Oliver D. Reithmaier (Leibniz University Hannover), Thorsten Thiel (Atmina Solutions), Anne Vonderheide (Leibniz University Hannover), Markus Dürmuth (Leibniz University Hannover)

Email phishing to date still is the most common attack on IT systems. While early research has focused on collective and large-scale phishing campaign studies to enquire why people fall for phishing, such studies are limited in their inference regarding individual or contextual influence of user phishing detection. Researchers tried to address this limitation using scenario-based or role-play experiments to uncover individual factors influencing user phishing detection. Studies using these methods unfortunately are also limited in their ability to generate inference due to their lack of ecological validity and experimental setups. We tackle this problem by introducing PhishyMailbox, a free and open-source research software designed to deploy mail sorting tasks in a simulated email environment. By detailing the features of our app for researchers and discussing its security and ethical implications, we demonstrate the advantages it provides over previously used paradigms for scenario-based research, especially regarding ecological validity as well as generalizability through larger possible sample sizes.We report excellent usability statistics from a preliminary sample of usable security scientists and discuss ethical implications of the app. Finally, we discuss future implementation opportunities of PhishyMailbox in research designs leveraging signal detection theory, item response theory and eye tracking applications.

View More Papers

RContainer: A Secure Container Architecture through Extending ARM CCA...

Qihang Zhou (Institute of Information Engineering, Chinese Academy of Sciences), Wenzhuo Cao (Institute of Information Engineering, Chinese Academy of Sciences; School of Cyberspace Security, University of Chinese Academy of Sciences), Xiaoqi Jia (Institute of Information Engineering, Chinese Academy of Sciences), Peng Liu (The Pennsylvania State University, USA), Shengzhi Zhang (Department of Computer Science, Metropolitan College,…

Read More

Towards Better CFG Layouts

Jack Royer (CentraleSupélec), Frédéric TRONEL (CentraleSupélec, Inria, CNRS, University of Rennes), Yaëlle Vinçont (Univ Rennes, Inria, CNRS, IRISA)

Read More

Wallbleed: A Memory Disclosure Vulnerability in the Great Firewall...

Shencha Fan (GFW Report), Jackson Sippe (University of Colorado Boulder), Sakamoto San (Shinonome Lab), Jade Sheffey (UMass Amherst), David Fifield (None), Amir Houmansadr (UMass Amherst), Elson Wedwards (None), Eric Wustrow (University of Colorado Boulder)

Read More

Exploring Phishing Threats through QR Codes in Naturalistic Settings

Filipo Sharevski (DePaul University), Mattia Mossano, Maxime Fabian Veit, Gunther Schiefer, Melanie Volkamer (Karlsruhe Institute of Technology)

Read More