Explanations in Warning Dialogs to Help Users Defend Against Phishing Attacks
31 Pages Posted: 4 Jun 2022
Abstract
Phishing, the deceptive act of stealing personal and sensitive information by sending messages that seem to come from trusted entities, is one of the most widespread and effective cyberattacks. Automated defensive techniques against these attacks have been widely investigated. These solutions often exploit AI-based systems that, when a suspect website is detected, show a dialog that warns users about the potential risk. Despite significant advances in creating warning dialogs for phishing, this type of attack is still very effective. To overcome the limitations of existing warning dialogs and better defend users from phishing attacks, this article presents a novel technique to create warning dialogs that not only warn users about a possible attack, as in traditional solutions, but also explains why a website is suspicious. An experimental study is reported that consisted of a remote survey and analyzed data from 150 participants. The goal was to evaluate the proposed warning dialogs with explanations and to compare them with dialogs presented by Chrome, Firefox, and Edge. The study revealed interesting results: most explanations were understandable and familiar to users and were capable of diverting them from visiting malicious sites. However, more attention should be devoted to aspects such as user interest and trust in warning dialogs with and without explanations. Lessons learned are provided that might drive the design of more powerful warning dialogs.
Keywords: Usable security, phishing, Warning dialogs
Suggested Citation: Suggested Citation