Can a conventional email phishing nudge help fight SMiShing attacks?

IF 3.1 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Standards & Interfaces Pub Date : 2025-06-03 DOI:10.1016/j.csi.2025.104031

Morgan E. Edwards , Jing Chen , Jeremiah D. Still

{"title":"Can a conventional email phishing nudge help fight SMiShing attacks?","authors":"Morgan E. Edwards , Jing Chen , Jeremiah D. Still","doi":"10.1016/j.csi.2025.104031","DOIUrl":null,"url":null,"abstract":"<div><div>Phishing attacks, a common cybersecurity threat, aim to deceive end-users into revealing sensitive information. While Human Factors researchers have extensively examined phishing in the email vector, the emergence of phishing in the SMS vector, known as SMiShing, has presented a new challenge. This study breaks new ground by investigating whether a conventional behavioral nudge intervention designed to combat email phishing can be effectively applied to SMiShing. A reflective nudge was implemented, providing participants with a message to encourage appropriate behavior. They were then tasked to sort email and text messages based on legitimacy. We manipulated the presence of nudge (present or absent) and the platform (email or text). Participants’ performance was measured using Signal Detection Theory, and they were asked to provide confidence ratings for each legitimacy decision. Our key findings revealed that the conventional nudge improved performance for email decisions, although it decreased user confidence. For text messages, the nudge hindered participants’ discrimination ability and did not significantly influence response bias performance or confidence ratings. Unfortunately, the effectiveness of the nudge did not simply transfer to text messages. We reflect on how to redesign the conventional nudge to increase its effectiveness against SMiShing.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"95 ","pages":"Article 104031"},"PeriodicalIF":3.1000,"publicationDate":"2025-06-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Standards & Interfaces","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0920548925000601","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Phishing attacks, a common cybersecurity threat, aim to deceive end-users into revealing sensitive information. While Human Factors researchers have extensively examined phishing in the email vector, the emergence of phishing in the SMS vector, known as SMiShing, has presented a new challenge. This study breaks new ground by investigating whether a conventional behavioral nudge intervention designed to combat email phishing can be effectively applied to SMiShing. A reflective nudge was implemented, providing participants with a message to encourage appropriate behavior. They were then tasked to sort email and text messages based on legitimacy. We manipulated the presence of nudge (present or absent) and the platform (email or text). Participants’ performance was measured using Signal Detection Theory, and they were asked to provide confidence ratings for each legitimacy decision. Our key findings revealed that the conventional nudge improved performance for email decisions, although it decreased user confidence. For text messages, the nudge hindered participants’ discrimination ability and did not significantly influence response bias performance or confidence ratings. Unfortunately, the effectiveness of the nudge did not simply transfer to text messages. We reflect on how to redesign the conventional nudge to increase its effectiveness against SMiShing.

查看原文本刊更多论文

传统的电子邮件网络钓鱼能帮助打击钓鱼攻击吗？

网络钓鱼攻击是一种常见的网络安全威胁，其目的是欺骗最终用户泄露敏感信息。虽然人为因素研究人员已经广泛研究了电子邮件向量中的网络钓鱼，但短信向量中的网络钓鱼（称为SMiShing）的出现提出了新的挑战。这项研究开辟了新的领域，调查了传统的行为助推干预是否可以有效地用于打击电子邮件网络钓鱼。实施了反思性的推动，为参与者提供了鼓励适当行为的信息。然后，他们被要求根据合法性对电子邮件和短信进行分类。我们操纵了微推的存在（在场或不在场）和平台（电子邮件或文本）。参与者的表现是用信号检测理论来衡量的，他们被要求为每个合法性决定提供信心评级。我们的主要发现表明，传统的轻推提高了电子邮件决策的性能，尽管它降低了用户的信心。对于短信，轻推阻碍了参与者的辨别能力，并没有显著影响反应偏差表现或信心评级。不幸的是，轻推的效果并不仅仅体现在短信上。我们反思如何重新设计传统的轻推，以提高其对SMiShing的有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Standards & Interfaces 工程技术-计算机：软件工程

CiteScore

11.90

自引率

16.00%

发文量

审稿时长

6 months

期刊介绍： The quality of software, well-defined interfaces (hardware and software), the process of digitalisation, and accepted standards in these fields are essential for building and exploiting complex computing, communication, multimedia and measuring systems. Standards can simplify the design and construction of individual hardware and software components and help to ensure satisfactory interworking. Computer Standards & Interfaces is an international journal dealing specifically with these topics. The journal • Provides information about activities and progress on the definition of computer standards, software quality, interfaces and methods, at national, European and international levels • Publishes critical comments on standards and standards activities • Disseminates user''s experiences and case studies in the application and exploitation of established or emerging standards, interfaces and methods • Offers a forum for discussion on actual projects, standards, interfaces and methods by recognised experts • Stimulates relevant research by providing a specialised refereed medium.