Contact Info

Rick Wash
rwash@wisc.edu

Cell: (734) 730-1188

How Non-Experts Try to Detect Phishing Scam Emails"

by: Norbert Nthala and Rick Wash

Abstract

Email remains one of the most widely used methods of communication globally. However, successful phishing email attacks and subsequent costs remain unreasonably high despite technical advances in defenses that limit phishing scams. In this paper, we examine human detection of phishing. We found that non-experts go through four different sensemaking processes to determine if an email is a phishing message; they use different knowledge and skills to become suspicious differently in each process. Additionally, non-experts rely on their social connections as an investigative tool to determine if an email is a phishing scam. We discuss the impact of our findings on phishing training and technology.

Reference

Norbert Nthala and Rick Wash. “How Non-Experts Try to Detect Phishing Scam Emails”.” Paper in Workshop on Technology and Consumer Protection.May 2021.

Download: PDF