Abstract
Phishing attacks have been persistent for more than two decades despite mitigation efforts from academia and industry. We believe that users fall victim to attacks not only because of lack of knowledge and awareness, but also because they are not attentive enough to security indicators and visual abnormalities on the webpages they visit. This is also probably why smart device users, who have more limited screen size and device capabilities compared to desktop users, are three times more likely to fall victim to phishing attacks. To assert our claim, we first investigated general phishing awareness among different groups of smartphone users. We then used smart eyeglasses (electro-oculographic) to experimentally measure the mental effort and vigilance exhibited by users while surfing a website and while playing an Android phishing game that we developed. The results showed that knowledge and awareness about phishing do not seem to have a significant impact on security behaviours, as knowledgeable participants exhibited insecure behaviours such as opening email attachments from unfamiliar senders. However, attentiveness was important as even participants with low cybersecurity knowledge could effectively identify attacks if they were reasonably attentive. Based on these results, we asserted that users are more likely to continue falling victim to phishing attacks due to insecure behaviours, unless tools to lessen the identification burden are provided. We thus recommended implementing a lightweight algorithm into a custom Android browser for detecting phishing sites deceptively without a user interaction. We used fake login credentials as validation agents and monitor the destination server HTTP responses to determine the authenticity of a webpage. We also presented initial evaluation results of this algorithm.
Highlights
The increase in the use of smart devices such as smartphones and the increasing amount of important information they store make them a prime target by attackers interested in exploiting them [1]
In our previous work [34], we developed a prototype of an Android application (UnPhishMe) that simulates a user login procedure by using dummy login credentials to thwart phishing attacks
In this paper, we investigated the awareness of phishing attacks and cybersecurity behaviours of 206 users through a survey
Summary
The increase in the use of smart devices such as smartphones and the increasing amount of important information they store make them a prime target by attackers interested in exploiting them [1]. A. WEB LOGIN AUTOMATION To avoid entering web-login credentials, a user of a smart device such as smartphone can authenticate herself to another device such as a laptop or another mobile device through a close-range Bluetooth communication. WEB LOGIN AUTOMATION To avoid entering web-login credentials, a user of a smart device such as smartphone can authenticate herself to another device such as a laptop or another mobile device through a close-range Bluetooth communication This strategy prevents phishing attacks as it uses a multi-factor authentication. Before the user enters the authentication information in another device, a plugin on her web browser communicates with the smart device through Bluetooth to verify the login credentials. For performance issues most smartphone browsers are not equipped with plugins
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
