Falling for Phishing: An Empirical Investigation into People’s Email Response Behaviours

September 9th, 2021

Speaker: Dr Asangi Jayatilaka, UoA


Recording: https://webcast.csiro.au/#/videos/3d15be63-c0de-4ff9-b44f-42fe64fde56e

Date: 12/8/21, 3-4 AEST

Abstract:  Despite the sophisticated phishing email detection systems, and training and awareness programs, humans continue to be tricked by phishing emails. In an attempt to understand why phishing email attacks still work, we have carried out an empirical study to investigate how people make response decisions while reading their emails.  We used a “think aloud” method and follow-up interviews to collect data from 19 participants. The analysis of the collected data has enabled us to identify eleven factors that influence people’s response decisions to both phishing and legitimate emails.  Based on the identified factors, we discuss how people can be susceptible to phishing attacks due to the flaws in their decision making processes. Furthermore, we propose design directions for developing a behavioral plugin for email clients that can be used to nudge people’s secure behaviors enabling them to have a better response to phishing emails.

Bio: Asangi is a post-doctoral researcher at the  Centre for Research on Software Technologies (CREST) at the University of Adelaide (UoA). Asangi received her PhD from the School of Computer Science at UoA. Asangi’s research interest mainly lies in the areas of human aspects of computing, user-centred technology design and development. She has worked across various domains, including cybersecurity, digital health and pervasive computing. The goal of her research is to design and develop technologies to suit the needs of different stakeholders. She uses both qualitative and quantitative research methods in her research to gain an understanding of such needs. Using this understanding, she proposes technological solutions incorporating human aspects and subsequently evaluates how the designed and developed technologies work in practice.