Protecting People from Phishing: The Design and Evaluation of an Embedded Training Email System

Kumaraguru, Ponnurangam; Rhee, Yong; Acquisti, Alessandro; Cranor, Lorrie Faith; Hong, Jason; Nunge, Elizabeth

doi:10.1184/R1/6625466.v1

Protecting People from Phishing: The Design and Evaluation of an Embedded Training Email System

journal contribution

posted on 2007-01-01, 00:00 authored by Ponnurangam Kumaraguru, Yong Rhee, Alessandro Acquisti, Lorrie Faith Cranor, Jason Hong, Elizabeth Nunge

Phishing attacks, in which criminals lure Internet users to websites that impersonate legitimate sites, are occurring with increasing frequency and are causing considerable harm to victims. In this paper we describe the design and evaluation of an embedded training email system that teaches people about phishing during their normal use of email. We conducted lab experiments contrasting the effectiveness of standard security notices about phishing with two embedded training designs we developed. We found that embedded training works better than the current practice of sending security notices. We also derived sound design principles for embedded training systems.

History

Date

2007-01-01

Usage metrics

Keywords

embedded training phishing email usable privacy and security situated learning security and protection user / machine systems user interfaces Computer Software not elsewhere classified

Licence

In Copyright

Exports

RefWorks

BibTeX

Ref. manager

Endnote

DataCite

NLM

DC

Protecting People from Phishing: The Design and Evaluation of an Embedded Training Email System

History

Date

Usage metrics

Categories

Keywords

Licence

Exports