Interface Design Elements for Anti-phishing Systems

  • Yan Chen
  • Fatemeh (Mariam) Zahedi
  • Ahmed Abbasi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6629)

Abstract

Anti-phishing systems are developed to prevent users from interacting with fraudulent websites. However these tools are ineffective since users often disregard their warnings. We present a design science-based assessment of interface design elements for such systems. An extensive taxonomy of important design elements is constructed. A survey is used to evaluate the perceived saliency of various elements encompassed in the taxonomy. The results suggest preferred design elements are in line with efficient information processing of human vision, and indicate that existing tools often fail to consider users’ preferences regarding warning design alternatives. The results of users’ preference also show the presence of a subset of design elements that could potentially be customized for the population of our sample and others that could be personalized. These findings are being applied in an NSF-supported project, in which we evaluate the impact of customized and personalized warnings on user performance.

Keywords

Anti-Phishing Systems Interface Design Warnings Taxonomy 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Abbasi, A., Chen, H.: A Comparison of Tools for Detecting Fake Websites. IEEE Computer 42(10), 78–86 (2009)CrossRefGoogle Scholar
  2. 2.
    Abbasi, A., Zhang, Z., Zimbra, D., Chen, H., Nunamaker Jr., J.F.: Detecting Fake Websites: The Contribution of Statistical Learning Theory. MIS Quarterly 34(3), 435–461 (2010)Google Scholar
  3. 3.
    Amer, T.S., Maris, J.B.: Signal Words and Signal Icons in Application Control and Information Technology Exception Messages—Hazard Matching and Habituation Effects. Journal of Information Systems 21(2), 1–26 (2007)CrossRefGoogle Scholar
  4. 4.
    Cranor, L.F.: A framework for Reasoning about the Human in the Loop. In: Proc. of 1st Con. on Usability, Psychology, and Security, pp. 1–15. USENIX Association, Berkeley (2008)Google Scholar
  5. 5.
    Csikszentmihalyi, M.: Finding Flow: The Psychology of Engagement in Everyday Life. Basic Book, New York (1997)Google Scholar
  6. 6.
    Desaulniers, D.R.: Layout, Organization, and the Effectiveness of Consumer Product Warnings. In: Proc. Human Factors Society 31st Annual Meeting, Santa Monica, CA, pp. 50–60 (1987)Google Scholar
  7. 7.
    Dhamija, R., Tygar, J.D., Hearst, M.: Why Phishing Works. In: Proceedings of the ACM Conference on Computer Human Interaction, Montreal, Quebec, pp. 581–590 (2006)Google Scholar
  8. 8.
    Edworthy, J.: The Design and Implementation of Non-Verbal Auditory Warnings. Applied Ergonomics 25(4), 202–210 (1994)CrossRefGoogle Scholar
  9. 9.
    Edworthy, J.: Warnings and Hazards: An Integrative Approach to Warnings Research. International Journal of Cognitive Ergonomics 2(1/2), 3–18 (1998)Google Scholar
  10. 10.
    Gyongyi, Z., Garcia-Molina, H.: Spam: It’s not Just for Inboxes Anymore. IEEE Computer 389(10), 28–34 (2005)CrossRefGoogle Scholar
  11. 11.
    Herzberg, A., Jbara, A.: Security and Identification Indicators for Browsers Against Spoofing and Phishing Attacks. ACM Transactions on Internet Technology 8(4), article #16 (2008)Google Scholar
  12. 12.
    Hevner, A.R., March, S.T., Park, J., Ram, S.: Design Science in Information Systems Research. MIS Quarterly 28(1), 75–105 (2004)Google Scholar
  13. 13.
    Iwasaki, M., Inomara, H.: Relation between Superficial Capillaries and Foveal Structures in the Human Retina. Investigative Ophthalmology & Visual Science 27, 1698–1705 (1986)Google Scholar
  14. 14.
    Jacobs, S., Nathans, J.: The Evolution of Primate Color Vision. Scientific America, 32–39 (April 2009)Google Scholar
  15. 15.
    Johnson, J.: Designing with the Mind in Mind. Morgan Kaufmann Publishers, Burlington (2010)Google Scholar
  16. 16.
    Kahl, R. (ed.): Selected Writings of Herman Von Hemlholtz. Wesleyan University Press, Middleton (1971)Google Scholar
  17. 17.
    Li, L., Helenius, M.: Usability Evaluation of Anti-Phishing Toolbars. Journal in Computer Virology 3(2), 163–184 (2007)CrossRefGoogle Scholar
  18. 18.
    March, S.T., Smith, G.: Design and Natural Science Research on Information Technology. Decision Support Systems 15(4), 251–266 (1995)CrossRefGoogle Scholar
  19. 19.
    Markus, M.L., Majchrzak, A., Gasser, L.: A Design Theory for Systems that Support Emergent Knowledge Processes. MIS Quarterly 26(3), 179–212 (2002)Google Scholar
  20. 20.
    McCrickard, D.S., Chewar, C.M., Somervell, J.P., Ndiwalana, A.: A Model for Notification Systems Evaluation—Assessing User Goals for Multitasking Activity. ACM Transactions on CHI 10(4), 312–338 (2003)Google Scholar
  21. 21.
    McFarlane, D.C., Latorella, K.A.: The Scope and Importance of Human Interruption in Human–Computer Interaction Design. Human-Computer Interaction 17(1), 1–61 (2002)CrossRefGoogle Scholar
  22. 22.
    Monaghan, S., Blaszczynski, A.: Electronic Gaming Machine Warning Messages: Information versus Self-Evaluation. The Journal of Psychology 144(1), 83–96 (2010)CrossRefGoogle Scholar
  23. 23.
    Obermayer, R.W., Nugent, W.A.: Human-Computer Interaction for Alert Warning and Attention Allocation Systems of the Multi-Modal Watchstation. In: Proceedings of the International Society for Optical Engineering (SPIE), Bellingham, WA, pp. 14–22 (2000)Google Scholar
  24. 24.
    Osterberg, G.: Topography of the Layer of Rods and Cones in the Human Retina. Acta Ophthalmoogica Supplement 13(6), 1–102 (1935)Google Scholar
  25. 25.
    Patterson, R.D., Mayfield, T.F.: Auditory Warning Sounds in the Work Environment [and Discussion]. Philosophical Transactions of the Royal Society of London. Series B, Biological Sciences 327(1241), 485–492 (1990)CrossRefGoogle Scholar
  26. 26.
    Rogers, W.A., Lamson, N., Rousseau, G.K.: Warning Research: An Integrative Perspective. Human Factors: J. Human Factors and Ergonomics Society 42(1), 102–139 (2000)CrossRefGoogle Scholar
  27. 27.
    Roorda, A., Williams, D.R.: The Arrangement of the three Cone Classes in the Living Human Eye. Nature 397, 520–522 (1999)CrossRefGoogle Scholar
  28. 28.
    Silver, N.C., Leonard, D.C., Ponsi, K.A., Wogalter, M.S.: Warnings and Purchase Intention for Pre-Control Products. Forensic Reports 4, 17–33 (1991)Google Scholar
  29. 29.
    Smith, S.M., Fabrigar, L.R., Powell, D.M., Estrada, M.-J.: The Role of Information-Processing Capacity and Goals in Attitude-Congruent Selective Exposure Effects. Pers. Soc. Psychol. Bull. 33(7), 948–960 (2007)CrossRefGoogle Scholar
  30. 30.
    Song, J., Zahedi, F.M.: A Theoretical Approach to Web Design in E-Commerce: A Belief Reinforcement Model. Management Science 51(8), 1219–1235 (2005)CrossRefGoogle Scholar
  31. 31.
    Tam, K.Y., Ho, S.Y.: Understanding the Impact of Web Personalization on User Information Processing and Decision Outcomes. MIS Quarterly 30(4), 865–890 (2006)Google Scholar
  32. 32.
    Walls, J.G., Widmeyer, G.R., El Sawy, O.A.: Building an Information System Design Theory for Vigilant EIS. Information Systems Research 3(1), 36–59 (1992)CrossRefGoogle Scholar
  33. 33.
    Wandell, B.A.: Foundations of Vision. Sinauer Associates, Sunderland (1995)Google Scholar
  34. 34.
    Wang, Z., Lu, L., Bovik, A.C.: Foveation Scalable Video Coding with Automatic Fixation Selection. IEEE Transactions on Image Processing 12(2), 243–254 (2003)CrossRefGoogle Scholar
  35. 35.
    Wogalter, M.S. (ed.): Handbook of Warnings. Lawrence Erlbaum Associates, Mahwah (2006)Google Scholar
  36. 36.
    Wogalter, M.S., Conzola, V.C., Smith-Jackson, T.L.: Research-Based Guidelines for Warning Design and Evaluation. Applied Ergonomics 33(3), 219–230 (2002)CrossRefGoogle Scholar
  37. 37.
    Wyszecki, G., Stiles, W.S.: Color Science: Concepts and Methods, Quantitative Data and Formulae, New York, NY. Wiley Series in Pure and Applied Optics (1982)Google Scholar
  38. 38.
    Wu, M., Miller, R.C., Garfunkel, S.L.: Do Security Toolbars Actually Prevent Phishing Attacks? In: Proceedings of the Conference on Human Factors in Computing Systems, Montreal, Canada, pp. 601–610 (2006)Google Scholar
  39. 39.
    Zahedi, F.M., Bansal, G.: Cultural Signifiers of Web Images. Journal of Management Information Systems (2011) (forthcoming)Google Scholar
  40. 40.
    Zhang, Y., Egelman, S., Cranor, L., Hong, J.: Phinding Phish: Evaluating Anti-phishing Tools. In: Proc. 14th Network and Distributed System Security Symposium, San Diego, CA (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Yan Chen
    • 1
  • Fatemeh (Mariam) Zahedi
    • 1
  • Ahmed Abbasi
    • 1
  1. 1.Sheldon B Lubar School of BusinessUniversity of Wisconsin–MilwaukeeMilwaukeeUSA

Personalised recommendations