McAlaney, J. and Hills, P.J., 2020. Understanding Phishing Email Processing and Perceived Trustworthiness Through Eye Tracking. Frontiers in Psychology, 11, 1756.
Full text available as:
|
PDF (OPEN ACCESS ARTICLE)
2020McAlaneyHills_Frontiers.pdf - Published Version Available under License Creative Commons Attribution. 3MB | |
Copyright to original material in this document is with the original owner(s). Access to this content through BURO is granted on condition that you use it only for research, scholarly or other non-commercial purposes. If you wish to use it for any other purposes, you must contact BU via BURO@bournemouth.ac.uk. Any third party copyright material in this document remains the property of its respective owner(s). BU grants no licence for further use of that third party material. |
Abstract
© Copyright © 2020 McAlaney and Hills. Social engineering attacks in the form of phishing emails represent one of the biggest risks to cybersecurity. There is a lack of research on how the common elements of phishing emails, such as the presence of misspellings and the use of urgency and threatening language, influences how the email is processed and judged by individuals. Eye tracking technology may provide insight into this. In this exploratory study a sample of 22 participants viewed a series of emails with or without indicators associated with phishing emails, whilst their eye movements were recorded using a SMI RED 500 eye-tracker. Participants were also asked to give a numerical rating of how trustworthy they deemed each email to be. Overall, it was found that participants looked more frequently at the indicators associated with phishing than would be expected by chance but spent less overall time viewing these elements than would be expected by chance. The emails that included indicators associated with phishing were rated as less trustworthy on average, with the presence of misspellings or threatening language being associated with the lowest trustworthiness ratings. In addition, it was noted that phishing indicators relating to threatening language or urgency were viewed before misspellings. However, there was no significant interaction between the trustworthiness ratings of the emails and the amount of scanning time for phishing indicators within the emails. These results suggest that there is a complex relationship between the presence of indicators associated with phishing within an email and how trustworthy that email is judged to be. This study also demonstrates that eye tracking technology is a feasible method with which to identify and record how phishing emails are processed visually by individuals, which may contribute toward the design of future mitigation approaches.
Item Type: | Article |
---|---|
ISSN: | 1664-1078 |
Uncontrolled Keywords: | phishing, eye tracking, social engineering, cybersecurity, email |
Group: | Faculty of Science & Technology |
ID Code: | 34475 |
Deposited By: | Symplectic RT2 |
Deposited On: | 01 Sep 2020 12:57 |
Last Modified: | 14 Mar 2022 14:23 |
Downloads
Downloads per month over past year
Repository Staff Only - |