User experiences of TORPEDO: TOoltip-poweRed Phishing Email DetectiOn

Volkamer, M., Renaud, K., Reinheimer, B. and Kunz, A. (2017) User experiences of TORPEDO: TOoltip-poweRed Phishing Email DetectiOn. Computers and Security, 71, pp. 100-113. (doi:10.1016/j.cose.2017.02.004)

[img]
Preview
Text
137562.pdf - Accepted Version

1MB

Abstract

We propose a concept called TORPEDO to improve phish detection by providing just-in-time and just-in-place trustworthy tooltips. These help people to identify phish links embedded in emails. TORPEDO's tooltips contain the actual URL with the domain highlighted. Link activation is delayed for a short period, giving the person time to inspect the URL before they click on a link. Furthermore, TORPEDO provides an information diagram to explain phish detection. We evaluated TORPEDO's effectiveness, as compared to the worst case “status bar” as provided by other Web email interfaces. People using TORPEDO performed significantly better in detecting phishes and identifying legitimate emails (85.17% versus 43.31% correct answers for phish). We then carried out a field study with a number of TORPEDO users to explore actual user experiences of TORPEDO. We conclude the paper by reporting on the outcome of this field study and suggest improvements based on the feedback from the field study participants.

Item Type:Articles
Additional Information:This work was developed within the project “KMU AWARE” which is funded by the German Federal Ministry for Economic Affairs and Energy under grant no. BMWi-VIA5- 090168623-01-1/2015.
Status:Published
Refereed:Yes
Glasgow Author(s) Enlighten ID:Renaud, Professor Karen
Authors: Volkamer, M., Renaud, K., Reinheimer, B., and Kunz, A.
College/School:College of Science and Engineering > School of Computing Science
Journal Name:Computers and Security
Publisher:Elsevier
ISSN:0167-4048
ISSN (Online):1872-6208
Published Online:10 February 2017
Copyright Holders:Copyright © 2017 Elsevier Ltd.
First Published:First published in Computers and Security 71:100-113
Publisher Policy:Reproduced in accordance with the publisher copyright policy

University Staff: Request a correction | Enlighten Editors: Update this record