Skip to main content
SpringerLink
Log in

Attempting to Reduce Susceptibility to Fraudulent Computer Pop-Ups Using Malevolence Cue Identification Training

  • Conference paper
  • First Online:
Advances in Human Factors in Cybersecurity (AHFE 2019)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 960))

Included in the following conference series:

  • 1243 Accesses

Abstract

People accept a high number of computer pop-ups containing cues that indicate malevolence when they occur as interrupting tasks during a cognitively demanding memory-based task [1, 2], with younger adults spending only 5.5ā€“6-s before making an accept or decline decision [2]. These findings may be explained by at least three factors: pressure to return to the suspended task to minimize forgetting; adopting non-cognitively demanding inspection strategies; and, having low levels of suspicion [3]. Consequences of such behavior could be potentially catastrophic for individuals and organizations (e.g., in the event of a successful cyber breach), and thus it is crucial to develop effective interventions to reduce susceptibility. The current experiment (Nā€‰=ā€‰50) tested the effectiveness of malevolence cue identification training (MCIT) interventions. During phase 1, participants performed a serial recall task with some trials interrupted by pop-up messages with accept or cancel options that either contained cues (e.g., missing company name, misspelt word) to malevolence (malevolent condition) or no cues (non-malevolent condition). In phase 2, participants were allocated to one of three groups: no MCIT/Control, non-incentivized MCIT/N-IMCIT, or incentivized MCIT/IMCIT. Control group participants only had to identify category-related words (e.g., colors). Participants in intervention conditions were explicitly made aware of the malevolence cues in Phase 1 pop-ups before performing trying to identify malevolence cues within adapted passages of text. The N-IMCIT group were told that their detection accuracy was being ranked against other participants, to induce social comparison. Phase 3 was similar to phase 1, although 50% of malevolent pop-ups contained new cues. MCIT did lead to a significant reduction in the number of malevolent pop-ups accepted under some conditions. Incentivized training did not (statistically) improve performance compared to non-incentivized training. Cue novelty had no effect. Ways of further improving the MCIT training protocol used, as well as theoretical implications, are discussed.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Morgan, P.L., Williams, E.J., Zook, N.A., Christopher, G.: Exploring older adult susceptibility to fraudulent computer pop-up interruptions. In: International Conference on Applied Human Factors and Ergonomics, pp. 56ā€“68. Springer, Cham (2018)

    Google ScholarĀ 

  2. Williams, E.J., Morgan, P.L., Joinson, A.N.: Press accept to update now: individual differences in susceptibility to malevolent interruptions. Decis. Support Syst. 96, 119ā€“129 (2017)

    ArticleĀ  Google ScholarĀ 

  3. Vishwanath, A., Harrison, B., Ng, Y.J.: Suspicion, cognition, and automaticity model of phishing susceptibility. Commun. Res. 45(8), 1ā€“21 (2016)

    Google ScholarĀ 

  4. Anti-Phishing Working Group (APWG). https://www.antiphishing.org/resources/apwg-reports/

  5. Department for Culture, Media & Sport.: Cyber security breaches survey 2017. https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/609186/Cyber_Security_Breaches_Survey_2017_main_report_PUBLIC.pdf

  6. National Cyber Security Centre.: Weekly threat report, 30 June 2017. https://www.ncsc.gov.uk/report/weekly-threat-report-30th-june2017

  7. Perera, D.: Researcher: Sony hackers used fake emails, Politico. https://www.politico.com/story/2015/04/sony-hackers-fake-emails-117200

  8. Forbes Cyber Security report. https://www.forbes.com/sites/ellistalton/2018/04/23/the-u-s-governments-lack-of-cybersecurity-expertise-threatens-our-infrastructure/#20d248be49e0

  9. HM Government. National cyber security strategy 2016ā€“2021. https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/567242/national_cyber_security_strategy_2016.pdf

  10. Conteh, N.Y., Schmick, P.J.: Cybersecurity: risks, vulnerabilities and countermeasures to prevent social engineering attacks. Int. J. Adv. Comput. Res. 6(23), 31 (2016)

    ArticleĀ  Google ScholarĀ 

  11. Downing, D., Covington, M., Covington, M., Barrett, C.A., Covington, S.: Dictionary of Computer and Internet Terms. Barronā€™s Educational Series, New York (2000)

    MATHĀ  Google ScholarĀ 

  12. Daintith, J., Wright, E.: A Dictionary of Computing. Oxford University Press, Oxford (2008)

    BookĀ  Google ScholarĀ 

  13. Norton How To 2018. https://us.norton.com/internetsecurity-how-to-the-importance-of-general-software-updates-and-patches.html

  14. Altmann, E.M., Trafton, J.G., Hambrick, D.Z.: Momentary interruptions can derail the train of thought. J. Exp. Psychol. Gen. 143(1), 215ā€“226 (2014)

    ArticleĀ  Google ScholarĀ 

  15. Hodgetts, H.M., Jones, D.M.: Interruption of the Tower of London task: support for a goal-activation approach. J. Exp. Psychol. Gen. 135(1), 103ā€“115 (2006)

    ArticleĀ  Google ScholarĀ 

  16. Monk, C.A., Trafton, J.G., Boehm-Davis, D.A.: The effect of interruption duration and demand on resuming suspended goals. J. Exp. Psychol. Appl. 14(4), 299ā€“313 (2008)

    ArticleĀ  Google ScholarĀ 

  17. Altmann, E.M., Trafton, J.G.: Memory for goals: an activation-based model. Cogn. Sci. 26, 39ā€“83 (2002)

    ArticleĀ  Google ScholarĀ 

  18. Altmann, E.M., Trafton, J.G.: Timecourse of recovery from task interruption: data and a model. Psychon. Bull. Rev. 14(6), 1079ā€“1084 (2017)

    ArticleĀ  Google ScholarĀ 

  19. Cacioppo, J.T., Petty, R.E., Feng Kao, C.: The efficient assessment of need for cognition. J. Pers. Assess. 48(3), 306ā€“307 (1984)

    ArticleĀ  Google ScholarĀ 

  20. Anandpara, V., Dingman, A., Jakobsson, M., Liu, D., Roinestad, H.: Phishing IQ tests measure fear, not ability. In: International Conference on Financial Cryptography and Data Security, pp. 362ā€“366. Springer, Berlin (2007)

    Google ScholarĀ 

  21. Downs, J.S., Holbrook, M.B., Cranor, L.F.: Decision strategies and susceptibility to phishing. In: Proceedings of the Second Symposium on Usable Privacy and Security, pp. 79ā€“90. ACM (2006)

    Google ScholarĀ 

  22. Kumaraguru, P., Sheng, S., Acquisti, A., Cranor, L.F., Hong, J.: Teaching Johnny not to fall for phish. ACM Trans. Internet Technol. (TOIT). 10(2), 1ā€“30 (2010)

    ArticleĀ  Google ScholarĀ 

  23. Clifford, M.M.: Effects of competition as a motivational technique in the classroom. Am. Educ. Res. J. 9(1), 123ā€“137 (1972)

    ArticleĀ  Google ScholarĀ 

  24. Aleman, J.L.F., de Gea, J.M.C., MondĆ©jar, J.J.R.: Effects of competitive computer-assisted learning versus conventional teaching methods on the acquisition and retention of knowledge in medical surgical nursing students. Nurse Educ. Today 31(8), 866ā€“871 (2011)

    ArticleĀ  Google ScholarĀ 

  25. Festinger, L.: A theory of social comparison processes. Hum. Relat. 7(2), 117ā€“140 (1954)

    ArticleĀ  Google ScholarĀ 

  26. Peirce, J.W.: PsychoPyā€”psychophysics software in Python. J. Neurosci. Methods 162(2), 8ā€“13 (2007)

    ArticleĀ  Google ScholarĀ 

Download references

Author information

Authors and Affiliations

  1. Cognitive Science and Human Factors, School of Psychology, Cardiff University, Cardiff, CF10 3AT, UK

    Phillip L. Morgan,Ā Robinson Soteriou,Ā Craig WilliamsĀ &Ā Qiyuan Zhang

  2. Cyber Psychology and Human Factors, Airbus Central R&T, The Quadrant, Celtic Springs Business Park, Newport, NP10 8FZ, UK

    Phillip L. Morgan,Ā Robinson Soteriou,Ā Craig WilliamsĀ &Ā Qiyuan Zhang

Authors
  1. Phillip L. Morgan
    View author publications

    You can also search for this author in PubMedĀ Google Scholar

  2. Robinson Soteriou
    View author publications

    You can also search for this author in PubMedĀ Google Scholar

  3. Craig Williams
    View author publications

    You can also search for this author in PubMedĀ Google Scholar

  4. Qiyuan Zhang
    View author publications

    You can also search for this author in PubMedĀ Google Scholar

Corresponding author

Correspondence to Phillip L. Morgan .

Editor information

Editors and Affiliations

  1. Institute for Advanced Systems Engineering, University of Central Florida, Orlando, FL, USA

    Tareq Ahram

  2. University of Central Florida, Orlando, FL, USA

    Waldemar Karwowski

Rights and permissions

Reprints and permissions

Copyright information

Ā© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Morgan, P.L., Soteriou, R., Williams, C., Zhang, Q. (2020). Attempting to Reduce Susceptibility to Fraudulent Computer Pop-Ups Using Malevolence Cue Identification Training. In: Ahram, T., Karwowski, W. (eds) Advances in Human Factors in Cybersecurity. AHFE 2019. Advances in Intelligent Systems and Computing, vol 960. Springer, Cham. https://doi.org/10.1007/978-3-030-20488-4_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-20488-4_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-20487-7

  • Online ISBN: 978-3-030-20488-4

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation