- Title
- Why do users trust the wrong messages? A behavioural model of phishing
- Creator
- Watters, Paul
- Date
- 2009
- Type
- Text; Conference paper
- Identifier
- http://researchonline.federation.edu.au/vital/access/HandleResolver/1959.17/69705
- Identifier
- vital:2311
- Identifier
-
https://doi.org/10.1109/ECRIME.2009.5342611
- Identifier
- ISBN:9781424446254
- Abstract
- Given the rise of phishing over the past 5 years, a recurring question is why users continue to fall for these scams? Various technical countermeasures have been proposed to try and counter phishing, and none have yet comprehensively succeeded in preventing users from becoming victims. This paper argues that an explicit model of user psychology is required to understand user behaviour in (a) processing phishing e-mails, (b) clicking on links to phishing websites, and (c) interacting with these websites. Many users engage in e-mail and web activity with an inappropriately high level of trust: users are constantly rewarded by their online interactions, even where there is a low level of formalised trust between the sending and receiving parties, eg, if an e-mail claims to be sent from a bank, then it must be so, even if there has been no a priori exchange of credentials mediated by a trusted third party. Previously, mathematical models have been developed to predict trust established and maintenance based on reputation scores (e.g., Tran et al [1, 2]). This paper considers two inter-related questions: (a) can we model the behaviour of users learning to trust, based on non-associative models of learning (habituation and sensitisation), and (b) can we then locate this behavioural activity in a broader psychological model with a view to identifying potential countermeasures which might circumvent learned behaviour? © 2009 Crown.
- Publisher
- Tacoma, Washington :
- Relation
- Paper presented at 2009 eCrime Researchers Summit, eCRIME '09, Tacoma, Washington : 20th-21st October 2009 p. 1-7
- Rights
- Copyright IEEE
- Rights
- Open Access
- Rights
- This metadata is freely available under a CCO license
- Subject
- Phishing; Cyberscam; Online fraud; User behaviour; Websites
- Full Text
- Hits: 1247
- Visitors: 1576
- Downloads: 363
Thumbnail | File | Description | Size | Format | |||
---|---|---|---|---|---|---|---|
View Details Download | SOURCE1 | Published version | 2 MB | Adobe Acrobat PDF | View Details Download |