Subject matter experts’ feedback on a prototype development of an audio, visual, and haptic phishing email alert system

Abstract

Phishing emails, also defined as email spam messages, present a threat to both personal and organizational data loss. About 93% of cybersecurity incidents are due to phishing and/or social engineering. Users are continuing to click on phishing links in emails even after phishing awareness training. Thus, it appears that there is a strong need for creative ways to alert and warn users to signs of phishing in emails. ‘System 2 Thinking Mode’ (S2) describes an individual in a more aware state of mind when making important decisions. Ways to trigger S2 include audio alerts, visual alerts, and haptic/vibrations. Assisting the user in noticing signs of phishing in emails could possibly be studied through the delivery of audio, visual, and haptic (vibration) alerts and warnings. This study outlines the empirical results from 32 Subject Matter Experts (SMEs) on an initial prototype design and development of an email phishing alert and warning system. The prototype will be developed to alert and warn users to the signs of phishing in emails in an attempt to switch them to an S2 state of mind. The preliminary results of the SMEs indicated that several features for a phishing alert and warning system could be assembled, resulting in a mobile phishing alert and warning prototype. Visual icons were chosen for each sign of phishing used in the prototype, as well as voice over warnings and haptic vibrations. The preliminary results also determined task measurements, ‘ability to notice’, and ‘time to notice’ signs of phishing in emails.