alerts and warnings assisted participants in noticing distinct signs of phishing in the simulated phishing emails viewed. This study implicates phishing email alerts and warnings applied and configured to email applications may play a significant role in the reduction of phishing susceptibility.
|Commitee:||Dringus, Laurie, Wang, Ling|
|School:||Nova Southeastern University|
|Department:||Information Assurance (DIA)|
|School Location:||United States -- Florida|
|Source:||DAI-B 82/2(E), Dissertation Abstracts International|
|Subjects:||Information Technology, Computer Engineering|
|Keywords:||Cyber alerts, Cyber threat mitigation, Cyber warnings, Cybersecurity, Phishing, Social engineering|
Copyright in each Dissertation and Thesis is retained by the author. All Rights Reserved
The supplemental file or files you are about to download were provided to ProQuest by the author as part of a
dissertation or thesis. The supplemental files are provided "AS IS" without warranty. ProQuest is not responsible for the
content, format or impact on the supplemental file(s) on our system. in some cases, the file type may be unknown or
may be a .exe file. We recommend caution as you open such files.
Copyright of the original materials contained in the supplemental file is retained by the author and your access to the
supplemental files is subject to the ProQuest Terms and Conditions of use.
Depending on the size of the file(s) you are downloading, the system may take some time to download them. Please be