KIT | KIT-Bibliothek | Impressum | Datenschutz

"I don’t know why I check this...'' - Investigating Expert Users' Strategies to Detect Email Signature Spoofing Attacks

Mayer, Peter ORCID iD icon 1; Poddebniak, Damian; Fischer, Konstantin; Brinkmann, Marcus; Somorovsky, Juraj; Sasse, Martina Angela; Schinzel, Sebastian; Volkamer, Melanie 1
1 Institut für Angewandte Informatik und Formale Beschreibungsverfahren (AIFB), Karlsruher Institut für Technologie (KIT)


OpenPGP is one of the two major standards for end-to-end email security. Several studies showed that serious usability issues exist with tools implementing this standard. However, a widespread assumption is that expert users can handle these tools and detect signature spoofing attacks. We present a user study investigating expert users' strategies to detect signature spoofing attacks in Thunderbird. We observed 25 expert users while they classified eight emails as either having a legitimate signature or not. Studying expert users explicitly gives us an upper bound of attack detection rates of all users dealing with PGP signatures. 52% of participants fell for at least one out of four signature spoofing attacks. Overall, participants did not have an established strategy for evaluating email signature legitimacy. We observed our participants apply 23 different types of checks when inspecting signed emails, but only 8 of these checks tended to be useful in identifying the spoofed or invalid signatures. In performing their checks, participants were frequently startled, confused, or annoyed with the user interface, which they found supported them little. ... mehr

Zugehörige Institution(en) am KIT Institut für Angewandte Informatik und Formale Beschreibungsverfahren (AIFB)
Kompetenzzentrum für angewandte Sicherheitstechnologie (KASTEL)
Publikationstyp Proceedingsbeitrag
Publikationsmonat/-jahr 08.2022
Sprache Englisch
Identifikator ISBN: 978-1-939133-30-4
KITopen-ID: 1000147799
HGF-Programm 46.23.01 (POF IV, LK 01) Methods for Engineering Secure Systems
Erschienen in Proceedings of the Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022)
Veranstaltung 18th/31st Symposium on Usable Privacy and Security / Co-located with USENIX Security (SOUPS 2022), Online, 07.08.2022 – 09.08.2022
Verlag USENIX Association
Seiten 77-96
Externe Relationen Abstract/Volltext
KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft
KITopen Landing Page