Your browser doesn't support javascript.
loading
The Phishing Email Suspicion Test (PEST) a lab-based task for evaluating the cognitive mechanisms of phishing detection.
Hakim, Ziad M; Ebner, Natalie C; Oliveira, Daniela S; Getz, Sarah J; Levin, Bonnie E; Lin, Tian; Lloyd, Kaitlin; Lai, Vicky T; Grilli, Matthew D; Wilson, Robert C.
Afiliação
  • Hakim ZM; Department of Psychology, University of Arizona, Tucson, AZ, USA.
  • Ebner NC; Department of Psychology, University of Florida, Gainesville, FL, USA.
  • Oliveira DS; Department of Psychology, University of Florida, Gainesville, FL, USA.
  • Getz SJ; Department of Aging and Geriatric Research, Institute on Aging, University of Florida, Gainesville, FL, USA.
  • Levin BE; Florida Institute for Cybersecurity, University of Florida, Gainesville, FL, USA.
  • Lin T; Evelyn F. McKnight Brain Institute, Gainesville, FL, USA.
  • Lloyd K; Department of Electrical and Computer Engineering, University of Florida, Gainesville, FL, USA.
  • Lai VT; Evelyn F. McKnight Brain Institute, Gainesville, FL, USA.
  • Grilli MD; Department of Neurology, Miller School of Medicine, University of Miami, Coral Gables, FL, USA.
  • Wilson RC; Evelyn F. McKnight Brain Institute, Gainesville, FL, USA.
Behav Res Methods ; 53(3): 1342-1352, 2021 06.
Article em En | MEDLINE | ID: mdl-33078362
Phishing emails constitute a major problem, linked to fraud and exploitation as well as subsequent negative health outcomes including depression and suicide. Because of their sheer volume, and because phishing emails are designed to deceive, purely technological solutions can only go so far, leaving human judgment as the last line of defense. However, because it is difficult to phish people in the lab, little is known about the cognitive and neural mechanisms underlying phishing susceptibility. There is therefore a critical need to develop an ecologically valid lab-based measure of phishing susceptibility that will allow evaluation of the cognitive mechanisms involved in phishing detection. Here we present such a measure based on a task, the Phishing Email Suspicion Test (PEST), and a cognitive model to quantify behavior. In PEST, participants rate a series of phishing and non-phishing emails according to their level of suspicion. By comparing suspicion scores for each email to its real-world efficacy, we find initial support for the ecological validity of PEST - phishing emails that were more effective in the real world were more effective at deceiving people in the lab. In the proposed computational model, we quantify behavior in terms of participants' overall level of suspicion of emails, their ability to distinguish phishing from non-phishing emails, and the extent to which emails from the recent past bias their current decision. Together, our task and model provide a framework for studying the cognitive neuroscience of phishing detection.
Assuntos
Palavras-chave

Texto completo: 1 Coleções: 01-internacional Base de dados: MEDLINE Assunto principal: Segurança Computacional / Correio Eletrônico Tipo de estudo: Diagnostic_studies / Prognostic_studies Limite: Humans Idioma: En Ano de publicação: 2021 Tipo de documento: Article

Texto completo: 1 Coleções: 01-internacional Base de dados: MEDLINE Assunto principal: Segurança Computacional / Correio Eletrônico Tipo de estudo: Diagnostic_studies / Prognostic_studies Limite: Humans Idioma: En Ano de publicação: 2021 Tipo de documento: Article