Vortragende(r): Prof. Angela Sasse
(University College London)
Despite significant efforts by the security community, phishing is still a major problem in the online world. Several anti-phishing tools have been developed, but many users still don't pay attention to the warnings.
In this talk, I will briefly present results from an evaluation of an active anti-phishing signaling tool under conditions similar to those users face “in the wild”: time pressure and financial temptation.
Our results show a significant difference in the number of participants willing to take a risk when it was clearly flagged. But analysis of the qualitative data from post-session interviews shows that our participants took other signals into account: experience-based (previous experience with a website or a brand), familiarity-based (trust seals, known brand names or advertisements and social networking references) and content-based (information provided, website layout and company information). I will argue that we need to re-think our approach to trust and trust signalling in online interactions, and what changes are required.