Towards An Assessment of Audio and Visual Alerts and Warnings to Mitigate Risk of Phishing Emails Susceptibility

Start Date

12-10-2019 11:30 AM

End Date

12-10-2019 11:55 AM

Location

KSU Center Rm 400

Abstract

Phishing attacks target significant volume of Americans per year, and costs American organizations in the millions of dollars annually. Phishing is a cyber-attack using social engineering. Social engineering is the psychological manipulation of individuals in order to gain access to computer system(s) that the attacker is not authorized to use. Phishing can be presented in many ways: an email, link, website, text message, and other means. Phishing emails present a threat to both personal and organizational data loss. About 94% of cybersecurity incidents are due to phishing and/or social engineering. Significant volume of prior literature documented that end users are continuing to click on phishing links in emails, even after phishing awareness training, and it appears that there is a strong need for creative ways to warn and alert end users to signs of phishing in emails. Understanding a more aware state of mind, ‘System 2 Thinking Mode’ (S2), describes an individual in a more aware and alert state that s/he can utilize when making important decisions. End users have tendency to be more deliberate with their choices in S2, as opposed to ‘System 1 Thinking Mode’ (S1). S1 is more routine and not as deliberate. Some ways to trigger S2 include audio alerts, visual alerts, and vibrations. Assisting the end user in noticing signs of phishing in emails could possibly be studied through the delivery of audio and visual alerts and warnings. This study proposes to design and develop a method for a phishing alert and warning system that warns and alerts users to the signs of phishing in emails. The main goal of this work-in-progress research is to obtain Subject Matter Experts (SMEs) opinion to develop preliminary ranking of the top 10 signs of phishing in emails, and pair the signs of phishing with corresponding audio and visual warnings to be later used towards a phishing alert and warning system.

Keywords: Phishing, phishing alerting, phishing warning, social engineering, cybersecurity, audio warning in cybersecurity, visual warning in cybersecurity, cyber risk mitigation, phishing emails susceptibility.

Comments

Submitted with reviewer revisions.

This document is currently not available here.

Share

COinS
 
Oct 12th, 11:30 AM Oct 12th, 11:55 AM

Towards An Assessment of Audio and Visual Alerts and Warnings to Mitigate Risk of Phishing Emails Susceptibility

KSU Center Rm 400

Phishing attacks target significant volume of Americans per year, and costs American organizations in the millions of dollars annually. Phishing is a cyber-attack using social engineering. Social engineering is the psychological manipulation of individuals in order to gain access to computer system(s) that the attacker is not authorized to use. Phishing can be presented in many ways: an email, link, website, text message, and other means. Phishing emails present a threat to both personal and organizational data loss. About 94% of cybersecurity incidents are due to phishing and/or social engineering. Significant volume of prior literature documented that end users are continuing to click on phishing links in emails, even after phishing awareness training, and it appears that there is a strong need for creative ways to warn and alert end users to signs of phishing in emails. Understanding a more aware state of mind, ‘System 2 Thinking Mode’ (S2), describes an individual in a more aware and alert state that s/he can utilize when making important decisions. End users have tendency to be more deliberate with their choices in S2, as opposed to ‘System 1 Thinking Mode’ (S1). S1 is more routine and not as deliberate. Some ways to trigger S2 include audio alerts, visual alerts, and vibrations. Assisting the end user in noticing signs of phishing in emails could possibly be studied through the delivery of audio and visual alerts and warnings. This study proposes to design and develop a method for a phishing alert and warning system that warns and alerts users to the signs of phishing in emails. The main goal of this work-in-progress research is to obtain Subject Matter Experts (SMEs) opinion to develop preliminary ranking of the top 10 signs of phishing in emails, and pair the signs of phishing with corresponding audio and visual warnings to be later used towards a phishing alert and warning system.

Keywords: Phishing, phishing alerting, phishing warning, social engineering, cybersecurity, audio warning in cybersecurity, visual warning in cybersecurity, cyber risk mitigation, phishing emails susceptibility.