Online threats, particularly phishing attacks, are becoming more frequent and more diversified in the channels used. The strengths and weaknesses of different methods which have been used in studying people experiences of phishing are presented. A little used method for studying phishing, a diary study, was undertaken with 45 young British people to investigate the frequency with which they received phishing attacks, how they detected them and how they dealt with them. An initial questionnaire, two waves of daily diary completion (one of 14 days, one of 7 days) and a final questionnaire were conducted. The diary phase elicited 121 reports of phishing attacks, with participants reporting receiving threats at a rate of approximately 8.5 threats per month. Nearly 75% of threats occurred on a smartphone and approximately 50% via email. The most frequent type of threat was non-specific phishes, followed by spear phish. Participants used on average two different cues to detect a threat, with the most frequently used cues being suspicious or unknown email addresses/phone numbers/usernames, closely followed by suspicious links. In terms of strategies for dealing with threats, participants did not often interact with the threat beyond opening a message, but in about a quarter of cases they took some action to investigate the threat or resolve the issues, most frequently researching the sender online or simply deleting the message. The implications for the use of the diary method, future research and training in phishing awareness are discussed.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Experiences of Online Threats: A Diary Study with Young British People

  • Najla Aldaraani,
  • Helen Petrie

摘要

Online threats, particularly phishing attacks, are becoming more frequent and more diversified in the channels used. The strengths and weaknesses of different methods which have been used in studying people experiences of phishing are presented. A little used method for studying phishing, a diary study, was undertaken with 45 young British people to investigate the frequency with which they received phishing attacks, how they detected them and how they dealt with them. An initial questionnaire, two waves of daily diary completion (one of 14 days, one of 7 days) and a final questionnaire were conducted. The diary phase elicited 121 reports of phishing attacks, with participants reporting receiving threats at a rate of approximately 8.5 threats per month. Nearly 75% of threats occurred on a smartphone and approximately 50% via email. The most frequent type of threat was non-specific phishes, followed by spear phish. Participants used on average two different cues to detect a threat, with the most frequently used cues being suspicious or unknown email addresses/phone numbers/usernames, closely followed by suspicious links. In terms of strategies for dealing with threats, participants did not often interact with the threat beyond opening a message, but in about a quarter of cases they took some action to investigate the threat or resolve the issues, most frequently researching the sender online or simply deleting the message. The implications for the use of the diary method, future research and training in phishing awareness are discussed.