Explanations in Warning Dialogs to Help Users Defend Against Phishing Attacks

31 Pages Posted: 4 Jun 2022

See all articles by Giuseppe Desolda

Giuseppe Desolda

University of Bari

Joseph Aneke

University of Bari

Carmelo Ardito

affiliation not provided to SSRN

Rosa Lanzilotti

University of Bari

Maria Francesca Costabile

University of Bari

Abstract

Phishing, the deceptive act of stealing personal and sensitive information by sending messages that seem to come from trusted entities, is one of the most widespread and effective cyberattacks. Automated defensive techniques against these attacks have been widely investigated. These solutions often exploit AI-based systems that, when a suspect website is detected, show a dialog that warns users about the potential risk. Despite significant advances in creating warning dialogs for phishing, this type of attack is still very effective. To overcome the limitations of existing warning dialogs and better defend users from phishing attacks, this article presents a novel technique to create warning dialogs that not only warn users about a possible attack, as in traditional solutions, but also explains why a website is suspicious. An experimental study is reported that consisted of a remote survey and analyzed data from 150 participants. The goal was to evaluate the proposed warning dialogs with explanations and to compare them with dialogs presented by Chrome, Firefox, and Edge. The study revealed interesting results: most explanations were understandable and familiar to users and were capable of diverting them from visiting malicious sites. However, more attention should be devoted to aspects such as user interest and trust in warning dialogs with and without explanations. Lessons learned are provided that might drive the design of more powerful warning dialogs.

Keywords: Usable security, phishing, Warning dialogs

Suggested Citation

Desolda, Giuseppe and Aneke, Joseph and Ardito, Carmelo and Lanzilotti, Rosa and Costabile, Maria Francesca, Explanations in Warning Dialogs to Help Users Defend Against Phishing Attacks. Available at SSRN: https://ssrn.com/abstract=4127608 or http://dx.doi.org/10.2139/ssrn.4127608

Giuseppe Desolda (Contact Author)

University of Bari ( email )

Italy

Joseph Aneke

University of Bari ( email )

Italy

Carmelo Ardito

affiliation not provided to SSRN ( email )

No Address Available

Rosa Lanzilotti

University of Bari ( email )

Italy

Maria Francesca Costabile

University of Bari ( email )

Italy

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
57
Abstract Views
192
Rank
821,353
PlumX Metrics