Skip to main content

The Importance of Being Earnest [In Security Warnings]

  • Conference paper
Financial Cryptography and Data Security (FC 2013)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7859))

Included in the following conference series:


In response to the threat of phishing, web browsers display warnings when users arrive at suspected phishing websites. Previous research has offered guidance to improve these warnings. We performed a laboratory study to investigate how the choice of background color in the warning and the text describing the recommended course of action impact a user’s decision to comply with the warning. We did not reveal to participants that the subject of the study was the warning, and then we observed as they responded to a simulated phishing attack. We found that both the text and background color had a significant effect on the amount of time participants spent viewing a warning, however, we observed no significant differences with regard to their decisions to ultimately obey that warning. Despite this null result, our exit survey data suggest that misunderstandings about the threat model led participants to believe that the warnings did not apply to them. Acting out of bounded rationality, participants made conscientious decisions to ignore the warnings. We conclude that when warnings do not correctly align users’ risk perceptions, users may unwittingly take avoidable risks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. Egelman, S., Cranor, L.F., Hong, J.: You’ve been warned: An empirical study of the effectiveness of web browser phishing warnings. In: CHI 2008: Proceeding of the 26th SIGCHI Conference on Human Factors in Computing Systems, pp. 1065–1074. ACM, New York (2008)

    Google Scholar 

  2. Herley, C.: So long, and no thanks for the externalities: the rational rejection of security advice by users. In: New Security Paradigms Workshop, pp. 133–144 (2009)

    Google Scholar 

  3. Lawrence, E.: IE8 Security Part III: SmartScreen Filter (July 2008),

  4. Sunshine, J., Egelman, S., Almuhimedi, H., Atri, N., Cranor, L.F.: Crying wolf: an empirical study of ssl warning effectiveness. In: Proceedings of the 18th USENIX Security Symposium, SSYM 2009, pp. 399–416. USENIX Association, Berkeley (2009)

    Google Scholar 

  5. Terdiman, D.: Microsoft aiming to clean up hotmail user’s inboxes. CNET News (October 3, 2011),

  6. Wash, R.: Folk models of home computer security. In: Proceedings of the Sixth Symposium on Usable Privacy and Security, SOUPS 2010. ACM, New York (2010)

    Google Scholar 

  7. Wogalter, M.S.: Communication-Human Information Processing (C-HIP) Model. In: Wogalter, M.S. (ed.) Handbook of Warnings, pp. 51–61. Lawrence Erlbaum Associates (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations


Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Egelman, S., Schechter, S. (2013). The Importance of Being Earnest [In Security Warnings]. In: Sadeghi, AR. (eds) Financial Cryptography and Data Security. FC 2013. Lecture Notes in Computer Science, vol 7859. Springer, Berlin, Heidelberg.

Download citation

  • DOI:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-39883-4

  • Online ISBN: 978-3-642-39884-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics