Evaluation of Personalized Security Indicators as an Anti-Phishing Mechanism for Smartphone Applications
Abstract
Mobile application phishing happens when a malicious mobile application masquerades as a legitimate one to steal user credentials. Personalized security indicators may help users to detect phishing attacks, but rely on the user’s alertness. Previous studies in the context of website phishing have shown that users tend to ignore personalized security indicators and fall victim to attacks despite their deployment. Consequently, the research community has deemed personalized security indicators an ineffective phishing detection mechanism. We revisit the question of personalized security indicator effectiveness and evaluate them in the previously unexplored and increasingly important context of mobile applications. We conducted a user study with 221 participants and found that the deployment of personalized security indicators decreased the phishing attack success rate to 50%. Personalized security indicators can, therefore, help phishing detection in mobile applications and their reputation as an anti-phishing mechanism in the mobile context should be reconsidered.
People
BibTex
@inproceedings{marforio2016evaluation,
author = {Marforio, Claudio and Masti, Ramya Jayaram and Soriente, Claudio and Kostianen, Kari and Capkun, Srdjan},
title = {{Evaluation of Personalized Security Indicators as an Anti-Phishing Mechanism for Smartphone Applications}},
booktitle = {CHI 2016 : proceedings ; The 34rd Annual CHI Conference on Human Factors in Computing Systems, San Jose, CA, USA, May 07 - 12, 2016},
address = {San Jose, CA, USA},
year = 2016,
month = may,
publisher = {Association for Computing Machinery},
doi = {10.1145/2858036.2858085},
url = {https://doi.org/10.1145/2858036.2858085}
}Research Collection: 20.500.11850/118469