Keywords

eye movement-based memory effect, phishing emails, memory, eye tracking, NeuroIS, behavioral information system security

Abstract

Phishing has become a major attack vector for hackers and cost victims $687 million in the first half of 2012 alone. Additionally, despite technical solutions to defend against this threat, reports show that phishing attacks are increasing. There is therefore a pressing need to understand why users continue to fall victim to phishing, and how such attacks can be prevented. In this researchin- progress paper, we argue that the cognitive neuroscience of memory provides a useful lens through which to study the problem of phishing. A commonly reported finding from the field of memory is the eye movement-based memory effect, the phenomenon of people paying less visual attention to images that have been previously viewed. We aim to show in this paper that this effect holds in the context of email processing, and that the eye movement-based memory effect is a significant contributing factor to users’ susceptibility to phishing. We propose an experimental design that uses a memory task involving simulated phishing emails, and measures users’ behavioral responses and eye tracking data in response to our phishing manipulations. We further propose to show how training can be designed to help users overcome the eye movementbased memory effect and become less prone to phishing attacks.

Original Publication Citation

Anderson, B., Vance, A., Eargle, D. “Is Your Susceptibility to Phishing Dependent on Your Memory?” Workshop on Information Security & Privacy (WISP), AIS SIGSEC and IFIP TC11.1, Milan, Italy, 2013. In Conference Proceedings

Document Type

Peer-Reviewed Article

Publication Date

2013

Publisher

Workshop on Information Security & Privacy

Language

English

College

Marriott School of Business

Department

Information Systems Management

University Standing at Time of Publication

Full Professor

Download

Share

COinS