Dr Rick Wash - Associate Professor of Information, University of Wisconsin, Madison
Stopping phishing is hard, and needs both technical and human-centered solutions. Despite spending millions on anti-phishing training, we still don’t yet know: How do people detect that an email in their inbox is a phishing message? And how can we help them do it better? I will describe how individuals currently attempt to figure out when an email in their inbox is fraudulent. By comparing how security experts (successfully) detect phishing and how non-experts try to do so, I try to identify better ways to focus our phishing training.
I will describe how IT experts detect phishing emails in their own inboxes by noticing “weird” things about an email, slowly becoming uncomfortable, and only then following their own advice to investigate an email to determine if it is real. Then I will describe how non-experts use experience with legitimate emails to accomplish similar goals, and the important role that knowledge of prior phishing incidents plays. Finally, I will discuss how this human work integrates with and complements ways that computers are used detect phishing, and provide advice for better ways to train people to detect phishing.
Негізгі бет Rethink or sink: Unravelling the human side of phishing detection
Пікірлер