Link-centric Phishing Warnings for Online Email Clients (Google Award)
This project will thoroughly investigate the effectiveness and usability of such link-centric phishing warnings by (1) integrating, improving, and evaluating their warning design; (2) conducting an online behavioral experiment to validate and optimize the link security indicators and cool-down methods of the warnings; and (3) implementing the results in a publicly available browser extension, which (4) will enable a future long-term field study on the effectiveness and habituation to phishing warnings. The results will have a practical impact on the design of phishing alerts in online email clients (e.g. Gmail) and browsers (e.g. Chrome).
Email services like Gmail automatically detect certain suspicious links and filter out many phishing emails. However, despite its high accuracy, phishing detection is probabilistic and can produce false positives (removal of legitimate email) and false negatives (no Spear-Phishing detection). Therefore, phishing alerts complement automatic detection to deal with uncertainty, and people are still encouraged to carefully check URLs before clicking on a link to avoid phishing.
Sponsored by: Google
Cooperation partner: University of Michigan
Period: Since 2020