Show simple item record

dc.contributor.authorNdibwile, Jema David
dc.contributor.authorLuhanga, Edith T.
dc.contributor.authorFall, Doudou
dc.contributor.authorMiyamoto, Daisuke
dc.contributor.authorBlanc, Gregory
dc.date.accessioned2020-03-03T11:53:47Z
dc.date.available2020-03-03T11:53:47Z
dc.date.issued2019-09-10
dc.identifier.uri10.1109/ACCESS.2019.2940669
dc.identifier.urihttp://dspace.nm-aist.ac.tz/handle/123456789/591
dc.descriptionThis research article published by IEEE, Volume: 7, 2019en_US
dc.description.abstractPhishing attacks have been persistent for more than two decades despite mitigation efforts from academia and industry. We believe that users fall victim to attacks not only because of lack of knowledge and awareness, but also because they are not attentive enough to security indicators and visual abnormalities on the webpages they visit. This is also probably why smart device users, who have more limited screen size and device capabilities compared to desktop users, are three times more likely to fall victim to phishing attacks. To assert our claim, we first investigated general phishing awareness among different groups of smartphone users. We then used smart eyeglasses (electro-oculographic) to experimentally measure the mental effort and vigilance exhibited by users while surfing a website and while playing an Android phishing game that we developed. The results showed that knowledge and awareness about phishing do not seem to have a significant impact on security behaviours, as knowledgeable participants exhibited insecure behaviours such as opening email attachments from unfamiliar senders. However, attentiveness was important as even participants with low cybersecurity knowledge could effectively identify attacks if they were reasonably attentive. Based on these results, we asserted that users are more likely to continue falling victim to phishing attacks due to insecure behaviours, unless tools to lessen the identification burden are provided. We thus recommended implementing a lightweight algorithm into a custom Android browser for detecting phishing sites deceptively without a user interaction. We used fake login credentials as validation agents and monitor the destination server HTTP responses to determine the authenticity of a webpage. We also presented initial evaluation results of this algorithm.en_US
dc.language.isoenen_US
dc.publisherIEEEen_US
dc.subjectSocial engineeringen_US
dc.subjectSmart glassesen_US
dc.subjectMobile devicesen_US
dc.subjectDeceptive loginen_US
dc.subjectAndroid browseren_US
dc.subjectElectro-oculographicen_US
dc.subjectCybersecurity psychologyen_US
dc.titleAn Empirical Approach to Phishing Countermeasures Through Smart Glasses and Validation Agentsen_US
dc.typeArticleen_US


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record