After disclosing security issues related to user deception through IDN homographic domains to Mozilla, these issues have been addressed in the latest versions of Mozilla Firefox and Thunderbird. We recommend keeping your email clients and browsers up to date to ensure the best possible protection. The full article by Maxime Veit et al. about the user deceptions that can be used by attackers was recently published in Computers & Security. 

Tired of constant security warnings popping up every day—and catching yourself clicking through them without really reading? You're not alone. We're researching how to reduce these interruptions by showing security warnings only when they're truly needed, based on user behavior in a privacy-friendly way.
Come meet Maxime Veit at the "Tag der offenen Tür" of KIT in the KD²Lab (Fritz-Erler-Straße 1–3) to experience our research firsthand and join the discussion. You can also visit STAR, our Security Teaching & Awareness Robot Group Member, at the KIT Ehrenhof (Kaiserstraße 10), where it represents our work on email phishing in an interactive and engaging way.

Anne Hennig supports the Poster Jury of the Twenty-First Symposium on Usable Privacy and Security (SOUPS 2025). SOUPS seeks posters and poster abstracts of recent or ongoing research related to usable privacy and security. Submissions of preliminary findings from ongoing work, undergraduate/master research projects, or posters about work on usable privacy and security that were recently published at other venues (2024 to 2025) are welcomed. Submission deadline for posters is Thursday, May 22, 2025. SOUPS 2025 will take place August 10-12, 2025, and will be co-located with the 34th USENIX Security Symposium in Seattle, WA, USA.

In a recent article published in Computers & Security, Maxime Veit, Oliver Wiese, Fabian Lucas Ballreich, Melanie Volkamer, Douglas Engels, and Peter Mayer investigate how email clients fare against user deception techniques that have evolved over the past decade. Despite advances in email security, their systematic review and empirical analysis reveal that many clients—including Thunderbird, Outlook, and Apple Mail—remain vulnerable to deceptive practices, especially those involving misleading links. Their evaluation of seven widely used email clients across desktop, mobile, and web platforms shows that most are still susceptible to several high-impact techniques. They also provide concrete recommendations, some of which have already prompted improvements, particularly in the handling of links in mobile mail apps.