Integrating E-Commerce and Social Engineering Perspectives on Trust in Online Communication

Currently, interpersonal trust in computer-mediated communication is a research topic for e-commerce as well as usable security researchers. While the e-commerce researchers focus on gaining warranted trust, usable security researchers focus on preventing misplaced trust, in order to protect users from social engineering attacks. In this paper an approach to integrate findings and theories from both fields is proposed in order to create a complete model for predicting trust in electronic messages or websites, whether they are authentic or not

“A Bank Would Never Write That!” - A Qualitative Study on E-Mail Trust Decisions

In order to communicate the risk of fraudulent e-mails to users properly, it is important to know which aspects they focus on when evaluating the trustworthiness of an e-mail. To that end, a study was conducted to test predictions derived from a decision model by asking participants how they would react to each of eight e-mails and why. The study confirms results from previous research showing that content as well as visual and linguistic aspects, but also technical aspects such as sender address and link URL are considered by recipients. It also adds new findings like the fact that through experience and education, users form rules such as “A bank will never ask you for account details via e-mail” or the fact that attachments in HTML format or implausible sending times raise suspicions in users. These findings can be used to inform the design of anti-fraud education and user interfaces of e-mail clients

Improving Privacy Settings for Facebook by Using Interpersonal Distance as Criterion

The possibility to define custom privacy settings in Facebook has been improved over the last years. Still,numerous users do not know how to change those settings or do not use the settings because they are cumbersome to use. Within this paper a new method for defining the privacy settings in online social networks is presented that uses the social distance between users as setting criterion. This approach was tested as a paper prototype in a first user study with 10 participants. Results show that the number of errors was significantly decreased and that the subjective evaluation of the interface was promising

Contextualized Security Interventions in Password Transmission Scenarios

Usable security user studies as well as the number of successful attacks to end users’ data and devices show that today’s security interventions like the green URL bar and self-signed certificate warnings do not protect end users effectively for many reasons. To improve the situation, we proposed the Framework fOr Contextualized security Interventions (FOCI). While this framework provides general guidelines how to develop contextualized security interventions, this is the first paper in which this framework is applied to actually develop adequate security intervention strategies and intervention content. We focus on a subset of security- and privacy-critical scenarios in the context of web applications – namely those in which users visit web pages containing a password filed. If either the communication is not confidential and authenticated or the service behind the web page is not trustworthy, entering a password can have consequences like financial loss and privacy leakage in particular for users reusing their passwords for several different web pages. Therefore, it is important to provide effective security interventions for these scenarios.&nbsp

A Comparison of American and German Folk Models of Home Computer Security

Although many security solutions exist, home computer systems are vulnerable against different type of attacks. The main reason is that users are either not motivated to use these solutions or not able to correctly use them. In order to make security software more usable and hence computers more secure, we re-ran the study by Wash about “Folk Models of Home Computer Security” in Germany. We classified the different mental models in eleven folk models. Eight of the identified folk models are similar to the models Wash presented. We describe each folk model and illustrate how users think about computer security

Identification as Determining Factor of Technology Acceptance for Hedonic and Dual Use Products

The rising importance of hedonic and dual use products is well noticed in literature, but up until now not appropriately addressed in technology acceptance research. Financial losses and dissatisfaction are the outcomes of this omission. Therefore, this thesis addressed this area by investigating three main research points: re-defining technology acceptance for hedonic and dual use products, developing and validating a model which predicts and ex-plains technology acceptance better than existing models, and investigating the role of the usage mode for technology acceptance. First, technology acceptance was re-defined as positive attitude towards a certain technology in combination with the intention to use the technology. Then, different technol-ogy acceptance models were investigated and judged according to their appropriateness for explaining technology acceptance in the context of hedonic and dual use products. The re-vised TAM was chosen, because it was already used in the context of hedonic systems and proofed to be better than models that do not integrate hedonic qualities. It was aimed for the improvement of this model due to the still low explanatory power of the model. This im-provement was found by investigating different needs as basis for positive emotions during the interaction with products. Stimulation, competence, and identification were identified as most promising needs. Those needs were already part of the hedonic/pragmatic model of user experience, which led to the decision to merge both models into one combined model. The resulting model was called Balanced TAM. Three user studies were conducted to test the validity and explanatory power of the model. It was shown that Balanced TAM explains significantly more variance of technology acceptance than revised TAM for hedonic and dual use products. Additionally, it did not per-form worse for utilitarian products. The results and the methodological approach were dis-cussed and open points identified. Those points were addressed in the future work section at the end of the thesis