Cyberattacks have emerged as problems caused not only by technological issues but also by human factors that are often overlooked when designing interactive systems. Social engineering is an extremely effective type of cybercrime, where the attackers use human psychology to achieve their target which are in the form of data, account details, or IT devices for example. Phishing is one of the first methods that social engineers use to target victims and it accounts for the highest percentage of data breaches at 25% compared to the other types. Phishing is a deception technique that attackers use to steal sensitive information such as usernames, passwords, and online banking details from their victims. Despite phishing attacks being known for more than two decades, and the ongoing research for developing effective techniques against these attacks, the increasing trend of attacks confirms the lack of robust solutions and techniques against these attacks. There is a need for comprehensive research in the area of anti-phishing to improve the overall cybersecurity landscape. Hence this study aims to design and propose a User Experience (UX) Framework to safeguard against digital deception, that focuses on cybersecurity training applications. The study conducted an in-depth literature review on phishing and major phishing attacks. Next, the study explored interactive design by linking phishing with user experience design. Lastly, the improved S-UX framework is proposed for cybersecurity training applications in safeguarding users against digital deception. The proposed framework offers six high-level constructs which include security, experience, interactiveness, accessibility, robustness, and transparency. This study also provides recommendations on how to apply the proposed framework for cybersecurity training and real-world situations.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Designing a S-UX Framework to Combat Phishing and Foster Digital Responsibility

  • Noluntu Mpekoa ,
  • Sheethal Tom,
  • Nobubele Shozi,
  • Noluxolo Gcaza

摘要

Cyberattacks have emerged as problems caused not only by technological issues but also by human factors that are often overlooked when designing interactive systems. Social engineering is an extremely effective type of cybercrime, where the attackers use human psychology to achieve their target which are in the form of data, account details, or IT devices for example. Phishing is one of the first methods that social engineers use to target victims and it accounts for the highest percentage of data breaches at 25% compared to the other types. Phishing is a deception technique that attackers use to steal sensitive information such as usernames, passwords, and online banking details from their victims. Despite phishing attacks being known for more than two decades, and the ongoing research for developing effective techniques against these attacks, the increasing trend of attacks confirms the lack of robust solutions and techniques against these attacks. There is a need for comprehensive research in the area of anti-phishing to improve the overall cybersecurity landscape. Hence this study aims to design and propose a User Experience (UX) Framework to safeguard against digital deception, that focuses on cybersecurity training applications. The study conducted an in-depth literature review on phishing and major phishing attacks. Next, the study explored interactive design by linking phishing with user experience design. Lastly, the improved S-UX framework is proposed for cybersecurity training applications in safeguarding users against digital deception. The proposed framework offers six high-level constructs which include security, experience, interactiveness, accessibility, robustness, and transparency. This study also provides recommendations on how to apply the proposed framework for cybersecurity training and real-world situations.