부산대학교 도서관

Owing to the increase in 'certified' phishing websites, there is a steady increase in the number of phishing cases and general susceptibility to phishing. Trust mechanisms (e.g., HTTPS Lock Indicators, SSL Certificates) that help differentiate genuine and phishing websites should therefore be evaluated for their effectiveness in preventing vulnerable users from accessing phishing websites. In this article, we present a study involving 18 adults (male-6; female-12) and 12 older adults (male-4; female-8) to understand the usability of current trust mechanisms and preferred modalities in a conceptualized mechanism. In the first part of the study, using Chrome browser on Android, we asked the participants to browse a banking website and a government website for digital particulars. We asked them to identify which one of the two was a phishing website, rate the usability of both websites and provide qualitative feedback on the trust mechanisms. In the second part, we conceptualized an alternative trust mechanism, which allows seeking social, community and AI-based support to make website trust-related decisions. Herein, we asked the participants as to which modality (social, community or AI) they prefer to seek support from and why it is preferred. Using the current trust mechanisms, none of the participants were able to identify the phishing website. As the participants rated the current mechanisms poorly in terms of usability, they expressed various difficulties that largely did not differ between adults and older adults. In the conceptualized mechanism, we observed a notable difference in the preferred modalities, in that, older adults primarily preferred social support. In addition to these overall findings, specific observations suggest that future trust mechanisms should not only consider age-specific needs but also incorporate substantial improvement in terms of usability.
Comment: This version was last submitted to EuroUSEC 2023 - European Symposium on Usable Security. It was later invited for poster submission at the same conference