Pause for a cyber security cause: Assessing the influence of a waiting period on user habituation in mitigation of phishing attacks

This study designed, developed, and empirically tested a Pause and Think (PAT) mobile app that presented a user with a warning dialog and either a countdown or count-up timer whenever an email with a link was opened. The user was not able to interact with the email until the timer expired. The main goal of this research study was to determine whether requiring e-mail users to pause and wait for a colored warning with a timer when they are presented with a potentially malicious link has any effect on the percentage of falling to phishing attempts. The experimental field study was completed in three phases in which 42 subject matter experts and 107 participants took part. The results indicated that a countdown timer set at three seconds accompanied by red warning text was most effective (p<0.001) on the user’s ability to avoid clicking on a malicious link or attachment. Recommendations for future research include enhancements to the PAT mobile app and investigating what effect the time of day has on susceptibility to phishing