Why do users trust the wrong messages? A behavioural model of phishing

Watters, Paul

Title: Why do users trust the wrong messages? A behavioural model of phishing
Creator: Watters, Paul
Date: 2009
Type: Text; Conference paper
Identifier: http://researchonline.federation.edu.au/vital/access/HandleResolver/1959.17/69705
Identifier: vital:2311
Identifier: https://doi.org/10.1109/ECRIME.2009.5342611
Identifier: ISBN:9781424446254
Abstract: Given the rise of phishing over the past 5 years, a recurring question is why users continue to fall for these scams? Various technical countermeasures have been proposed to try and counter phishing, and none have yet comprehensively succeeded in preventing users from becoming victims. This paper argues that an explicit model of user psychology is required to understand user behaviour in (a) processing phishing e-mails, (b) clicking on links to phishing websites, and (c) interacting with these websites. Many users engage in e-mail and web activity with an inappropriately high level of trust: users are constantly rewarded by their online interactions, even where there is a low level of formalised trust between the sending and receiving parties, eg, if an e-mail claims to be sent from a bank, then it must be so, even if there has been no a priori exchange of credentials mediated by a trusted third party. Previously, mathematical models have been developed to predict trust established and maintenance based on reputation scores (e.g., Tran et al [1, 2]). This paper considers two inter-related questions: (a) can we model the behaviour of users learning to trust, based on non-associative models of learning (habituation and sensitisation), and (b) can we then locate this behavioural activity in a broader psychological model with a view to identifying potential countermeasures which might circumvent learned behaviour? © 2009 Crown.
Publisher: Tacoma, Washington :
Relation: Paper presented at 2009 eCrime Researchers Summit, eCRIME '09, Tacoma, Washington : 20th-21st October 2009 p. 1-7
Rights: Copyright IEEE
Rights: Open Access
Rights: This metadata is freely available under a CCO license
Subject: Phishing; Cyberscam; Online fraud; User behaviour; Websites
Full Text

Hits: 1247
Visitors: 1576
Downloads: 363

		Thumbnail	File	Description	Size	Format
View Details Download			SOURCE1	Published version	2 MB	Adobe Acrobat PDF	View Details Download