International Conference on Financial Cryptography and Data Security

FC 2011: Financial Cryptography and Data Security pp 16-30

It’s All about the Benjamins: An Empirical Study on Incentivizing Users to Ignore Security Advice

  • Nicolas Christin
  • Serge Egelman
  • Timothy Vidas
  • Jens Grossklags
Conference paper

DOI: 10.1007/978-3-642-27576-0_2

Volume 7035 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Christin N., Egelman S., Vidas T., Grossklags J. (2012) It’s All about the Benjamins: An Empirical Study on Incentivizing Users to Ignore Security Advice. In: Danezis G. (eds) Financial Cryptography and Data Security. FC 2011. Lecture Notes in Computer Science, vol 7035. Springer, Berlin, Heidelberg

Abstract

We examine the cost for an attacker to pay users to execute arbitrary code—potentially malware. We asked users at home to download and run an executable we wrote without being told what it did and without any way of knowing it was harmless. Each week, we increased the payment amount. Our goal was to examine whether users would ignore common security advice—not to run untrusted executables—if there was a direct incentive, and how much this incentive would need to be. We observed that for payments as low as $0.01, 22% of the people who viewed the task ultimately ran our executable. Once increased to $1.00, this proportion increased to 43%. We show that as the price increased, more and more users who understood the risks ultimately ran the code. We conclude that users are generally unopposed to running programs of unknown provenance, so long as their incentives exceed their inconvenience.

Keywords

Behavioral Economics Online Crime Human Experiments 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Nicolas Christin
    • 1
  • Serge Egelman
    • 2
  • Timothy Vidas
    • 3
  • Jens Grossklags
    • 4
  1. 1.INI/CyLabCarnegie Mellon UniversityUSA
  2. 2.National Institute of Standards and TechnologyUSA
  3. 3.ECE/CyLabCarnegie Mellon UniversityUSA
  4. 4.ISTPennsylvania State UniversityUSA