Published: August 7, 2023
Author(s)
Olivia Williams (University of Maryland), Yee-Yin Choong (NIST), Kerrianne Buchanan (NIST)
Conference
Name: USENIX Symposium on Usable Privacy and Security (SOUPS) 2023
Dates: 08/06/2023 - 08/08/2023
Location: Anaheim, CA, USA
Citation: Proceedings of the Nineteenth Symposium on Usable Privacy and Security, pp. 1-7
Organizations use simulated phishing awareness training exercises to help users identify, detect, and defend against the ever-changing phishing threat landscape. Realistic phishing emails are used to test users’ ability to spot a phish from visible cues. However, there are no metrics aimed at classifying the saliency of these visual cues. In this research, we analyzed different types of cues present in real-world phishing emails. The most common cues and cue types are presented, along with the frequency of their use in real-world phishing emails.
Organizations use simulated phishing awareness training exercises to help users identify, detect, and defend against the ever-changing phishing threat landscape. Realistic phishing emails are used to test users’ ability to spot a phish from visible cues. However, there are no metrics aimed at...
See full abstract
Organizations use simulated phishing awareness training exercises to help users identify, detect, and defend against the ever-changing phishing threat landscape. Realistic phishing emails are used to test users’ ability to spot a phish from visible cues. However, there are no metrics aimed at classifying the saliency of these visual cues. In this research, we analyzed different types of cues present in real-world phishing emails. The most common cues and cue types are presented, along with the frequency of their use in real-world phishing emails.
Hide full abstract
Keywords
NIST Phish Scale; phishing; usable cybersecurity; cybersecurity awareness training
Control Families
None selected
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
