EXPERIMENTAL STUDY TO ASSESS THE IMPACT OF TIMERS ON USER SUSCEPTIBILITY TO PHISHING ATTACKS

Social engineering costs organizations billions of dollars. It exploits the weakest link of information systems security, the users. It is well-documented in literature that users continue to click on phishing emails costing them and their employers significant monetary resources and data loss. Training does not appear to mitigate the effects of phishing much; other solutions are warranted. Kahneman introduced the concepts of System-One and System-Two thinking. System-One is a quick, instinctual decision-making process, while System-Two is a process by which humans use a slow, logical, and is easily disrupted. The key aim of our experimental field study was to investigate if requiring the user to pause by presenting a countdown or count-up timer when a possible phishing email is opened will influence the user to enter System-Two thinking. In this study, we designed, developed, and empirically tested a Pause-and-Think (PAT) mobile app that presented a user with a warning dialog and a countdown or count-up timer. Our goal was to determine whether requiring users to wait with a colored warning and a timer has any effect on phishing attempts. The study was completed in three phases with 42 subject matter experts and 107 participants. The results indicated that a countdown timer set at 3-seconds accompanied by red warning text was most effective on the user’s ability to avoid clicking on a malicious link or attachment. Recommendations for future research include enhancements to the PAT mobile app and investigating what effect the time of day has on susceptibility to phishing

An Empirical Approach to Phishing Countermeasures Through Smart Glasses and Validation Agents

This research article published by IEEE, Volume: 7, 2019Phishing attacks have been persistent for more than two decades despite mitigation efforts from academia and industry. We believe that users fall victim to attacks not only because of lack of knowledge and awareness, but also because they are not attentive enough to security indicators and visual abnormalities on the webpages they visit. This is also probably why smart device users, who have more limited screen size and device capabilities compared to desktop users, are three times more likely to fall victim to phishing attacks. To assert our claim, we first investigated general phishing awareness among different groups of smartphone users. We then used smart eyeglasses (electro-oculographic) to experimentally measure the mental effort and vigilance exhibited by users while surfing a website and while playing an Android phishing game that we developed. The results showed that knowledge and awareness about phishing do not seem to have a significant impact on security behaviours, as knowledgeable participants exhibited insecure behaviours such as opening email attachments from unfamiliar senders. However, attentiveness was important as even participants with low cybersecurity knowledge could effectively identify attacks if they were reasonably attentive. Based on these results, we asserted that users are more likely to continue falling victim to phishing attacks due to insecure behaviours, unless tools to lessen the identification burden are provided. We thus recommended implementing a lightweight algorithm into a custom Android browser for detecting phishing sites deceptively without a user interaction. We used fake login credentials as validation agents and monitor the destination server HTTP responses to determine the authenticity of a webpage. We also presented initial evaluation results of this algorithm

User-side wi-fi hotspot spoofing detection on android-based devices

A Dissertation Submitted in Partial Fulfilment of the Requirements for the Degree of Master’s in Wireless and Mobile Computing of the Nelson Mandela African Institution of Science and TechnologyNetwork spoofing is becoming a common attack in wireless networks. Similarly, there is a rapid growth of numbers in mobile devices in the working environments. The trends pose a huge threat to users since they become the prime target of attackers. More unfortunately, mobile devices have weak security measures due to their limited computational powers, making them an easy target for attackers. Current approaches to detect spoofing attacks focus on personal computers and rely on the network hosts’ capacity, leaving users with mobile devices at risk. Furthermore, some approaches on Android-based devices demand root privilege, which is highly discouraged. This research aims to study users' susceptibility to network spoofing attacks and propose a detection solution in Android-based devices. The presented approach considers the difference in security information and signal levels of an access point to determine its legitimacy. On the other hand, it tests the legitimacy of the captive portal with fake login credentials since, usually, fake captive portals do not authenticate users. The detection approaches are presented in three networks: (a) open networks, (b) closed networks and (c) networks with captive portals. As a departure from existing works, this solution does not require root access for detection, and it is developed for portability and better performance. Experimental results show that this approach can detect fake access points with an accuracy of 98% and 99% at an average of 24.64 and 7.78 milliseconds in open and closed networks, respectively. On the other hand, it can detect the existence of a fake captive portal at an accuracy of 88%. Despite achieving this performance, the presented detection approach does not cover APs that do not mimic legitimate APs. As an improvement, future work may focus on pcap files which is rich of information to be used in detection