User experiences of TORPEDO: TOoltip-poweRed Phishing Email DetectiOn

Melanie Volkamer; Karen Renaud; Benjamin Reinheimer; Alexandra Kunz

doi:10.1016/j.cose.2017.02.004

User experiences of TORPEDO: TOoltip-poweRed Phishing Email DetectiOn

Melanie Volkamer, Karen Renaud, Benjamin Reinheimer, Alexandra Kunz

Computer And Information Sciences

Research output: Contribution to journal › Article › peer-review

78 Citations (Scopus)

122 Downloads (Pure)

Abstract

We propose a concept called TORPEDO to improve phish detection by providing just-in-time and just-in-place trustworthy tooltips. These help people to identify phish links embedded in emails. TORPEDO's tooltips contain the actual URL with the domain highlighted. Link activation is delayed for a short period, giving the person time to inspect the URL before they click on a link. Furthermore, TORPEDO provides an information diagram to explain phish detection. We evaluated TORPEDO's effectiveness, as compared to the worst case “status bar” as provided by other Web email interfaces. People using TORPEDO performed significantly better in detecting phishes and identifying legitimate emails (85.17% versus 43.31% correct answers for phish). We then carried out a field study with a number of TORPEDO users to explore actual user experiences of TORPEDO. We conclude the paper by reporting on the outcome of this field study and suggest improvements based on the feedback from the field study participants.

Original language	English
Pages (from-to)	100-113
Number of pages	14
Journal	Computers and Security
Volume	71
Early online date	10 Feb 2017
DOIs	https://doi.org/10.1016/j.cose.2017.02.004
Publication status	Published - 1 Nov 2017

Keywords

phishing detection
email
thunderbird
usable security
tooltips
user studies
TORPEDO

Access to Document

10.1016/j.cose.2017.02.004

Volkamer-etal-CS-2017-User-experiences-of-TORPEDOAccepted author manuscript, 1.8 MBLicence: CC BY-NC-ND 4.0

http://eprints.gla.ac.uk/137562/

Cite this

@article{b7b01da4851b48eabed69c6171d373be,

title = "User experiences of TORPEDO: TOoltip-poweRed Phishing Email DetectiOn",

abstract = "We propose a concept called TORPEDO to improve phish detection by providing just-in-time and just-in-place trustworthy tooltips. These help people to identify phish links embedded in emails. TORPEDO's tooltips contain the actual URL with the domain highlighted. Link activation is delayed for a short period, giving the person time to inspect the URL before they click on a link. Furthermore, TORPEDO provides an information diagram to explain phish detection. We evaluated TORPEDO's effectiveness, as compared to the worst case “status bar” as provided by other Web email interfaces. People using TORPEDO performed significantly better in detecting phishes and identifying legitimate emails (85.17% versus 43.31% correct answers for phish). We then carried out a field study with a number of TORPEDO users to explore actual user experiences of TORPEDO. We conclude the paper by reporting on the outcome of this field study and suggest improvements based on the feedback from the field study participants.",

keywords = "phishing detection, email, thunderbird, usable security, tooltips, user studies, TORPEDO",

author = "Melanie Volkamer and Karen Renaud and Benjamin Reinheimer and Alexandra Kunz",

year = "2017",

month = nov,

day = "1",

doi = "10.1016/j.cose.2017.02.004",

language = "English",

volume = "71",

pages = "100--113",

}

TY - JOUR

T1 - User experiences of TORPEDO

T2 - TOoltip-poweRed Phishing Email DetectiOn

AU - Volkamer, Melanie

AU - Renaud, Karen

AU - Reinheimer, Benjamin

AU - Kunz, Alexandra

PY - 2017/11/1

Y1 - 2017/11/1

N2 - We propose a concept called TORPEDO to improve phish detection by providing just-in-time and just-in-place trustworthy tooltips. These help people to identify phish links embedded in emails. TORPEDO's tooltips contain the actual URL with the domain highlighted. Link activation is delayed for a short period, giving the person time to inspect the URL before they click on a link. Furthermore, TORPEDO provides an information diagram to explain phish detection. We evaluated TORPEDO's effectiveness, as compared to the worst case “status bar” as provided by other Web email interfaces. People using TORPEDO performed significantly better in detecting phishes and identifying legitimate emails (85.17% versus 43.31% correct answers for phish). We then carried out a field study with a number of TORPEDO users to explore actual user experiences of TORPEDO. We conclude the paper by reporting on the outcome of this field study and suggest improvements based on the feedback from the field study participants.

AB - We propose a concept called TORPEDO to improve phish detection by providing just-in-time and just-in-place trustworthy tooltips. These help people to identify phish links embedded in emails. TORPEDO's tooltips contain the actual URL with the domain highlighted. Link activation is delayed for a short period, giving the person time to inspect the URL before they click on a link. Furthermore, TORPEDO provides an information diagram to explain phish detection. We evaluated TORPEDO's effectiveness, as compared to the worst case “status bar” as provided by other Web email interfaces. People using TORPEDO performed significantly better in detecting phishes and identifying legitimate emails (85.17% versus 43.31% correct answers for phish). We then carried out a field study with a number of TORPEDO users to explore actual user experiences of TORPEDO. We conclude the paper by reporting on the outcome of this field study and suggest improvements based on the feedback from the field study participants.

KW - phishing detection

KW - email

KW - thunderbird

KW - usable security

KW - tooltips

KW - user studies

KW - TORPEDO

U2 - 10.1016/j.cose.2017.02.004

DO - 10.1016/j.cose.2017.02.004

M3 - Article

SN - 0167-4048

VL - 71

SP - 100

EP - 113

JO - Computers and Security

JF - Computers and Security

ER -

User experiences of TORPEDO: TOoltip-poweRed Phishing Email DetectiOn

Abstract

Keywords

Access to Document

Fingerprint

Cite this