Investigating teenagers' ability to detect phishing messages

James Nicholson*, Yousra Javed, Matt Dixon, Lynne Coventry, Opeyemi Dele Ajayi, Philip Anderson

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

12 Citations (Scopus)

Abstract

Young people are increasingly becoming responsible for the security of their devices, yet do not appear to receive formal instruction on how to protect themselves online. In this paper, we investigate the phish detection performance of teenagers while exploring how their familiarity with a service affects their overall performance in identifying phishing messages. Our study with 83 teenagers finds that teenagers were poor at distinguishing between genuine and phishing messages in an experimental task, yet performance was not affected by the familiarity of the service. However, our participants exhibited riskier behavior when making decisions on unfamiliar messages, suggesting that this is an area for further exploration. We discuss the implications of the poor phishing performance for teenagers and explore possible avenues to improve their awareness of these attacks, e.g. through embedding training content within the school curriculum.
Original languageEnglish
Title of host publicationProceedings of 5th IEEE European Symposium on Security and Privacy Workshops
Place of PublicationPiscataway
PublisherIEEE
Pages140-149
Number of pages10
ISBN (Electronic)9781728185972
ISBN (Print)9781728185989
DOIs
Publication statusPublished - 22 Oct 2020
Externally publishedYes
Event5th IEEE European Symposium on Security and Privacy Workshops - virtual event
Duration: 7 Sep 202011 Sep 2020
Conference number: 5th

Conference

Conference5th IEEE European Symposium on Security and Privacy Workshops
Abbreviated titleEUROS&PW 2020
Period7/09/2011/09/20

Keywords

  • Social engineering
  • Teenagers
  • Phishing
  • Cybersecurity
  • Social factors

Fingerprint

Dive into the research topics of 'Investigating teenagers' ability to detect phishing messages'. Together they form a unique fingerprint.

Cite this