Litcius/Paper detail

Effects of visual risk indicators on phishing detection behavior: An eye-tracking experiment

Dennik Baltuttis, Timm Teubner

2024Computers & Security12 citationsDOIOpen Access PDF

Abstract

Cybersecurity vulnerability ranks among the foremost global business risks. Phishing attempts, in particular through email, persistently challenge organizations despite substantial investments in IT security and awareness training. Recognizing the limitations of unilateral technology- or human-centered approaches, this study explores how visual risk indication can support employees in detecting phishing attempts. To do so, we conducted an eye-tracking lab experiment in which participants rated the trustworthiness of emails with varying levels of credibility. Our analysis focuses on human information processing in identifying phishing attempts, indicating that the availability of a visual risk indicator can significantly influence trust and response behavior, without incapacitating implicit phishing cues (such as conspicuous senders or anonymous recipients). Our findings suggest that organizations should appropriately calibrate visual risk indicators to achieve the intended guiding effects. However, the calibration remains a trade-off and depends on the organization's environment. We discuss implications for integrative cybersecurity approaches to mitigate phishing attempts more effectively.

Topics & Concepts

Computer scienceEye trackingPhishingArtificial intelligenceComputer visionComputer securityThe InternetWorld Wide WebSpam and Phishing DetectionMisinformation and Its ImpactsUser Authentication and Security Systems