“A Bank Would Never Write That!” - A Qualitative Study on E-Mail Trust Decisions

In order to communicate the risk of fraudulent e-mails to users properly, it is important to know which aspects they focus on when evaluating the trustworthiness of an e-mail. To that end, a study was conducted to test predictions derived from a decision model by asking participants how they would react to each of eight e-mails and why. The study confirms results from previous research showing that content as well as visual and linguistic aspects, but also technical aspects such as sender address and link URL are considered by recipients. It also adds new findings like the fact that through experience and education, users form rules such as “A bank will never ask you for account details via e-mail” or the fact that attachments in HTML format or implausible sending times raise suspicions in users. These findings can be used to inform the design of anti-fraud education and user interfaces of e-mail clients

Characterizing and Predicting Email Deferral Behavior

Email triage involves going through unhandled emails and deciding what to do with them. This familiar process can become increasingly challenging as the number of unhandled email grows. During a triage session, users commonly defer handling emails that they cannot immediately deal with to later. These deferred emails, are often related to tasks that are postponed until the user has more time or the right information to deal with them. In this paper, through qualitative interviews and a large-scale log analysis, we study when and what enterprise email users tend to defer. We found that users are more likely to defer emails when handling them involves replying, reading carefully, or clicking on links and attachments. We also learned that the decision to defer emails depends on many factors such as user's workload and the importance of the sender. Our qualitative results suggested that deferring is very common, and our quantitative log analysis confirms that 12% of triage sessions and 16% of daily active users had at least one deferred email on weekdays. We also discuss several deferral strategies such as marking emails as unread and flagging that are reported by our interviewees, and illustrate how such patterns can be also observed in user logs. Inspired by the characteristics of deferred emails and contextual factors involved in deciding if an email should be deferred, we train a classifier for predicting whether a recently triaged email is actually deferred. Our experimental results suggests that deferral can be classified with modest effectiveness. Overall, our work provides novel insights about how users handle their emails and how deferral can be modeled

Third Person Effect and Internet Privacy Risks

The current study tests the third-person effect (TPE) in the context of Internet privacy. TPE refers to the phenomenon that people tend to perceive greater media effects on others than on themselves. The behavioral component of TPE holds that the self-others perceptual gap is positively associated with support for restricting harmful media messages. Using a sample (N=613) from Amazon Mturk, the current research documented firm support for the perceptual and behavioral components of TPE in the context of Internet privacy. Moreover, social distance, perceived Internet privacy knowledge, negative online privacy experiences, and Internet use were found to be significant predictors of the TPE perceptions of Internet privacy risks. There are four novel contributions of the current study. First, this study systematically tests TPE in a new context―Internet privacy. Second, this study examines five antecedents of TPE perceptions, of which perceived Internet privacy knowledge, negative online privacy experiences, and Internet use are novel to TPE studies. Unlike prior studies which assume social distance and desirability of media content, the current study provides direct empirical tests of these two antecedents. Third, prior research primarily examines support for censorship of harmful media messages, a context in which individuals do not have control over policy enforcement. In the case of Internet privacy, people can decide whether to adopt privacy protective measures or not. The current study addresses two types of behavioral intentions to reduce privacy risks: (1) the willingness to adopt online privacy protection measures; and (2) recommend such measures to others. Fourth, unlike prior studies using fear based theories to investigate Internet privacy issues, the current tests Internet privacy from a novel perspective—TPE theory