Participants in online social networking sites (OSNs) such as MySpace and Facebook (among hundreds of others) revel in the freedom and communion facilitated by the burgeoning social Internet. They often express offense or a feeling of intrusion when their online...
Research Library
The world’s first globally accessible archive of research into the human aspect of cyber security and behavioral science as applied to cyber security awareness and online behavioral change.
Making security usable: Are things improving?
Given the increased focus on the need for usable security, it is now to be hoped that the issue will receive greater attention in new software releases. Unfortunately, however, there is still evidence to suggest that usable security receives insufficient consideration...
Security when people matter: Structuring incentives for user behavior
Humans are "smart components" in a system, but cannot be directly programmed to perform; rather, their autonomy must be respected as a design constraint and incentives provided to induce desired behavior. Sometimes these incentives are properly aligned, and the humans...
Anti-phishing Phil: The design and evaluation of a game that teaches people not to fall for phish
In this paper we describe the design and evaluation of Anti-Phishing Phil, an online game that teaches users good habits to help them avoid phishing attacks. We used learning science principles to design and iteratively refine the game. We evaluated the game through a...
The human factor in phishing
We discuss the importance of understanding psychological aspects of phishing, and review some recent findings. Given these findings, we critique some commonly used security practices and suggest and review alternatives, including educational approaches. We suggest a...
Social phishing
This study aimed to reveal a baseline level of phishing success, finding a success rate of 16% when phishing emails were sent from unknown senders, rising to a full 72% when phishing emails appeared to be from known senders.
Assessing the security perceptions of personal internet users
Personal Internet users are increasingly finding themselves exposed to security threats during their use of home PC systems. However, concern can be raised about users’ awareness of these problems, and the extent to which they are consequently protected and equipped...
Phishing: Can we spot the signs?
Dr Steven Furnell at Plymouth University has conducted research, which looks at why some computer users still can't tell the difference between an official email and a phishing scam. Steven Furnell looks at the increasing sophistication of phishing emails and examines...
Fear appeal messages affect accessibility of attitudes toward the threat and adaptive behaviorss
Fear appeals have long been used in persuasive messages to motivate people to perform adaptive behaviors. This research explored the influence of a fear appeal message concerning breast cancer on attitude accessibility. Messages advocating the efficacy of breast...
A video game for cyber security training and awareness
Although many of the concepts included in cyber security awareness training are universal, such training often must be tailored to address the policies and requirements of a particular organization. In addition, many forms of training fail because they are rote and do...