EXPERIMENTAL STUDY TO ASSESS THE IMPACT OF TIMERS ON USER SUSCEPTIBILITY TO PHISHING ATTACKS
Social engineering costs organizations billions of dollars. It exploits the weakest link of information systems security, the users. It is well-documented in literature that users continue to click on phishing emails costing them and their employers significant monetary resources and data loss. Trai...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Kennesaw State University
2022-02-01
|
| Series: | Journal of Cybersecurity Education, Research & Practice |
| Online Access: | https://digitalcommons.kennesaw.edu/jcerp/vol2021/iss2/6/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849710176398999552 |
|---|---|
| author | Amy E. Antonucci Yair Levy Laurie P. Dringus Martha Snyder |
| author_facet | Amy E. Antonucci Yair Levy Laurie P. Dringus Martha Snyder |
| author_sort | Amy E. Antonucci |
| collection | DOAJ |
| description | Social engineering costs organizations billions of dollars. It exploits the weakest link of information systems security, the users. It is well-documented in literature that users continue to click on phishing emails costing them and their employers significant monetary resources and data loss. Training does not appear to mitigate the effects of phishing much; other solutions are warranted. Kahneman introduced the concepts of System-One and System-Two thinking. System-One is a quick, instinctual decision-making process, while System-Two is a process by which humans use a slow, logical, and is easily disrupted. The key aim of our experimental field study was to investigate if requiring the user to pause by presenting a countdown or count-up timer when a possible phishing email is opened will influence the user to enter System-Two thinking. In this study, we designed, developed, and empirically tested a Pause-and-Think (PAT) mobile app that presented a user with a warning dialog and a countdown or count-up timer. Our goal was to determine whether requiring users to wait with a colored warning and a timer has any effect on phishing attempts. The study was completed in three phases with 42 subject matter experts and 107 participants. The results indicated that a countdown timer set at 3-seconds accompanied by red warning text was most effective on the user’s ability to avoid clicking on a malicious link or attachment. Recommendations for future research include enhancements to the PAT mobile app and investigating what effect the time of day has on susceptibility to phishing. |
| format | Article |
| id | doaj-art-c70ad8173eba400db3697ea9939ee48e |
| institution | DOAJ |
| issn | 2472-2707 |
| language | English |
| publishDate | 2022-02-01 |
| publisher | Kennesaw State University |
| record_format | Article |
| series | Journal of Cybersecurity Education, Research & Practice |
| spelling | doaj-art-c70ad8173eba400db3697ea9939ee48e2025-08-20T03:14:59ZengKennesaw State UniversityJournal of Cybersecurity Education, Research & Practice2472-27072022-02-0120212EXPERIMENTAL STUDY TO ASSESS THE IMPACT OF TIMERS ON USER SUSCEPTIBILITY TO PHISHING ATTACKSAmy E. Antonucci0Yair Levy1Laurie P. Dringus2Martha SnyderWestern Governors UniversityNova Southeastern University, USANova Southeastern University -- College of Engineering and ComputingSocial engineering costs organizations billions of dollars. It exploits the weakest link of information systems security, the users. It is well-documented in literature that users continue to click on phishing emails costing them and their employers significant monetary resources and data loss. Training does not appear to mitigate the effects of phishing much; other solutions are warranted. Kahneman introduced the concepts of System-One and System-Two thinking. System-One is a quick, instinctual decision-making process, while System-Two is a process by which humans use a slow, logical, and is easily disrupted. The key aim of our experimental field study was to investigate if requiring the user to pause by presenting a countdown or count-up timer when a possible phishing email is opened will influence the user to enter System-Two thinking. In this study, we designed, developed, and empirically tested a Pause-and-Think (PAT) mobile app that presented a user with a warning dialog and a countdown or count-up timer. Our goal was to determine whether requiring users to wait with a colored warning and a timer has any effect on phishing attempts. The study was completed in three phases with 42 subject matter experts and 107 participants. The results indicated that a countdown timer set at 3-seconds accompanied by red warning text was most effective on the user’s ability to avoid clicking on a malicious link or attachment. Recommendations for future research include enhancements to the PAT mobile app and investigating what effect the time of day has on susceptibility to phishing.https://digitalcommons.kennesaw.edu/jcerp/vol2021/iss2/6/ |
| spellingShingle | Amy E. Antonucci Yair Levy Laurie P. Dringus Martha Snyder EXPERIMENTAL STUDY TO ASSESS THE IMPACT OF TIMERS ON USER SUSCEPTIBILITY TO PHISHING ATTACKS Journal of Cybersecurity Education, Research & Practice |
| title | EXPERIMENTAL STUDY TO ASSESS THE IMPACT OF TIMERS ON USER SUSCEPTIBILITY TO PHISHING ATTACKS |
| title_full | EXPERIMENTAL STUDY TO ASSESS THE IMPACT OF TIMERS ON USER SUSCEPTIBILITY TO PHISHING ATTACKS |
| title_fullStr | EXPERIMENTAL STUDY TO ASSESS THE IMPACT OF TIMERS ON USER SUSCEPTIBILITY TO PHISHING ATTACKS |
| title_full_unstemmed | EXPERIMENTAL STUDY TO ASSESS THE IMPACT OF TIMERS ON USER SUSCEPTIBILITY TO PHISHING ATTACKS |
| title_short | EXPERIMENTAL STUDY TO ASSESS THE IMPACT OF TIMERS ON USER SUSCEPTIBILITY TO PHISHING ATTACKS |
| title_sort | experimental study to assess the impact of timers on user susceptibility to phishing attacks |
| url | https://digitalcommons.kennesaw.edu/jcerp/vol2021/iss2/6/ |
| work_keys_str_mv | AT amyeantonucci experimentalstudytoassesstheimpactoftimersonusersusceptibilitytophishingattacks AT yairlevy experimentalstudytoassesstheimpactoftimersonusersusceptibilitytophishingattacks AT lauriepdringus experimentalstudytoassesstheimpactoftimersonusersusceptibilitytophishingattacks AT marthasnyder experimentalstudytoassesstheimpactoftimersonusersusceptibilitytophishingattacks |