Abstract
People accept a high number of computer pop-ups containing cues that indicate malevolence when they occur as interrupting tasks during a cognitively demanding memory-based task [1, 2], with younger adults spending only 5.5ā6-s before making an accept or decline decision [2]. These findings may be explained by at least three factors: pressure to return to the suspended task to minimize forgetting; adopting non-cognitively demanding inspection strategies; and, having low levels of suspicion [3]. Consequences of such behavior could be potentially catastrophic for individuals and organizations (e.g., in the event of a successful cyber breach), and thus it is crucial to develop effective interventions to reduce susceptibility. The current experiment (Nā=ā50) tested the effectiveness of malevolence cue identification training (MCIT) interventions. During phase 1, participants performed a serial recall task with some trials interrupted by pop-up messages with accept or cancel options that either contained cues (e.g., missing company name, misspelt word) to malevolence (malevolent condition) or no cues (non-malevolent condition). In phase 2, participants were allocated to one of three groups: no MCIT/Control, non-incentivized MCIT/N-IMCIT, or incentivized MCIT/IMCIT. Control group participants only had to identify category-related words (e.g., colors). Participants in intervention conditions were explicitly made aware of the malevolence cues in Phase 1 pop-ups before performing trying to identify malevolence cues within adapted passages of text. The N-IMCIT group were told that their detection accuracy was being ranked against other participants, to induce social comparison. Phase 3 was similar to phase 1, although 50% of malevolent pop-ups contained new cues. MCIT did lead to a significant reduction in the number of malevolent pop-ups accepted under some conditions. Incentivized training did not (statistically) improve performance compared to non-incentivized training. Cue novelty had no effect. Ways of further improving the MCIT training protocol used, as well as theoretical implications, are discussed.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Morgan, P.L., Williams, E.J., Zook, N.A., Christopher, G.: Exploring older adult susceptibility to fraudulent computer pop-up interruptions. In: International Conference on Applied Human Factors and Ergonomics, pp. 56ā68. Springer, Cham (2018)
Williams, E.J., Morgan, P.L., Joinson, A.N.: Press accept to update now: individual differences in susceptibility to malevolent interruptions. Decis. Support Syst. 96, 119ā129 (2017)
Vishwanath, A., Harrison, B., Ng, Y.J.: Suspicion, cognition, and automaticity model of phishing susceptibility. Commun. Res. 45(8), 1ā21 (2016)
Anti-Phishing Working Group (APWG). https://www.antiphishing.org/resources/apwg-reports/
Department for Culture, Media & Sport.: Cyber security breaches survey 2017. https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/609186/Cyber_Security_Breaches_Survey_2017_main_report_PUBLIC.pdf
National Cyber Security Centre.: Weekly threat report, 30 June 2017. https://www.ncsc.gov.uk/report/weekly-threat-report-30th-june2017
Perera, D.: Researcher: Sony hackers used fake emails, Politico. https://www.politico.com/story/2015/04/sony-hackers-fake-emails-117200
Forbes Cyber Security report. https://www.forbes.com/sites/ellistalton/2018/04/23/the-u-s-governments-lack-of-cybersecurity-expertise-threatens-our-infrastructure/#20d248be49e0
HM Government. National cyber security strategy 2016ā2021. https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/567242/national_cyber_security_strategy_2016.pdf
Conteh, N.Y., Schmick, P.J.: Cybersecurity: risks, vulnerabilities and countermeasures to prevent social engineering attacks. Int. J. Adv. Comput. Res. 6(23), 31 (2016)
Downing, D., Covington, M., Covington, M., Barrett, C.A., Covington, S.: Dictionary of Computer and Internet Terms. Barronās Educational Series, New York (2000)
Daintith, J., Wright, E.: A Dictionary of Computing. Oxford University Press, Oxford (2008)
Norton How To 2018. https://us.norton.com/internetsecurity-how-to-the-importance-of-general-software-updates-and-patches.html
Altmann, E.M., Trafton, J.G., Hambrick, D.Z.: Momentary interruptions can derail the train of thought. J. Exp. Psychol. Gen. 143(1), 215ā226 (2014)
Hodgetts, H.M., Jones, D.M.: Interruption of the Tower of London task: support for a goal-activation approach. J. Exp. Psychol. Gen. 135(1), 103ā115 (2006)
Monk, C.A., Trafton, J.G., Boehm-Davis, D.A.: The effect of interruption duration and demand on resuming suspended goals. J. Exp. Psychol. Appl. 14(4), 299ā313 (2008)
Altmann, E.M., Trafton, J.G.: Memory for goals: an activation-based model. Cogn. Sci. 26, 39ā83 (2002)
Altmann, E.M., Trafton, J.G.: Timecourse of recovery from task interruption: data and a model. Psychon. Bull. Rev. 14(6), 1079ā1084 (2017)
Cacioppo, J.T., Petty, R.E., Feng Kao, C.: The efficient assessment of need for cognition. J. Pers. Assess. 48(3), 306ā307 (1984)
Anandpara, V., Dingman, A., Jakobsson, M., Liu, D., Roinestad, H.: Phishing IQ tests measure fear, not ability. In: International Conference on Financial Cryptography and Data Security, pp. 362ā366. Springer, Berlin (2007)
Downs, J.S., Holbrook, M.B., Cranor, L.F.: Decision strategies and susceptibility to phishing. In: Proceedings of the Second Symposium on Usable Privacy and Security, pp. 79ā90. ACM (2006)
Kumaraguru, P., Sheng, S., Acquisti, A., Cranor, L.F., Hong, J.: Teaching Johnny not to fall for phish. ACM Trans. Internet Technol. (TOIT). 10(2), 1ā30 (2010)
Clifford, M.M.: Effects of competition as a motivational technique in the classroom. Am. Educ. Res. J. 9(1), 123ā137 (1972)
Aleman, J.L.F., de Gea, J.M.C., MondĆ©jar, J.J.R.: Effects of competitive computer-assisted learning versus conventional teaching methods on the acquisition and retention of knowledge in medical surgical nursing students. Nurse Educ. Today 31(8), 866ā871 (2011)
Festinger, L.: A theory of social comparison processes. Hum. Relat. 7(2), 117ā140 (1954)
Peirce, J.W.: PsychoPyāpsychophysics software in Python. J. Neurosci. Methods 162(2), 8ā13 (2007)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
Ā© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Morgan, P.L., Soteriou, R., Williams, C., Zhang, Q. (2020). Attempting to Reduce Susceptibility to Fraudulent Computer Pop-Ups Using Malevolence Cue Identification Training. In: Ahram, T., Karwowski, W. (eds) Advances in Human Factors in Cybersecurity. AHFE 2019. Advances in Intelligent Systems and Computing, vol 960. Springer, Cham. https://doi.org/10.1007/978-3-030-20488-4_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-20488-4_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-20487-7
Online ISBN: 978-3-030-20488-4
eBook Packages: EngineeringEngineering (R0)