“Abort the Login”: Understanding Phishing Susceptibility Through Warning Design in the Context of 2FA
摘要
Social engineering attacks are successful due to the exploitative nature of human psychology. Although security solutions, such as 2FA, aim to reduce the severity of attacks, these approaches tend to be insufficient considering sophisticated phishing attacks. In the present paper, we investigate how the design of the 2FA method may influence the likelihood of a login to a malicious website. Through an online experiment with \(N=94\) participants, we show that contrary to common assumptions, warning designs prompting to proceed with login might have a contradicting effect. In contrast, designs that prompt users to abort the login have minimal desired effects. Moreover, we identify that involvement in login activity and confidence in the decision made had further significant effects on the likelihood of login. Our exploratory results contribute to the knowledge of susceptibility to phishing attacks and potential misconceptions about the effects of opinionated design in the context of 2FA.