Literature Review: Misconceptions About Phishing
Mossano, Mattia
1; Volkamer, Melanie 1
1 Institut für Angewandte Informatik und Formale Beschreibungsverfahren (AIFB), Karlsruher Institut für Technologie (KIT)
1; Volkamer, Melanie 11 Institut für Angewandte Informatik und Formale Beschreibungsverfahren (AIFB), Karlsruher Institut für Technologie (KIT)
Abstract:
Phishing is a danger to both private users and businesses.
Industry and academia have proposed several approaches to deal with this threat, many of which developed with a supposedly human-centric design.
Yet, to our knowledge, there is no research focused on the misconceptions that users might have on phishing.
This glaring gap is a problem, as previous research has shown that not engaging with the mental model of users can lead to lack of effectiveness of an approach in the real world.
To address this gap, we conducted a systematic literature review starting from papers published at CHI in the last ten years, and expanding to other venues through a backward and a forward search based on the initial relevant CHI papers.
We identified 15 misconceptions about phishing in 21 papers that researchers should address in their solutions to enhance the effectiveness of their approaches.
Industry and academia have proposed several approaches to deal with this threat, many of which developed with a supposedly human-centric design.
Yet, to our knowledge, there is no research focused on the misconceptions that users might have on phishing.
This glaring gap is a problem, as previous research has shown that not engaging with the mental model of users can lead to lack of effectiveness of an approach in the real world.
To address this gap, we conducted a systematic literature review starting from papers published at CHI in the last ten years, and expanding to other venues through a backward and a forward search based on the initial relevant CHI papers.
We identified 15 misconceptions about phishing in 21 papers that researchers should address in their solutions to enhance the effectiveness of their approaches.
| Zugehörige Institution(en) am KIT | Institut für Angewandte Informatik und Formale Beschreibungsverfahren (AIFB) Kompetenzzentrum für angewandte Sicherheitstechnologie (KASTEL) |
| Publikationstyp | Proceedingsbeitrag |
| Publikationsjahr | 2025 |
| Sprache | Englisch |
| Identifikator | ISBN: 978-3-031-72558-6 ISSN: 1868-4238 KITopen-ID: 1000176659 |
| HGF-Programm | 46.23.01 (POF IV, LK 01) Methods for Engineering Secure Systems |
| Erschienen in | Human Aspects of Information Security and Assurance : 18th IFIP WG 11.12 International Symposium, HAISA 2024, Skövde, Sweden, July 9–11, 2024, Proceedings, Part I |
| Verlag | Springer Nature Switzerland |
| Seiten | 215-228 |
| Serie | IFIP Advances in Information and Communication Technology ; 721 |
| Vorab online veröffentlicht am | 28.11.2024 |
| Schlagwörter | phishing misconception, literature review, awareness |
| Nachgewiesen in | Dimensions |