加强网络钓鱼防御：时间的影响和电子邮件客户端警告的解释

IF 4.1 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Standards & Interfaces Pub Date : 2025-02-06 DOI:10.1016/j.csi.2025.103982

Francesco Greco, Giuseppe Desolda, Paolo Buono, Antonio Piccinno

{"title":"加强网络钓鱼防御：时间的影响和电子邮件客户端警告的解释","authors":"Francesco Greco, Giuseppe Desolda, Paolo Buono, Antonio Piccinno","doi":"10.1016/j.csi.2025.103982","DOIUrl":null,"url":null,"abstract":"<div><div>Phishing attacks continue to represent a significant risk to digital security due to their reliance on exploiting human vulnerabilities before those of computer systems. To try to limit the effectiveness of this threat, this paper explores new strategies to design warnings shown to users in the presence of suspicious phishing emails. A controlled experiment was conducted with 900 participants to investigate the impact of two factors on warning effectiveness: the warning activation timing (before or after the opening of an email) and the presence of explanation messages in the warning. The study results indicate that warnings displayed after users have read the content of the email significantly reduce click-through rates, demonstrating greater effectiveness in preventing phishing. Furthermore, the presence of explanations also determined a lower click-through rate. Nevertheless, displaying warnings without explanation and simpler warnings for false positive emails may be necessary. The details of these findings were presented as lessons learned that can drive the design of more effective warning systems.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"93 ","pages":"Article 103982"},"PeriodicalIF":4.1000,"publicationDate":"2025-02-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Enhancing Phishing Defenses: The Impact of Timing and Explanations in Warnings for Email Clients\",\"authors\":\"Francesco Greco, Giuseppe Desolda, Paolo Buono, Antonio Piccinno\",\"doi\":\"10.1016/j.csi.2025.103982\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Phishing attacks continue to represent a significant risk to digital security due to their reliance on exploiting human vulnerabilities before those of computer systems. To try to limit the effectiveness of this threat, this paper explores new strategies to design warnings shown to users in the presence of suspicious phishing emails. A controlled experiment was conducted with 900 participants to investigate the impact of two factors on warning effectiveness: the warning activation timing (before or after the opening of an email) and the presence of explanation messages in the warning. The study results indicate that warnings displayed after users have read the content of the email significantly reduce click-through rates, demonstrating greater effectiveness in preventing phishing. Furthermore, the presence of explanations also determined a lower click-through rate. Nevertheless, displaying warnings without explanation and simpler warnings for false positive emails may be necessary. The details of these findings were presented as lessons learned that can drive the design of more effective warning systems.</div></div>\",\"PeriodicalId\":50635,\"journal\":{\"name\":\"Computer Standards & Interfaces\",\"volume\":\"93 \",\"pages\":\"Article 103982\"},\"PeriodicalIF\":4.1000,\"publicationDate\":\"2025-02-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computer Standards & Interfaces\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S092054892500011X\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Standards & Interfaces","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S092054892500011X","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

摘要

网络钓鱼攻击继续对数字安全构成重大风险，因为它们比计算机系统更依赖于利用人类漏洞。为了限制这种威胁的有效性，本文探讨了在可疑网络钓鱼电子邮件存在时向用户显示警告的新策略。我们对900名参与者进行了对照实验，研究了两个因素对警告有效性的影响：警告激活时间（打开电子邮件之前或之后）和警告中解释信息的存在。研究结果显示，在用户阅读电子邮件内容后显示的警告显著降低了点击率，表明在防止网络钓鱼方面更有效。此外，解释的存在也导致了较低的点击率。然而，可能有必要在没有解释的情况下显示警告，并对误报邮件进行更简单的警告。这些发现的细节被作为经验教训提出，可以推动设计更有效的预警系统。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Enhancing Phishing Defenses: The Impact of Timing and Explanations in Warnings for Email Clients

Phishing attacks continue to represent a significant risk to digital security due to their reliance on exploiting human vulnerabilities before those of computer systems. To try to limit the effectiveness of this threat, this paper explores new strategies to design warnings shown to users in the presence of suspicious phishing emails. A controlled experiment was conducted with 900 participants to investigate the impact of two factors on warning effectiveness: the warning activation timing (before or after the opening of an email) and the presence of explanation messages in the warning. The study results indicate that warnings displayed after users have read the content of the email significantly reduce click-through rates, demonstrating greater effectiveness in preventing phishing. Furthermore, the presence of explanations also determined a lower click-through rate. Nevertheless, displaying warnings without explanation and simpler warnings for false positive emails may be necessary. The details of these findings were presented as lessons learned that can drive the design of more effective warning systems.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Computer Standards & Interfaces 工程技术-计算机：软件工程

CiteScore

11.90

自引率

16.00%

发文量

审稿时长

6 months

期刊介绍： The quality of software, well-defined interfaces (hardware and software), the process of digitalisation, and accepted standards in these fields are essential for building and exploiting complex computing, communication, multimedia and measuring systems. Standards can simplify the design and construction of individual hardware and software components and help to ensure satisfactory interworking. Computer Standards & Interfaces is an international journal dealing specifically with these topics. The journal • Provides information about activities and progress on the definition of computer standards, software quality, interfaces and methods, at national, European and international levels • Publishes critical comments on standards and standards activities • Disseminates user''s experiences and case studies in the application and exploitation of established or emerging standards, interfaces and methods • Offers a forum for discussion on actual projects, standards, interfaces and methods by recognised experts • Stimulates relevant research by providing a specialised refereed medium.