How Non-Experts Try to Detect Phishing Scam Emails"
by: Norbert Nthala and Rick Wash
Abstract
Email remains one of the most widely used methods of communication globally. However, successful phishing email attacks and subsequent costs remain unreasonably high despite technical advances in defenses that limit phishing scams. In this paper, we examine human detection of phishing. We found that non-experts go through four different sensemaking processes to determine if an email is a phishing message; they use different knowledge and skills to become suspicious differently in each process. Additionally, non-experts rely on their social connections as an investigative tool to determine if an email is a phishing scam. We discuss the impact of our findings on phishing training and technology.
Reference
Norbert Nthala and Rick Wash. “How Non-Experts Try to Detect Phishing Scam Emails”.” Paper in Workshop on Technology and Consumer Protection.May 2021.