3rd TIPPI Workshop

The Human Factor in Phishing and Malware

Speaker: Markus Jakobsson, Indiana University

Title: The Human Factor in Phishing and Malware

Abstract:
Most security mechanisms are designed without much consideration of the behavior of the typical end user. This is due to a competence gap between the designers and users and a poor scientific understanding of the human factor as it relates to security. While traditional user studies work well to measure a range of user behaviors, they fail to measure the impact of deceit, misconfiguration, and neglect. This is since users will behave differently if they know they are being tested, which therefore introduces a bias in the results. Naturalistic user experiments -- in which the subjects do not know that they are being studied -- offer a solution to this problem, but come with ethical concerns. I will describe a collection of ethical and naturalistic experiments, and the corresponding results. The results tell us how typical users relate to URLs of different kinds, to certificates and to SSL.


Back to TIPPI workshop page