Description
There is some research which explores factors that can help to explain why people fall for phishing attacks. However, there is a lack of research directly assesses the decision making process. This project will assess which features of a phishing message are attended to during the process of deciding whether an e-mail is genuine or fraudulent via direct behavioural measures (eye-tracking). The project will then test whether training changes the way in which e-mails are processed and whether this results in reduced vulnerability to a phishing attack.
Research questions
1. Which aspects of a phishing e-mail are attended to prior to correct/incorrect identification of fraudulent and genuine e-mails?
2. Is it possible to change patterns of attention to minimise vulnerability to phishing attacks via an educational intervention?
Type of research
Experimental research. Note: This project will require direct contact with participants in the laboratory.
Key words
Phishing, cybersecurity, eye-tracking, behavioural measures.
Information
Please contact Steven Watson (s.j.watson@utwente.nl) when you are interested in this assignment.
Literature
Jones, H. S., Towse, J. N., & Race, N. (2015). Susceptibility to email fraud: A review of psychological perspectives, data-collection methods, and ethical considerations. International Journal of Cyber Behavior, Psychology and Learning (IJCBPL), 5(3), 13-29.
Nicholson, J., Coventry, L., & Briggs, P. (2017). Can we fight social engineering attacks by social means? Assessing social salience as a means to improve phish detection. Thirteenth Symposium on Usable Privacy and Security ({SOUPS} 2017)
Rothert, J. (2023) Behavioural Measures of Phishing Susceptibility: Examining the Influence of Individual and Situational Factors on Email Management Decision-making through Eye-tracking. https://essay.utwente.nl/95087/